• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 82
  • Last Modified:

Powershell - If statements based on AD Security group memberships

Good Day,

I have a powershell script and I am trying to pass different IF statements based on the currentuser's group membership.

$CurrentUser = $env:USERNAME
$Authorized = get-aduser -Identity $CurrentUser

IF ( (($Authorized).memberof -ne 'GROUP-A' ) -or (($Authorized).memberof -ne 'GROUP-B' )) {
      Write-Host "Unauthorized User - Exiting..."
      Write-Host ""

Then later in the script I call:

If (($Authorized).memberof -eq 'GROUP-A'){
            #Total Size of Archived Directory
            Write-Output ""
            Write-Host ""
            Write-Output ""
            Write-Host ""

This last section does not ever provide the correct output.  The $Currentuser is a member of multiple groups and I want this last section to run if the $CurrentUser is a member of this AD security group which this member is.

Thank you in advance for your help.
1 Solution
- The memberOf attribute is not returned by default
- You're trying to compare a string scalar against an array.

* To test whether a single string is contained in an array, use the -contains operator
* To test whether at least one string is contained in both arrays, you can use Compare-Object
$ADUser = Get-ADUser -Identity $ENV:UserName -Property memberOf
$Membership = $ADUser.memberOf | ForEach-Object {($_ -split '(?:\A|,)CN=|,OU=', 3)[1]}
$AllowGroups = @(
	'Domain Admins'
If (-not (Compare-Object -ReferenceObject $AllowGroups -DifferenceObject $Membership -ExcludeDifferent -IncludeEqual)) {
	# Unauthorized
	# ...

If ($Membership -contains 'Group-A') {
	# Member of Group-A
	# ...

Open in new window

mrfiteAuthor Commented:
Thank you! - This worked just like you said it would.
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

Join & Write a Comment

Featured Post

Simplify Active Directory Administration

Administration of Active Directory does not have to be hard.  Too often what should be a simple task is made more difficult than it needs to be.The solution?  Hyena from SystemTools Software.  With ease-of-use as well as powerful importing and bulk updating capabilities.

Tackle projects and never again get stuck behind a technical roadblock.
Join Now