[Okta Webinar] Learn how to a build a cloud-first strategyRegister Now

x
?
Solved

how to check accounts that are members of multiple groups

Posted on 2014-04-07
2
Medium Priority
?
535 Views
Last Modified: 2014-04-07
Can someone help me modify this ? or a new script ?
I need to know from users.txt which account is a member of NOT just domain users .

$contents = get-content "users.txt"
foreach ($obj in $contents)
{
      if ((Get-ADPrincipalGroupMembership $obj | ? { $_.name -notlike "domain users" }) -eq $NULL)
      {
            $OBJ
      }
}
0
Comment
Question by:MilesLogan
2 Comments
 
LVL 18

Accepted Solution

by:
Learnctx earned 2000 total points
ID: 39984770
The easiest way to do this is to just do a count of the group membership. All your users should be a member of domain users (some people take users out of Domain Users but that's dumb...disable them). Its also going to be quicker as you're only going to process the user object and dump the group DN's from the memberof attribute.

$contents = gc users.txt
foreach ($obj in $contents)
{
   if ((Get-ADUser $obj -properties memberof).memberof.count -ge 2)
   {
      $obj
   }
}

Open in new window

If you are someone who happens to remove accounts from domain users, you could also do the following.

$contents = gc users.txt
foreach ($obj in $contents)
{
   if (((Get-ADUser $obj -properties memberof).memberof | ? {$_ -notmatch "domain\susers"} | measure).count -ge 1)
   {
      $obj
   }
}

Open in new window

If you are intent on using Get-ADPrincipalGroupMembership (slow), then you can do the following.

$contents = gc users.txt
foreach ($obj in $contents)
{
   if ((Get-ADPrincipalGroupMembership $obj |  ? {$_.name -ne "Domain Users"} | measure).count -ge 1)
   {
      $obj
   }
}

Open in new window

0
 
LVL 2

Author Closing Comment

by:MilesLogan
ID: 39984881
Thanks Learnctx !! I went with the first option.. I just did not know better .. thanks !
0

Featured Post

A Cyber Security RX to Protect Your Organization

Join us on December 13th for a webinar to learn how medical providers can defend against malware with a cyber security "Rx" that supports a healthy technology adoption plan for every healthcare organization.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Active Directory can easily get cluttered with unused service, user and computer accounts. In this article, I will show you the way I like to implement ADCleanup..
A bad practice commonly found during an account life cycle is to set its password to an initial, insecure password. The Password Reset Tool was developed to make the password reset process easier and more secure.
This tutorial will walk an individual through the steps necessary to join and promote the first Windows Server 2012 domain controller into an Active Directory environment running on Windows Server 2008. Determine the location of the FSMO roles by lo…
This tutorial will show how to configure a new Backup Exec 2012 server and move an existing database to that server with the use of the BEUtility. Install Backup Exec 2012 on the new server and apply all of the latest hotfixes and service packs. The…

873 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question