asked on

Verify two users are members of groups from the same OU

HI EE

I have a unique situation where I need to verify two users have the same groups from only a certain OU.

So lets say , User1 has the same AD groups from OUtest1 that User2 has .. any ideas how to with PS ?
The accounts will have groups from other OUs , I just need to verify they have the same ones from a particular OU.

Shaun Vermaak

You can run this to get User1 and User2's groups for a certain OU into objects

$User1Name = "UserNo1"
$User1Groups = get-ADUser -identity $User1Name -properties *| Where-Object {$_.memberof -like "*,OU=Groups,OU=Dunder Mifflin,DC=dundermifflin,DC=com"} | Select Name, memberof

$User2Name = "UserNo2"
$User2Groups = get-ADUser -identity $User2Name -properties *| Where-Object {$_.memberof -like "*,OU=Groups,OU=Dunder Mifflin,DC=dundermifflin,DC=com"} | Select Name, memberof

Open in new window

Shaun Vermaak

Found this cmdlet that compare group membership for two Active Directory users.
https://gallery.technet.microsoft.com/scriptcenter/PowerShell-function-02ac0e15

Get-ADGroupsDifference -ReferenceUser XXXX -User YYYY | Where { $_.SideIndicator -eq -1 } | ForEach { Add-ADGroupMember -Identity $_.GroupDistinguishedName -Members $_.User }

Open in new window

Pawan Kumar

Hi,
Please try this-

--

Get-ADGroupsDifference -ReferenceUser OUtest1 -User OUtest2 | Where { $_.SideIndicator -eq -1 } | ForEach { Add-ADGroupMember -Identity $_.GroupDistinguishedName -Members $_.User }

--

Open in new window

Hope it helps!

ASKER CERTIFIED SOLUTION

oBdA

membership

This solution is only available to members.

To access this solution, you must be a member of Experts Exchange.

Start Free Trial

MilesLogan

ASKER

Thank you oBdA that did the trick !

Thank you also to the other, but this one had all the requirements .