How to test from group membership with Powershell

Posted on 2010-04-01
Medium Priority
Last Modified: 2012-05-09
Hi All,

I am using the Quest AD tool in conjuction with powershell to remove users from a group, I need a way to quickly check if a user belongs to the group before issuing the instruction to remove the user from the group.

I need something to return a boolean ideally, in VB you can use ISMember I think, all the powershell examples I have found so far enumerates the group and check if the user is a member, this method will slow my script down big time. If there's nothing that can do it natively in powershell perhaps accessing .NET object via powershell..

Any ideas????

Thanks in advance

Question by:Stevolee
  • 3
  • 2
LVL 71

Accepted Solution

Chris Dent earned 2000 total points
ID: 29351714

Which do you have a connection to at that point in the script, user or group?

If you've got the user, look at the MemberOf attribute and see if the group exists.

If you have the group, look at Member.

You can use the IsMember method in PowerShell as well. e.g.:

$Group = [ADSI]"LDAP://CN=Domain Admins,CN=Users,DC=domain,DC=com"
$Group.IsMember("LDAP://CN=Some Users,OU=Somewhere,DC=domain,DC=com")

Whether it's fastest depends on what connections you have at that point in the script.


Author Comment

ID: 29361583
Hi Chris,
I have the connection set to the user can you please
post a sample code for that...

Thx Steve
LVL 71

Expert Comment

by:Chris Dent
ID: 29446033

Sure :)

A spot of string comparison should work (even if it is a bit basic), you have to make MemberOf a string first, like this:

$User = Get-QADUser "SomeUser"
If ("$($User.MemberOf)" -Match "SomeGroupName")
  Remove-QADGroupMember "SomeGroupName" -Member $User.DN

Nothing to test that against here, you'll have to do that part I'm afraid.



Author Comment

ID: 29447112
Thanks for the update will test and get back to you...

Author Closing Comment

ID: 31709930
Thanks for the info Chris much appreciated!

Featured Post

Free Tool: IP Lookup

Get more info about an IP address or domain name, such as organization, abuse contacts and geolocation.

One of a set of tools we are providing to everyone as a way of saying thank you for being a part of the community.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Recently we ran in to an issue while running some SQL jobs where we were trying to process the cubes.  We got an error saying failure stating 'NT SERVICE\SQLSERVERAGENT does not have access to Analysis Services. So this is a way to automate that wit…
You have missed a phone call. The number looks like it belongs to the bunch of numbers which your company uses. How to find out who has just called you?
Loops Section Overview
Screencast - Getting to Know the Pipeline
Suggested Courses

601 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question