Still celebrating National IT Professionals Day with 3 months of free Premium Membership. Use Code ITDAY17

x
?
Solved

Hot to pull Active Directory users with no group membership

Posted on 2014-03-10
8
Medium Priority
?
403 Views
Last Modified: 2014-03-10
Hi EE

I dont know where to start on this.. I have a list of 100's of SamAccountNames and I need to know which of these accounts do not have any Active Directory groups .. well no other groups but Domain Users.
0
Comment
Question by:MilesLogan
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 3
  • 2
  • 2
  • +1
8 Comments
 
LVL 8

Expert Comment

by:jpgobert
ID: 39918292
The easiest way will be to run your search for users where memberOf is null (or not present).

I used the Find function in Active Directory Users and Computers, Advanced tab, and added the condition User -> Member Of -> Not Present.  

That gave me a list of all user accounts that have no group memberships beyond Domain Users.
0
 
LVL 2

Author Comment

by:MilesLogan
ID: 39918305
Hi jpgobert .. thanks for the tip but that will not work for me since I only want to check a list of users and these are in all different OUs .
0
 
LVL 14

Expert Comment

by:Justin Yeung
ID: 39918310
$contents = get-content "list of the file.txt"
foreach ($obj in $contents)
{
if ((Get-ADPrincipalGroupMembership $obj | ? {$_.name -notlike "domain users"}) -eq $NULL)
{
$OBJ
}
0
Are You Ready for GDPR?

With the GDPR deadline set for May 25, 2018, many organizations are ill-prepared due to uncertainty about the criteria for compliance. According to a recent WatchGuard survey, a staggering 37% of respondents don't even know if their organization needs to comply with GDPR. Do you?

 
LVL 40

Accepted Solution

by:
Subsun earned 2000 total points
ID: 39918314
Input the SamAccountNames names in C:\User.txt, and run the following code.. result will give you the SamAccountName's with no group membership..
GC C:\User.txt | ?{(Get-ADuser $_ | Get-ADPrincipalGroupMembership | ?{$_.Name -ne "Domain Users"}) -eq $null}

Open in new window

0
 
LVL 8

Expert Comment

by:jpgobert
ID: 39918316
I'm looking up the info now for piping your user list from a text file into a powershell command that'll do what you want.  

Are we only dealing with one domain?  

Do you want the output to write to another file?
0
 
LVL 2

Author Comment

by:MilesLogan
ID: 39918346
Hi Justin .. I received the error below on yours ..

+ {
+ ~
Missing closing '}' in statement block.
    + CategoryInfo          : ParserError: (:) [], ParseException
    + FullyQualifiedErrorId : MissingEndCurlyBrace
0
 
LVL 2

Author Closing Comment

by:MilesLogan
ID: 39918348
This worked ! thank you subsun .
0
 
LVL 14

Expert Comment

by:Justin Yeung
ID: 39918355
Missing } at the end
0

Featured Post

Are your AD admin tools letting you down?

Managing Active Directory can get complicated.  Often, the native tools for managing AD are just not up to the task.  The largest Active Directory installations in the world have relied on one tool to manage their day-to-day administration tasks: Hyena. Start your trial today.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

After seeing many questions for JRNL_WRAP_ERROR for replication failure, I thought it would be useful to write this article.
A bad practice commonly found during an account life cycle is to set its password to an initial, insecure password. The Password Reset Tool was developed to make the password reset process easier and more secure.
This tutorial will walk an individual through the process of transferring the five major, necessary Active Directory Roles, commonly referred to as the FSMO roles from a Windows Server 2008 domain controller to a Windows Server 2012 domain controlleā€¦
This tutorial will walk an individual through setting the global and backup job media overwrite and protection periods in Backup Exec 2012. Log onto the Backup Exec Central Administration Server. Examine the services. If all or most of them are stopā€¦
Suggested Courses

660 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question