Finding users who are NOT in a group/groups

I need to identify users who do not have a disclaimer configured in Exchange, there are many disclaimer groups all starting:

grp_Email_footer

So I have a list of all users I want to target with the script and want to return all users whos allmemberof attribute does not contain the string "grp_email_footer"

As far as I can see the following should do the trick, but it is returning ALL users from the imput file and I know that there are many it should not be returning as they have disclaimers configured:

Import-Csv "C:\SCRIPTS\test.csv" | `
foreach {
$Name = $_.DisplayName
Get-QADUser "$NAME" -IncludedProperties TargetAddress | ? {$_.allmemberof -notlike "grp_Email_footer_"}} | Select Name,SamAccountName,EMail,TargetAddress | Export-Csv -notype C:\SCRIPTS\TEST-OUTPUT.csv


Can anyone see where I am going wrong here? Or suggest an alternate angle of attack to the problem?

Ta

LVL 4
mat_sullivanInfrastructure EngineerAsked:
Who is Participating?
 
daveTechSearchConnect With a Mentor Commented:
This should work for you... changed it up a tad
$queryGroups = get-qadgroup 'GRP_Email_footer_*'

@(foreach($_ in (import-csv "C:\temp\test.csv")) {
$Name = $_.DisplayName
get-qaduser $name -IncludedProperties TargetAddress -notmemberof $queryGroups
}) | 
Select Name,SamAccountName,EMail,TargetAddress | 
Export-Csv -notype C:\temp\TEST-OUTPUT.csv

Open in new window

0
 
daveTechSearchCommented:
try changing this:

? {$_.allmemberof -notlike "grp_Email_footer_"}}

to this:

? {$_.allmemberof -notcontains "grp_Email_footer_"}}
0
 
daveTechSearchCommented:
give this a try
Import-csv "C:\SCRIPTS\test.csv" |
foreach{
$Name = $_.DisplayName
get-qaduser $name | where {get-qadgroup "grp_Email_footer_" -containsmember $name}
}

Open in new window

0
Worried about phishing attacks?

90% of attacks start with a phish. It’s critical that IT admins and MSSPs have the right security in place to protect their end users from these phishing attacks. Check out our latest feature brief for tips and tricks to keep your employees off a hackers line!

 
daveTechSearchCommented:
sorry... messed that up slightly (i tested the reverse 'does contain')
Import-csv "C:\SCRIPTS\test.csv" |
@(foreach{
$Name = $_.DisplayName
get-qaduser $name -IncludedProperties TargetAddress | 
where {get-qadgroup "grp_Email_footer_" -notcontainsmember $name}}) | 
Select Name,SamAccountName,EMail,TargetAddress | 
Export-Csv -notype C:\SCRIPTS\TEST-OUTPUT.csv

Open in new window

0
 
mat_sullivanInfrastructure EngineerAuthor Commented:
When I run you version I ver the following

Missing opening '(' after keyword 'foreach'.
At line:2 char:11
+ @(foreach  <<<< {
    + CategoryInfo          : ParserError: (OpenParenToken:TokenI
    + FullyQualifiedErrorId : MissingOpenParenthesisAfterKeyword
0
 
daveTechSearchCommented:
slightly modified
$queryGroup = "grp_Email_footer_"

@(foreach($_ in (import-csv "C:\temp\test.csv")) {
$Name = $_.DisplayName
get-qaduser $name -IncludedProperties TargetAddress | 
where {get-qadgroup $queryGroup -notcontainsmember $name}}) | 
Select Name,SamAccountName,EMail,TargetAddress | 
Export-Csv -notype C:\SCRIPTS\TEST-OUTPUT.csv

Open in new window

0
 
mat_sullivanInfrastructure EngineerAuthor Commented:
I am running this against a test file containing two users, one in a disclaimer group and one not in a disclaimer group. It is currently returning both users in the output, your script looks correct as far as I can tell so I would expect it the output to contain only one row, or maybe it could return all but with a true/false indicator of group membership?

This is quite frustrating as I can't see why it isn't working!
0
 
daveTechSearchCommented:
hmmm... odd... I can have  another look in a bit... my test was very similar to yours (two users, but a different group)..
0
 
daveTechSearchCommented:
Well... I just ran a test and the script is working for me... I exported output for my 'regular' account and my 'domain admin' account to CSV for the query...  queried against the group "Domain admins"... my 'regular' account was returned as the one that is  NOT a member of "Domain admins"

This is what I just ran...
$queryGroup = "Domain Admins"

@(foreach($_ in (import-csv "C:\temp\test.csv")) {
$Name = $_.DisplayName
get-qaduser $name -IncludedProperties TargetAddress | 
where {get-qadgroup $queryGroup -notcontainsmember $name}}) | 
Select Name,SamAccountName,EMail,TargetAddress | 
Export-Csv -notype C:\temp\TEST-OUTPUT.csv

Open in new window

0
 
mat_sullivanInfrastructure EngineerAuthor Commented:
One other thing, "grp_Email_footer_" is not the actual group name, there are 20 disclaimer Distribution Groups but they all beging wth:

GRP_Email_footer_

Could this be a factor that is stopping the script returning the correct output?

The desired result is for it to return users who are not a member of any of the 20 possible Distribution Groups.

0
 
mat_sullivanInfrastructure EngineerAuthor Commented:
I have just ran the script and specified the exact group name that the test user is a member of and it works as expected, only returning the user not in the group in the output, but as above I would like to run the input file against a number of groups and return only users who are in none of them. How easy is this to accomplish?

0
 
mat_sullivanInfrastructure EngineerAuthor Commented:
Sorry, just seen this update! Will test and come back.
0
 
mat_sullivanInfrastructure EngineerAuthor Commented:
This has done the trick! Took about 12 hours to run though! 6000+ records against a DC 5000 miles away etc... so not entirely unexpected.

Many thanks!
0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

All Courses

From novice to tech pro — start learning today.