Want to win a PS4? Go Premium and enter to win our High-Tech Treats giveaway. Enter to Win

x
?
Solved

how to check accounts that are members of multiple groups

Posted on 2014-04-07
2
Medium Priority
?
526 Views
Last Modified: 2014-04-07
Can someone help me modify this ? or a new script ?
I need to know from users.txt which account is a member of NOT just domain users .

$contents = get-content "users.txt"
foreach ($obj in $contents)
{
      if ((Get-ADPrincipalGroupMembership $obj | ? { $_.name -notlike "domain users" }) -eq $NULL)
      {
            $OBJ
      }
}
0
Comment
Question by:MilesLogan
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
2 Comments
 
LVL 18

Accepted Solution

by:
Learnctx earned 2000 total points
ID: 39984770
The easiest way to do this is to just do a count of the group membership. All your users should be a member of domain users (some people take users out of Domain Users but that's dumb...disable them). Its also going to be quicker as you're only going to process the user object and dump the group DN's from the memberof attribute.

$contents = gc users.txt
foreach ($obj in $contents)
{
   if ((Get-ADUser $obj -properties memberof).memberof.count -ge 2)
   {
      $obj
   }
}

Open in new window

If you are someone who happens to remove accounts from domain users, you could also do the following.

$contents = gc users.txt
foreach ($obj in $contents)
{
   if (((Get-ADUser $obj -properties memberof).memberof | ? {$_ -notmatch "domain\susers"} | measure).count -ge 1)
   {
      $obj
   }
}

Open in new window

If you are intent on using Get-ADPrincipalGroupMembership (slow), then you can do the following.

$contents = gc users.txt
foreach ($obj in $contents)
{
   if ((Get-ADPrincipalGroupMembership $obj |  ? {$_.name -ne "Domain Users"} | measure).count -ge 1)
   {
      $obj
   }
}

Open in new window

0
 
LVL 2

Author Closing Comment

by:MilesLogan
ID: 39984881
Thanks Learnctx !! I went with the first option.. I just did not know better .. thanks !
0

Featured Post

Q2 2017 - Latest Malware & Internet Attacks

WatchGuard’s Threat Lab is a group of dedicated threat researchers committed to helping you stay ahead of the bad guys by providing in-depth analysis of the top security threats to your network.  Check out our latest Quarterly Internet Security Report!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

After seeing many questions for JRNL_WRAP_ERROR for replication failure, I thought it would be useful to write this article.
It’s time for spooky stories and consuming way too much sugar, including the many treats we’ve whipped for you in the world of tech. Check it out!
To efficiently enable the rotation of USB drives for backups, storage pools need to be created. This way no matter which USB drive is installed, the backups will successfully write without any administrative intervention. Multiple USB devices need t…
This tutorial will walk an individual through the process of transferring the five major, necessary Active Directory Roles, commonly referred to as the FSMO roles from a Windows Server 2008 domain controller to a Windows Server 2012 domain controlle…
Suggested Courses

618 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question