Solved

Powershell - If statements based on AD Security group memberships

Posted on 2016-11-28
2
54 Views
Last Modified: 2016-11-28
Good Day,

I have a powershell script and I am trying to pass different IF statements based on the currentuser's group membership.

$CurrentUser = $env:USERNAME
$Authorized = get-aduser -Identity $CurrentUser

IF ( (($Authorized).memberof -ne 'GROUP-A' ) -or (($Authorized).memberof -ne 'GROUP-B' )) {
      Write-Host "Unauthorized User - Exiting..."
      Write-Host ""
      PAUSE
      EXIT
}


Then later in the script I call:

If (($Authorized).memberof -eq 'GROUP-A'){
            #Total Size of Archived Directory
            Write-Output ""
            Write-Host ""
            Write-Output ""
            Write-Host ""
}

This last section does not ever provide the correct output.  The $Currentuser is a member of multiple groups and I want this last section to run if the $CurrentUser is a member of this AD security group which this member is.

Thank you in advance for your help.
0
Comment
Question by:mrfite
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
2 Comments
 
LVL 85

Accepted Solution

by:
oBdA earned 500 total points
ID: 41904369
- The memberOf attribute is not returned by default
- You're trying to compare a string scalar against an array.

* To test whether a single string is contained in an array, use the -contains operator
* To test whether at least one string is contained in both arrays, you can use Compare-Object
$ADUser = Get-ADUser -Identity $ENV:UserName -Property memberOf
$Membership = $ADUser.memberOf | ForEach-Object {($_ -split '(?:\A|,)CN=|,OU=', 3)[1]}
$AllowGroups = @(
	'Group-A'
	'Group-B'
	'Domain Admins'
)
If (-not (Compare-Object -ReferenceObject $AllowGroups -DifferenceObject $Membership -ExcludeDifferent -IncludeEqual)) {
	# Unauthorized
	# ...
}

If ($Membership -contains 'Group-A') {
	# Member of Group-A
	# ...
}

Open in new window

0
 

Author Closing Comment

by:mrfite
ID: 41904582
Thank you! - This worked just like you said it would.
0

Featured Post

Free Tool: SSL Checker

Scans your site and returns information about your SSL implementation and certificate. Helpful for debugging and validating your SSL configuration.

One of a set of tools we are providing to everyone as a way of saying thank you for being a part of the community.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Recently we ran in to an issue while running some SQL jobs where we were trying to process the cubes.  We got an error saying failure stating 'NT SERVICE\SQLSERVERAGENT does not have access to Analysis Services. So this is a way to automate that wit…
In this post we will be converting StringData saved within a text file into a hash table. This can be further used in a PowerShell script for replacing settings that are dynamic in nature from environment to environment.
Exchange organizations may use the Journaling Agent of the Transport Service to archive messages going through Exchange. However, if the Transport Service is integrated with some email content management application (such as an antispam), the admini…
Come and listen to Percona CEO Peter Zaitsev discuss what’s new in Percona open source software, including Percona Server for MySQL (https://www.percona.com/software/mysql-database/percona-server) and MongoDB (https://www.percona.com/software/mongo-…

691 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question