Link to home
Get AccessLog in
Avatar of PtboGiser
PtboGiserFlag for Canada

asked on

Quick way to Audit AD OU for users that are a members of a specified group

I have an OU containing a couple hundred users that are all to be removed from the default 'Domain Users' group upon account creation and placed in a custom primary group.  Occasionally another staff may forget to do this, so I'd like a quick an easy way to audit that OU and discover any users in it that are still memebers of Domain Users.

I have this where the search base is the OU in question:
Get-ADUser -filter {memberof -recursivematch "CN=Domain Users,OU=Users,DC=<domain>,DC=<domain>"} -SearchBase "OU=<ou>,OU=<ou>,OU=<ou>,DC=<domain>,DC=<domain>"

But it returns no results, even if there are users in the specified OU that are members of Domain Users.

Can somone correct my powershell script?  Or maybe advise a way I can do this from the Active Directory Users and Computers GUI?  Thanks!
Avatar of Venugopal N
Venugopal N
Flag of India image

dsget group "CN=Domain Users,OU=users,DC=Contoso,DC=Com" -members

Which will list the user memberof the domain users group.
SOLUTION
Avatar of dave_it
dave_it
Flag of United States of America image

Link to home
membership
This content is only available to members.
To access this content, you must be a member of Experts Exchange.
Get Access
SOLUTION
Avatar of Mike Kline
Mike Kline
Flag of United States of America image

Link to home
membership
This content is only available to members.
To access this content, you must be a member of Experts Exchange.
Get Access
ASKER CERTIFIED SOLUTION
Link to home
membership
This content is only available to members.
To access this content, you must be a member of Experts Exchange.
Get Access
Glad we were able to help out.

Thanks

Mike
Avatar of PtboGiser

ASKER

-See my final comment for the final Powershell commands I used