Want to win a PS4? Go Premium and enter to win our High-Tech Treats giveaway. Enter to Win

x
?
Solved

Help with a PowerShell script that will identify users not members of a particular group

Posted on 2009-05-19
4
Medium Priority
?
367 Views
Last Modified: 2012-05-07
Hello All,

Our director's boss was trying to send a global email and received a hand full of non-delivery reports.  He was not happy about this and tasked us with making sure all domain users are part of a mail enabled security group called Global.

I want to use PowerShell to get a list of users that are not part of the Global group.  I have the Quest Active Directory commandlets loaded, so I'm using those in my attempts.  Here is what I thought would work:
          get-qaduser | where{$_.memberof -ne "global"}
This isn't returning what I expected.  I'm getting a message about only displaying the first 1000 results.  Based on the number of non-delivery reports our director's boss received, there should only be between 50 and 75 users that are not part of the Global group.

Any help would be greatly appreciated.

regards,
Nick
0
Comment
Question by:ndalmolin_13
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 3
4 Comments
 
LVL 71

Accepted Solution

by:
Chris Dent earned 2000 total points
ID: 24423422

Hey,

Get-QADUser -LdapFilter "(!(memberOf=CN=TheGroup,DC=SomeOU,DC=yourdomain,DC=com))"

You can't get around needing the full path to the group if using an LDAP filter, but it is the most efficient way of finding those who aren't in that group.

Technically you shouldn't need the extra parentheses in the filter, but Get-QADUser gets confused about the filter if you miss them off.

Chris
0
 
LVL 1

Author Comment

by:ndalmolin_13
ID: 24423446
Found the answer.
          -    Get-Qaduser -NotMemberOf Global
0
 
LVL 71

Expert Comment

by:Chris Dent
ID: 24423473

The Where-Object alternative is....

Get-QADUser | ?{ !($_.MemberOf -Match "Global") }

The LdapFilter is more efficient though.

Chris
0
 
LVL 71

Expert Comment

by:Chris Dent
ID: 24423475

lol or that :)

Chris
0

Featured Post

VIDEO: THE CONCERTO CLOUD FOR HEALTHCARE

Modern healthcare requires a modern cloud. View this brief video to understand how the Concerto Cloud for Healthcare can help your organization.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Here's a look at newsworthy articles and community happenings during the last month.
Originally, this post was published on Monitis Blog, you can check it here . In business circles, we sometimes hear that today is the “age of the customer.” And so it is. Thanks to the enormous advances over the past few years in consumer techno…
Video by: Mark
This lesson goes over how to construct ordered and unordered lists and how to create hyperlinks.
Exchange organizations may use the Journaling Agent of the Transport Service to archive messages going through Exchange. However, if the Transport Service is integrated with some email content management application (such as an antispam), the admini…
Suggested Courses

609 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question