Solved

how to check accounts that are members of multiple groups

Posted on 2014-04-07
2
487 Views
Last Modified: 2014-04-07
Can someone help me modify this ? or a new script ?
I need to know from users.txt which account is a member of NOT just domain users .

$contents = get-content "users.txt"
foreach ($obj in $contents)
{
      if ((Get-ADPrincipalGroupMembership $obj | ? { $_.name -notlike "domain users" }) -eq $NULL)
      {
            $OBJ
      }
}
0
Comment
Question by:MilesLogan
2 Comments
 
LVL 17

Accepted Solution

by:
Learnctx earned 500 total points
ID: 39984770
The easiest way to do this is to just do a count of the group membership. All your users should be a member of domain users (some people take users out of Domain Users but that's dumb...disable them). Its also going to be quicker as you're only going to process the user object and dump the group DN's from the memberof attribute.

$contents = gc users.txt
foreach ($obj in $contents)
{
   if ((Get-ADUser $obj -properties memberof).memberof.count -ge 2)
   {
      $obj
   }
}

Open in new window

If you are someone who happens to remove accounts from domain users, you could also do the following.

$contents = gc users.txt
foreach ($obj in $contents)
{
   if (((Get-ADUser $obj -properties memberof).memberof | ? {$_ -notmatch "domain\susers"} | measure).count -ge 1)
   {
      $obj
   }
}

Open in new window

If you are intent on using Get-ADPrincipalGroupMembership (slow), then you can do the following.

$contents = gc users.txt
foreach ($obj in $contents)
{
   if ((Get-ADPrincipalGroupMembership $obj |  ? {$_.name -ne "Domain Users"} | measure).count -ge 1)
   {
      $obj
   }
}

Open in new window

0
 
LVL 2

Author Closing Comment

by:MilesLogan
ID: 39984881
Thanks Learnctx !! I went with the first option.. I just did not know better .. thanks !
0

Featured Post

Netscaler Common Configuration How To guides

If you use NetScaler you will want to see these guides. The NetScaler How To Guides show administrators how to get NetScaler up and configured by providing instructions for common scenarios and some not so common ones.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Synchronize a new Active Directory domain with an existing Office 365 tenant
This article shows how to deploy dynamic backgrounds to computers depending on the aspect ratio of display
This tutorial will walk an individual through locating and launching the BEUtility application to properly change the service account username and\or password in situation where it may be necessary or where the password has been inadvertently change…
Microsoft Active Directory, the widely used IT infrastructure, is known for its high risk of credential theft. The best way to test your Active Directory’s vulnerabilities to pass-the-ticket, pass-the-hash, privilege escalation, and malware attacks …

813 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

12 Experts available now in Live!

Get 1:1 Help Now