?
Solved

Help with a PowerShell script that will identify users not members of a particular group

Posted on 2009-05-19
4
Medium Priority
?
366 Views
Last Modified: 2012-05-07
Hello All,

Our director's boss was trying to send a global email and received a hand full of non-delivery reports.  He was not happy about this and tasked us with making sure all domain users are part of a mail enabled security group called Global.

I want to use PowerShell to get a list of users that are not part of the Global group.  I have the Quest Active Directory commandlets loaded, so I'm using those in my attempts.  Here is what I thought would work:
          get-qaduser | where{$_.memberof -ne "global"}
This isn't returning what I expected.  I'm getting a message about only displaying the first 1000 results.  Based on the number of non-delivery reports our director's boss received, there should only be between 50 and 75 users that are not part of the Global group.

Any help would be greatly appreciated.

regards,
Nick
0
Comment
Question by:ndalmolin_13
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 3
4 Comments
 
LVL 71

Accepted Solution

by:
Chris Dent earned 2000 total points
ID: 24423422

Hey,

Get-QADUser -LdapFilter "(!(memberOf=CN=TheGroup,DC=SomeOU,DC=yourdomain,DC=com))"

You can't get around needing the full path to the group if using an LDAP filter, but it is the most efficient way of finding those who aren't in that group.

Technically you shouldn't need the extra parentheses in the filter, but Get-QADUser gets confused about the filter if you miss them off.

Chris
0
 
LVL 1

Author Comment

by:ndalmolin_13
ID: 24423446
Found the answer.
          -    Get-Qaduser -NotMemberOf Global
0
 
LVL 71

Expert Comment

by:Chris Dent
ID: 24423473

The Where-Object alternative is....

Get-QADUser | ?{ !($_.MemberOf -Match "Global") }

The LdapFilter is more efficient though.

Chris
0
 
LVL 71

Expert Comment

by:Chris Dent
ID: 24423475

lol or that :)

Chris
0

Featured Post

Need protection from advanced malware attacks?

Look no further than WatchGuard's Total Security Suite, providing defense in depth against today's most headlining attacks like Petya 2.0 and WannaCry. Keep your organization out of the news with protection from known and unknown threats.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Auditing domain password hashes is a commonly overlooked but critical requirement to ensuring secure passwords practices are followed. Methods exist to extract hashes directly for a live domain however this article describes a process to extract u…
Group policies can be applied selectively to specific devices with the help of groups. Utilising this, it is possible to phase-in group policies, over a period of time, by randomly adding non-members user or computers at a set interval, to a group f…
The viewer will learn how to create a basic form using some HTML5 and PHP for later processing. Set up your basic HTML file. Open your form tag and set the method and action attributes.: (CODE) Set up your first few inputs one for the name and …
Microsoft Active Directory, the widely used IT infrastructure, is known for its high risk of credential theft. The best way to test your Active Directory’s vulnerabilities to pass-the-ticket, pass-the-hash, privilege escalation, and malware attacks …
Suggested Courses

801 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question