Solved

Finding users who are NOT in a group/groups

Posted on 2011-03-02
13
734 Views
Last Modified: 2012-05-11
I need to identify users who do not have a disclaimer configured in Exchange, there are many disclaimer groups all starting:

grp_Email_footer

So I have a list of all users I want to target with the script and want to return all users whos allmemberof attribute does not contain the string "grp_email_footer"

As far as I can see the following should do the trick, but it is returning ALL users from the imput file and I know that there are many it should not be returning as they have disclaimers configured:

Import-Csv "C:\SCRIPTS\test.csv" | `
foreach {
$Name = $_.DisplayName
Get-QADUser "$NAME" -IncludedProperties TargetAddress | ? {$_.allmemberof -notlike "grp_Email_footer_"}} | Select Name,SamAccountName,EMail,TargetAddress | Export-Csv -notype C:\SCRIPTS\TEST-OUTPUT.csv


Can anyone see where I am going wrong here? Or suggest an alternate angle of attack to the problem?

Ta

0
Comment
Question by:mat_sullivan
  • 7
  • 6
13 Comments
 
LVL 5

Expert Comment

by:daveTechSearch
ID: 35021044
try changing this:

? {$_.allmemberof -notlike "grp_Email_footer_"}}

to this:

? {$_.allmemberof -notcontains "grp_Email_footer_"}}
0
 
LVL 5

Expert Comment

by:daveTechSearch
ID: 35021298
give this a try
Import-csv "C:\SCRIPTS\test.csv" |
foreach{
$Name = $_.DisplayName
get-qaduser $name | where {get-qadgroup "grp_Email_footer_" -containsmember $name}
}

Open in new window

0
 
LVL 5

Expert Comment

by:daveTechSearch
ID: 35021509
sorry... messed that up slightly (i tested the reverse 'does contain')
Import-csv "C:\SCRIPTS\test.csv" |
@(foreach{
$Name = $_.DisplayName
get-qaduser $name -IncludedProperties TargetAddress | 
where {get-qadgroup "grp_Email_footer_" -notcontainsmember $name}}) | 
Select Name,SamAccountName,EMail,TargetAddress | 
Export-Csv -notype C:\SCRIPTS\TEST-OUTPUT.csv

Open in new window

0
 
LVL 4

Author Comment

by:mat_sullivan
ID: 35025497
When I run you version I ver the following

Missing opening '(' after keyword 'foreach'.
At line:2 char:11
+ @(foreach  <<<< {
    + CategoryInfo          : ParserError: (OpenParenToken:TokenI
    + FullyQualifiedErrorId : MissingOpenParenthesisAfterKeyword
0
 
LVL 5

Expert Comment

by:daveTechSearch
ID: 35028620
slightly modified
$queryGroup = "grp_Email_footer_"

@(foreach($_ in (import-csv "C:\temp\test.csv")) {
$Name = $_.DisplayName
get-qaduser $name -IncludedProperties TargetAddress | 
where {get-qadgroup $queryGroup -notcontainsmember $name}}) | 
Select Name,SamAccountName,EMail,TargetAddress | 
Export-Csv -notype C:\SCRIPTS\TEST-OUTPUT.csv

Open in new window

0
 
LVL 4

Author Comment

by:mat_sullivan
ID: 35028915
I am running this against a test file containing two users, one in a disclaimer group and one not in a disclaimer group. It is currently returning both users in the output, your script looks correct as far as I can tell so I would expect it the output to contain only one row, or maybe it could return all but with a true/false indicator of group membership?

This is quite frustrating as I can't see why it isn't working!
0
IT, Stop Being Called Into Every Meeting

Highfive is so simple that setting up every meeting room takes just minutes and every employee will be able to start or join a call from any room with ease. Never be called into a meeting just to get it started again. This is how video conferencing should work!

 
LVL 5

Expert Comment

by:daveTechSearch
ID: 35029015
hmmm... odd... I can have  another look in a bit... my test was very similar to yours (two users, but a different group)..
0
 
LVL 5

Expert Comment

by:daveTechSearch
ID: 35029283
Well... I just ran a test and the script is working for me... I exported output for my 'regular' account and my 'domain admin' account to CSV for the query...  queried against the group "Domain admins"... my 'regular' account was returned as the one that is  NOT a member of "Domain admins"

This is what I just ran...
$queryGroup = "Domain Admins"

@(foreach($_ in (import-csv "C:\temp\test.csv")) {
$Name = $_.DisplayName
get-qaduser $name -IncludedProperties TargetAddress | 
where {get-qadgroup $queryGroup -notcontainsmember $name}}) | 
Select Name,SamAccountName,EMail,TargetAddress | 
Export-Csv -notype C:\temp\TEST-OUTPUT.csv

Open in new window

0
 
LVL 4

Author Comment

by:mat_sullivan
ID: 35034487
One other thing, "grp_Email_footer_" is not the actual group name, there are 20 disclaimer Distribution Groups but they all beging wth:

GRP_Email_footer_

Could this be a factor that is stopping the script returning the correct output?

The desired result is for it to return users who are not a member of any of the 20 possible Distribution Groups.

0
 
LVL 4

Author Comment

by:mat_sullivan
ID: 35034529
I have just ran the script and specified the exact group name that the test user is a member of and it works as expected, only returning the user not in the group in the output, but as above I would like to run the input file against a number of groups and return only users who are in none of them. How easy is this to accomplish?

0
 
LVL 5

Accepted Solution

by:
daveTechSearch earned 500 total points
ID: 35037860
This should work for you... changed it up a tad
$queryGroups = get-qadgroup 'GRP_Email_footer_*'

@(foreach($_ in (import-csv "C:\temp\test.csv")) {
$Name = $_.DisplayName
get-qaduser $name -IncludedProperties TargetAddress -notmemberof $queryGroups
}) | 
Select Name,SamAccountName,EMail,TargetAddress | 
Export-Csv -notype C:\temp\TEST-OUTPUT.csv

Open in new window

0
 
LVL 4

Author Comment

by:mat_sullivan
ID: 35067925
Sorry, just seen this update! Will test and come back.
0
 
LVL 4

Author Comment

by:mat_sullivan
ID: 35081509
This has done the trick! Took about 12 hours to run though! 6000+ records against a DC 5000 miles away etc... so not entirely unexpected.

Many thanks!
0

Featured Post

Do You Know the 4 Main Threat Actor Types?

Do you know the main threat actor types? Most attackers fall into one of four categories, each with their own favored tactics, techniques, and procedures.

Join & Write a Comment

Suggested Solutions

Exchange server is not supported in any cloud-hosted platform (other than Azure with Azure Premium Storage).
Create and license users in Office 365 in bulk based on a CSV file. A step-by-step guide with PowerShell script examples.
In this video we show how to create a Resource Mailbox in Exchange 2013. We show this process by using the Exchange Admin Center. Log into Exchange Admin Center.: Navigate to the Recipients >> Resources tab.: "Recipients" is our default selection …
In this video we show how to create an Accepted Domain in Exchange 2013. We show this process by using the Exchange Admin Center. Log into Exchange Admin Center.: First we need to log into the Exchange Admin Center. Navigate to the Mail Flow >> Ac…

708 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

17 Experts available now in Live!

Get 1:1 Help Now