?
Solved

Finding users who are NOT in a group/groups

Posted on 2011-03-02
13
Medium Priority
?
746 Views
Last Modified: 2012-05-11
I need to identify users who do not have a disclaimer configured in Exchange, there are many disclaimer groups all starting:

grp_Email_footer

So I have a list of all users I want to target with the script and want to return all users whos allmemberof attribute does not contain the string "grp_email_footer"

As far as I can see the following should do the trick, but it is returning ALL users from the imput file and I know that there are many it should not be returning as they have disclaimers configured:

Import-Csv "C:\SCRIPTS\test.csv" | `
foreach {
$Name = $_.DisplayName
Get-QADUser "$NAME" -IncludedProperties TargetAddress | ? {$_.allmemberof -notlike "grp_Email_footer_"}} | Select Name,SamAccountName,EMail,TargetAddress | Export-Csv -notype C:\SCRIPTS\TEST-OUTPUT.csv


Can anyone see where I am going wrong here? Or suggest an alternate angle of attack to the problem?

Ta

0
Comment
Question by:mat_sullivan
  • 7
  • 6
13 Comments
 
LVL 5

Expert Comment

by:daveTechSearch
ID: 35021044
try changing this:

? {$_.allmemberof -notlike "grp_Email_footer_"}}

to this:

? {$_.allmemberof -notcontains "grp_Email_footer_"}}
0
 
LVL 5

Expert Comment

by:daveTechSearch
ID: 35021298
give this a try
Import-csv "C:\SCRIPTS\test.csv" |
foreach{
$Name = $_.DisplayName
get-qaduser $name | where {get-qadgroup "grp_Email_footer_" -containsmember $name}
}

Open in new window

0
 
LVL 5

Expert Comment

by:daveTechSearch
ID: 35021509
sorry... messed that up slightly (i tested the reverse 'does contain')
Import-csv "C:\SCRIPTS\test.csv" |
@(foreach{
$Name = $_.DisplayName
get-qaduser $name -IncludedProperties TargetAddress | 
where {get-qadgroup "grp_Email_footer_" -notcontainsmember $name}}) | 
Select Name,SamAccountName,EMail,TargetAddress | 
Export-Csv -notype C:\SCRIPTS\TEST-OUTPUT.csv

Open in new window

0
Making Bulk Changes to Active Directory

Watch this video to see how easy it is to make mass changes to Active Directory from an external text file without using complicated scripts.

 
LVL 4

Author Comment

by:mat_sullivan
ID: 35025497
When I run you version I ver the following

Missing opening '(' after keyword 'foreach'.
At line:2 char:11
+ @(foreach  <<<< {
    + CategoryInfo          : ParserError: (OpenParenToken:TokenI
    + FullyQualifiedErrorId : MissingOpenParenthesisAfterKeyword
0
 
LVL 5

Expert Comment

by:daveTechSearch
ID: 35028620
slightly modified
$queryGroup = "grp_Email_footer_"

@(foreach($_ in (import-csv "C:\temp\test.csv")) {
$Name = $_.DisplayName
get-qaduser $name -IncludedProperties TargetAddress | 
where {get-qadgroup $queryGroup -notcontainsmember $name}}) | 
Select Name,SamAccountName,EMail,TargetAddress | 
Export-Csv -notype C:\SCRIPTS\TEST-OUTPUT.csv

Open in new window

0
 
LVL 4

Author Comment

by:mat_sullivan
ID: 35028915
I am running this against a test file containing two users, one in a disclaimer group and one not in a disclaimer group. It is currently returning both users in the output, your script looks correct as far as I can tell so I would expect it the output to contain only one row, or maybe it could return all but with a true/false indicator of group membership?

This is quite frustrating as I can't see why it isn't working!
0
 
LVL 5

Expert Comment

by:daveTechSearch
ID: 35029015
hmmm... odd... I can have  another look in a bit... my test was very similar to yours (two users, but a different group)..
0
 
LVL 5

Expert Comment

by:daveTechSearch
ID: 35029283
Well... I just ran a test and the script is working for me... I exported output for my 'regular' account and my 'domain admin' account to CSV for the query...  queried against the group "Domain admins"... my 'regular' account was returned as the one that is  NOT a member of "Domain admins"

This is what I just ran...
$queryGroup = "Domain Admins"

@(foreach($_ in (import-csv "C:\temp\test.csv")) {
$Name = $_.DisplayName
get-qaduser $name -IncludedProperties TargetAddress | 
where {get-qadgroup $queryGroup -notcontainsmember $name}}) | 
Select Name,SamAccountName,EMail,TargetAddress | 
Export-Csv -notype C:\temp\TEST-OUTPUT.csv

Open in new window

0
 
LVL 4

Author Comment

by:mat_sullivan
ID: 35034487
One other thing, "grp_Email_footer_" is not the actual group name, there are 20 disclaimer Distribution Groups but they all beging wth:

GRP_Email_footer_

Could this be a factor that is stopping the script returning the correct output?

The desired result is for it to return users who are not a member of any of the 20 possible Distribution Groups.

0
 
LVL 4

Author Comment

by:mat_sullivan
ID: 35034529
I have just ran the script and specified the exact group name that the test user is a member of and it works as expected, only returning the user not in the group in the output, but as above I would like to run the input file against a number of groups and return only users who are in none of them. How easy is this to accomplish?

0
 
LVL 5

Accepted Solution

by:
daveTechSearch earned 2000 total points
ID: 35037860
This should work for you... changed it up a tad
$queryGroups = get-qadgroup 'GRP_Email_footer_*'

@(foreach($_ in (import-csv "C:\temp\test.csv")) {
$Name = $_.DisplayName
get-qaduser $name -IncludedProperties TargetAddress -notmemberof $queryGroups
}) | 
Select Name,SamAccountName,EMail,TargetAddress | 
Export-Csv -notype C:\temp\TEST-OUTPUT.csv

Open in new window

0
 
LVL 4

Author Comment

by:mat_sullivan
ID: 35067925
Sorry, just seen this update! Will test and come back.
0
 
LVL 4

Author Comment

by:mat_sullivan
ID: 35081509
This has done the trick! Took about 12 hours to run though! 6000+ records against a DC 5000 miles away etc... so not entirely unexpected.

Many thanks!
0

Featured Post

Free tool for managing users' photos in Office 365

Easily upload multiple users’ photos to Office 365. Manage them with an intuitive GUI and use handy built-in cropping and resizing options. Link photos with users based on Azure AD attributes. Free tool!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Welcome to 2018! Exciting things lie ahead in the world of tech. To start things off, we compiled great member articles on how to stay safe, ways to learn, and much more! Read on to start your new year right.
Just after setting up Cloud PBX connectivity and migrated Skype users to SFBO, we noticed inbound calls not working but outbound calls would work.
The video tutorial explains the basics of the Exchange server Database Availability groups. The components of this video include: 1. Automatic Failover 2. Failover Clustering 3. Active Manager
Screencast - Getting to Know the Pipeline
Suggested Courses

599 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question