Go Premium for a chance to win a PS4. Enter to Win

x
?
Solved

Finding users who are NOT in a group/groups

Posted on 2011-03-02
13
Medium Priority
?
745 Views
Last Modified: 2012-05-11
I need to identify users who do not have a disclaimer configured in Exchange, there are many disclaimer groups all starting:

grp_Email_footer

So I have a list of all users I want to target with the script and want to return all users whos allmemberof attribute does not contain the string "grp_email_footer"

As far as I can see the following should do the trick, but it is returning ALL users from the imput file and I know that there are many it should not be returning as they have disclaimers configured:

Import-Csv "C:\SCRIPTS\test.csv" | `
foreach {
$Name = $_.DisplayName
Get-QADUser "$NAME" -IncludedProperties TargetAddress | ? {$_.allmemberof -notlike "grp_Email_footer_"}} | Select Name,SamAccountName,EMail,TargetAddress | Export-Csv -notype C:\SCRIPTS\TEST-OUTPUT.csv


Can anyone see where I am going wrong here? Or suggest an alternate angle of attack to the problem?

Ta

0
Comment
Question by:mat_sullivan
  • 7
  • 6
13 Comments
 
LVL 5

Expert Comment

by:daveTechSearch
ID: 35021044
try changing this:

? {$_.allmemberof -notlike "grp_Email_footer_"}}

to this:

? {$_.allmemberof -notcontains "grp_Email_footer_"}}
0
 
LVL 5

Expert Comment

by:daveTechSearch
ID: 35021298
give this a try
Import-csv "C:\SCRIPTS\test.csv" |
foreach{
$Name = $_.DisplayName
get-qaduser $name | where {get-qadgroup "grp_Email_footer_" -containsmember $name}
}

Open in new window

0
 
LVL 5

Expert Comment

by:daveTechSearch
ID: 35021509
sorry... messed that up slightly (i tested the reverse 'does contain')
Import-csv "C:\SCRIPTS\test.csv" |
@(foreach{
$Name = $_.DisplayName
get-qaduser $name -IncludedProperties TargetAddress | 
where {get-qadgroup "grp_Email_footer_" -notcontainsmember $name}}) | 
Select Name,SamAccountName,EMail,TargetAddress | 
Export-Csv -notype C:\SCRIPTS\TEST-OUTPUT.csv

Open in new window

0
Get your Disaster Recovery as a Service basics

Disaster Recovery as a Service is one go-to solution that revolutionizes DR planning. Implementing DRaaS could be an efficient process, easily accessible to non-DR experts. Learn about monitoring, testing, executing failovers and failbacks to ensure a "healthy" DR environment.

 
LVL 4

Author Comment

by:mat_sullivan
ID: 35025497
When I run you version I ver the following

Missing opening '(' after keyword 'foreach'.
At line:2 char:11
+ @(foreach  <<<< {
    + CategoryInfo          : ParserError: (OpenParenToken:TokenI
    + FullyQualifiedErrorId : MissingOpenParenthesisAfterKeyword
0
 
LVL 5

Expert Comment

by:daveTechSearch
ID: 35028620
slightly modified
$queryGroup = "grp_Email_footer_"

@(foreach($_ in (import-csv "C:\temp\test.csv")) {
$Name = $_.DisplayName
get-qaduser $name -IncludedProperties TargetAddress | 
where {get-qadgroup $queryGroup -notcontainsmember $name}}) | 
Select Name,SamAccountName,EMail,TargetAddress | 
Export-Csv -notype C:\SCRIPTS\TEST-OUTPUT.csv

Open in new window

0
 
LVL 4

Author Comment

by:mat_sullivan
ID: 35028915
I am running this against a test file containing two users, one in a disclaimer group and one not in a disclaimer group. It is currently returning both users in the output, your script looks correct as far as I can tell so I would expect it the output to contain only one row, or maybe it could return all but with a true/false indicator of group membership?

This is quite frustrating as I can't see why it isn't working!
0
 
LVL 5

Expert Comment

by:daveTechSearch
ID: 35029015
hmmm... odd... I can have  another look in a bit... my test was very similar to yours (two users, but a different group)..
0
 
LVL 5

Expert Comment

by:daveTechSearch
ID: 35029283
Well... I just ran a test and the script is working for me... I exported output for my 'regular' account and my 'domain admin' account to CSV for the query...  queried against the group "Domain admins"... my 'regular' account was returned as the one that is  NOT a member of "Domain admins"

This is what I just ran...
$queryGroup = "Domain Admins"

@(foreach($_ in (import-csv "C:\temp\test.csv")) {
$Name = $_.DisplayName
get-qaduser $name -IncludedProperties TargetAddress | 
where {get-qadgroup $queryGroup -notcontainsmember $name}}) | 
Select Name,SamAccountName,EMail,TargetAddress | 
Export-Csv -notype C:\temp\TEST-OUTPUT.csv

Open in new window

0
 
LVL 4

Author Comment

by:mat_sullivan
ID: 35034487
One other thing, "grp_Email_footer_" is not the actual group name, there are 20 disclaimer Distribution Groups but they all beging wth:

GRP_Email_footer_

Could this be a factor that is stopping the script returning the correct output?

The desired result is for it to return users who are not a member of any of the 20 possible Distribution Groups.

0
 
LVL 4

Author Comment

by:mat_sullivan
ID: 35034529
I have just ran the script and specified the exact group name that the test user is a member of and it works as expected, only returning the user not in the group in the output, but as above I would like to run the input file against a number of groups and return only users who are in none of them. How easy is this to accomplish?

0
 
LVL 5

Accepted Solution

by:
daveTechSearch earned 2000 total points
ID: 35037860
This should work for you... changed it up a tad
$queryGroups = get-qadgroup 'GRP_Email_footer_*'

@(foreach($_ in (import-csv "C:\temp\test.csv")) {
$Name = $_.DisplayName
get-qaduser $name -IncludedProperties TargetAddress -notmemberof $queryGroups
}) | 
Select Name,SamAccountName,EMail,TargetAddress | 
Export-Csv -notype C:\temp\TEST-OUTPUT.csv

Open in new window

0
 
LVL 4

Author Comment

by:mat_sullivan
ID: 35067925
Sorry, just seen this update! Will test and come back.
0
 
LVL 4

Author Comment

by:mat_sullivan
ID: 35081509
This has done the trick! Took about 12 hours to run though! 6000+ records against a DC 5000 miles away etc... so not entirely unexpected.

Many thanks!
0

Featured Post

Creating Active Directory Users from a Text File

If your organization has a need to mass-create AD user accounts, watch this video to see how its done without the need for scripting or other unnecessary complexities.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

A walk-through example of how to obtain and apply new DID phone numbers to your cloud PBX enabled users that are configured in Office 365. Whether you have 1, 10 or 100+ users in your tenant, it's quite easy to get them phone-enabled and making/rece…
Measuring Server's processing rate with a simple powershell command. The differences in processing rate also was recorded in different use-cases, when a server in free and busy states.
Screencast - Getting to Know the Pipeline
Whether it be Exchange Server Crash Issues, Dirty Shutdown Errors or Failed to mount error, Stellar Phoenix Mailbox Exchange Recovery has always got your back. With the help of its easy to understand user interface and 3 simple steps recovery proced…

877 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question