bbayachek
asked on
Using AD Powershell to update user group membership
I am trying to use AD Powershell to update the group members of a specific AD Group. I have a CSV file with the users that should be in the group that I import. I want to script to see who is currently in the group, remove them if they are not in the new list and add them if they are not in AD but are in the new list. Basically AD should be exactly what the new list says, no more/no less. This is the script I am using.
I have it output to a file to make sure the command is correct for now and this is what I get:
How do I get the variable $User to just be "user1" and NOT "@{SamAccountName=user1}"
I guess I could probably just take the Middle charcters of the string starting at stringlength-17 ending at stringlength-1 but that seems a little laborious, I was hoping there was an easy way to pull just the user out of the array.
Thanks
$CorrectUsers = Import-Csv c:\correctusers.csv | Where-Object {$_.room -eq "RoomA"} | Sort "ID" -Unique | Select-Object "ID"
$ADRoomA = Get-ADGroupMember -Identity "RoomA" | Sort "SamAccountName" -Unique | Select-Object SamAccountName
$ADRoomA > c:\test.txt
$ModAD = Compare-Object -ReferenceObject $ADRoomA -DifferenceObject $CorrectUsers
$ModAD > c:\ty.txt
$m = $ModAD.InputItem | Format-Table -HideTableHeaders
$m > c:\m.txt
$ModAD | foreach {
if ($_.sideindicator -eq '<='){
'Remove-ADGroupMember -Identity "RoomA" -Members ' + $User > c:\items.txt
}
}
I have it output to a file to make sure the command is correct for now and this is what I get:
Remove-ADGroupMember -Identity "RoomA" -Members @{SamAccountName=user1}
How do I get the variable $User to just be "user1" and NOT "@{SamAccountName=user1}"
I guess I could probably just take the Middle charcters of the string starting at stringlength-17 ending at stringlength-1 but that seems a little laborious, I was hoping there was an easy way to pull just the user out of the array.
Thanks
ASKER
Yea, I was actually going to just do that to begin with but I was hoping to be a bit more elegant with it. I don't have that many users for that group but I figured for the future it would be better that I know the good way to do it.
I am guessing a simple approach would have been
1) get list of valid users already in your csv
2) do a get-adgroup call piped into a for loop
4) nest a loop based on your file and compare users
5) Use if logic (if member -eq user from loop -do nothing if member -ne user from loop remove member)
Something along the above lines.
1) get list of valid users already in your csv
2) do a get-adgroup call piped into a for loop
4) nest a loop based on your file and compare users
5) Use if logic (if member -eq user from loop -do nothing if member -ne user from loop remove member)
Something along the above lines.
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
Sorry for the late response. I get tied up with a million things and then forget the task at hand. I think that would actually work Footech. I will test it out and let you know.
THanks
THanks
Tom