dbright5813
asked on
Powershell Script to compare Group Membership
I need to create a powershell script that pulls users from a csv or text file, checks to see if they are in group a or group b. If not then it checks to see if they have 1 of 3 titles in AD and if so, adds them to group a, if not it adds them to group b.
It would be nice to do it in Exchange PS, but can use Quest ActiveRoles module as well.
Any advice would be greatly appreciated.
It would be nice to do it in Exchange PS, but can use Quest ActiveRoles module as well.
Any advice would be greatly appreciated.
BTW, to use the MS cmdlets instead of Quest, everything is exactly the same as posted in Subsun's script, just substitute Get-ADUser for Get-QADUser, and Add-ADGroupMember for Add-QADGroupMember. At the beginning of the script you'd also want to have the line Import-Module ActiveDirectory.
ASKER
Thank you - That definitely works better than anything I've tried to cobble together so far. But, one issue will be that there certain users who will be already be in Group A regardless of their title. Would there need to be a foreach user statement that checks their group membership and if they are in either of those groups, it skips the user regardless of their title attribute?
and
I had originally tried to build the list of users using the Exchange module because I only wanted users with mailboxes in only a few select OU's.
so I had a csv file with Name,OU and my script as
$FACOUs=Import-Csv csvfilename |%{$_.FACOU}
foreach($FACOU in $FACOUs){Get-Mailbox -OrganizationalUnit $FACOU | Select Alias} | Export-csv output
But I imagine I could probably roll this all into one prettier script using the ActiveRoles or AD module. maybe by checking if the primarySMTPaddress is not empty.
and
I had originally tried to build the list of users using the Exchange module because I only wanted users with mailboxes in only a few select OU's.
so I had a csv file with Name,OU and my script as
$FACOUs=Import-Csv csvfilename |%{$_.FACOU}
foreach($FACOU in $FACOUs){Get-Mailbox -OrganizationalUnit $FACOU | Select Alias} | Export-csv output
But I imagine I could probably roll this all into one prettier script using the ActiveRoles or AD module. maybe by checking if the primarySMTPaddress is not empty.
one issue will be that there certain users who will be already be in Group A regardless of their title. Would there need to be a foreach user statement that checks their group membership and if they are in either of those groups, it skips the user regardless of their title attribute?
As per the script logic if user is a member of GroupA or GroupB then it will skip the user, it wont check the title of the user again...
If the title is blank and user is member of GroupA, then do you want to remove the user from GroupA and add to GroupB?
One correction to my post above. When using the MS AD cmdlets, line 2 would be
$User = Get-ADUser $_ -properties memberof
ASKER
If the user is in either Group A or B already, then I want it to skip that user regardless of their title (even if it is blank)
Running it in my test environment it seemed to work at first with a few select users, but as I added more to it for testing, it began acting up. Now when I run it, it runs through the list of users, and then starts running through all AD users, not just the ones in the list and it added everyone to GroupB. It could have been a blank title or something else, I will see if I can narrow it down. thanks
Running it in my test environment it seemed to work at first with a few select users, but as I added more to it for testing, it began acting up. Now when I run it, it runs through the list of users, and then starts running through all AD users, not just the ones in the list and it added everyone to GroupB. It could have been a blank title or something else, I will see if I can narrow it down. thanks
I don't see any such issues with the script.. are you using the same script which is posted? or is there any modifications?
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
User error - I had inadvertently put an extra enter at the end of the user.txt when filling it up, so it was processing the empty variable as a get all.
Could some error catching be worked in to prevent that? I'm going to test a bit more and will dish out the points - thanks for your help
Could some error catching be worked in to prevent that? I'm going to test a bit more and will dish out the points - thanks for your help
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Open in new window
Input text file format..Open in new window