Solved

Help with a PowerShell script that will identify users not members of a particular group

Posted on 2009-05-19
4
357 Views
Last Modified: 2012-05-07
Hello All,

Our director's boss was trying to send a global email and received a hand full of non-delivery reports.  He was not happy about this and tasked us with making sure all domain users are part of a mail enabled security group called Global.

I want to use PowerShell to get a list of users that are not part of the Global group.  I have the Quest Active Directory commandlets loaded, so I'm using those in my attempts.  Here is what I thought would work:
          get-qaduser | where{$_.memberof -ne "global"}
This isn't returning what I expected.  I'm getting a message about only displaying the first 1000 results.  Based on the number of non-delivery reports our director's boss received, there should only be between 50 and 75 users that are not part of the Global group.

Any help would be greatly appreciated.

regards,
Nick
0
Comment
Question by:ndalmolin_13
  • 3
4 Comments
 
LVL 70

Accepted Solution

by:
Chris Dent earned 500 total points
ID: 24423422

Hey,

Get-QADUser -LdapFilter "(!(memberOf=CN=TheGroup,DC=SomeOU,DC=yourdomain,DC=com))"

You can't get around needing the full path to the group if using an LDAP filter, but it is the most efficient way of finding those who aren't in that group.

Technically you shouldn't need the extra parentheses in the filter, but Get-QADUser gets confused about the filter if you miss them off.

Chris
0
 
LVL 1

Author Comment

by:ndalmolin_13
ID: 24423446
Found the answer.
          -    Get-Qaduser -NotMemberOf Global
0
 
LVL 70

Expert Comment

by:Chris Dent
ID: 24423473

The Where-Object alternative is....

Get-QADUser | ?{ !($_.MemberOf -Match "Global") }

The LdapFilter is more efficient though.

Chris
0
 
LVL 70

Expert Comment

by:Chris Dent
ID: 24423475

lol or that :)

Chris
0

Join & Write a Comment

"Migrate" an SMTP relay receive connector to a new server using info from an old server.
Synchronize a new Active Directory domain with an existing Office 365 tenant
Learn how to match and substitute tagged data using PHP regular expressions. Demonstrated on Windows 7, but also applies to other operating systems. Demonstrated technique applies to PHP (all versions) and Firefox, but very similar techniques will w…
This tutorial will walk an individual through the process of transferring the five major, necessary Active Directory Roles, commonly referred to as the FSMO roles from a Windows Server 2008 domain controller to a Windows Server 2012 domain controlle…

743 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

16 Experts available now in Live!

Get 1:1 Help Now