?
Solved

Help with a PowerShell script that will identify users not members of a particular group

Posted on 2009-05-19
4
Medium Priority
?
368 Views
Last Modified: 2012-05-07
Hello All,

Our director's boss was trying to send a global email and received a hand full of non-delivery reports.  He was not happy about this and tasked us with making sure all domain users are part of a mail enabled security group called Global.

I want to use PowerShell to get a list of users that are not part of the Global group.  I have the Quest Active Directory commandlets loaded, so I'm using those in my attempts.  Here is what I thought would work:
          get-qaduser | where{$_.memberof -ne "global"}
This isn't returning what I expected.  I'm getting a message about only displaying the first 1000 results.  Based on the number of non-delivery reports our director's boss received, there should only be between 50 and 75 users that are not part of the Global group.

Any help would be greatly appreciated.

regards,
Nick
0
Comment
Question by:ndalmolin_13
  • 3
4 Comments
 
LVL 71

Accepted Solution

by:
Chris Dent earned 2000 total points
ID: 24423422

Hey,

Get-QADUser -LdapFilter "(!(memberOf=CN=TheGroup,DC=SomeOU,DC=yourdomain,DC=com))"

You can't get around needing the full path to the group if using an LDAP filter, but it is the most efficient way of finding those who aren't in that group.

Technically you shouldn't need the extra parentheses in the filter, but Get-QADUser gets confused about the filter if you miss them off.

Chris
0
 
LVL 1

Author Comment

by:ndalmolin_13
ID: 24423446
Found the answer.
          -    Get-Qaduser -NotMemberOf Global
0
 
LVL 71

Expert Comment

by:Chris Dent
ID: 24423473

The Where-Object alternative is....

Get-QADUser | ?{ !($_.MemberOf -Match "Global") }

The LdapFilter is more efficient though.

Chris
0
 
LVL 71

Expert Comment

by:Chris Dent
ID: 24423475

lol or that :)

Chris
0

Featured Post

Upgrade your Question Security!

Add Premium security features to your question to ensure its privacy or anonymity. Learn more about your ability to control Question Security today.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

This process allows computer passwords to be managed and secured without using LAPS. This is an improvement on an existing process, enhanced to store password encrypted, instead of clear-text files within SQL
Let's recap what we learned from yesterday's Skyport Systems webinar.
This tutorial will teach you the core code needed to finalize the addition of a watermark to your image. The viewer will use a small PHP class to learn and create a watermark.
There are cases when e.g. an IT administrator wants to have full access and view into selected mailboxes on Exchange server, directly from his own email account in Outlook or Outlook Web Access. This proves useful when for example administrator want…
Suggested Courses
Course of the Month13 days, 16 hours left to enroll

807 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question