Help with a PowerShell script that will identify users not members of a particular group

Hello All,

Our director's boss was trying to send a global email and received a hand full of non-delivery reports.  He was not happy about this and tasked us with making sure all domain users are part of a mail enabled security group called Global.

I want to use PowerShell to get a list of users that are not part of the Global group.  I have the Quest Active Directory commandlets loaded, so I'm using those in my attempts.  Here is what I thought would work:
          get-qaduser | where{$_.memberof -ne "global"}
This isn't returning what I expected.  I'm getting a message about only displaying the first 1000 results.  Based on the number of non-delivery reports our director's boss received, there should only be between 50 and 75 users that are not part of the Global group.

Any help would be greatly appreciated.

regards,
Nick
LVL 1
ndalmolin_13Asked:
Who is Participating?
 
Chris DentConnect With a Mentor PowerShell DeveloperCommented:

Hey,

Get-QADUser -LdapFilter "(!(memberOf=CN=TheGroup,DC=SomeOU,DC=yourdomain,DC=com))"

You can't get around needing the full path to the group if using an LDAP filter, but it is the most efficient way of finding those who aren't in that group.

Technically you shouldn't need the extra parentheses in the filter, but Get-QADUser gets confused about the filter if you miss them off.

Chris
0
 
ndalmolin_13Author Commented:
Found the answer.
          -    Get-Qaduser -NotMemberOf Global
0
 
Chris DentPowerShell DeveloperCommented:

The Where-Object alternative is....

Get-QADUser | ?{ !($_.MemberOf -Match "Global") }

The LdapFilter is more efficient though.

Chris
0
 
Chris DentPowerShell DeveloperCommented:

lol or that :)

Chris
0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

All Courses

From novice to tech pro — start learning today.