Link to home
Start Free TrialLog in
Avatar of Alex
AlexFlag for United Kingdom of Great Britain and Northern Ireland

asked on

Find users not in specific groups within a specific OU

OK

I have a specific OU that I need to search users which are in 2 specific groups, I don't mind changing the group in the code and running it twice, that's not an issue at all.... What's the easiest way to achieve this because I'm at a loss....

This is the best I could come up with, any ideas?

$groupmembers = get-adgroupmember "BR-internetgroup" |

Get-ADUser -filter * -SearchBase "OU=BR,OU=HO,DC=net,DC=Comnpanyname,DC=co,DC=uk" | where-object {$groupmembers.distinguishedname -notcontains $_.distinguishedname}

Open in new window


Cheers

Alex
Avatar of footech
footech
Flag of United States of America image
I have a specific OU that I need to search users which are in 2 specific groups
Please clarify.  You need to find users who are a member of both groups?  Or of either?  Do they need to direct members, or can they be a member via nested groups?
Avatar of Alex
Alex
Flag of United Kingdom of Great Britain and Northern Ireland image

ASKER

They won't be in nested groups, they can be a member of either but I'll need to specify which group they are in. Hence why I was going to change the group name in the script to each group I need to search

Ultimately, they will need to be a member of both eventually.
Avatar of footech
footech
Flag of United States of America image
Not tested, but should work.
$group1 = (Get-ADGroup "group1").distinguishedName
$group2 = (Get-ADGroup "group2").distinguishedName

#to find all users which are a member of either group
Get-ADUser -filter * -SearchBase "OU=BR,OU=HO,DC=net,DC=Companyname,DC=co,DC=uk" -Properties memberOf | where-object { $_.memberOf -contains $group1 -or $_.memberOf -contains $group2 }

#to find users which are a member of one group.  Change the variable in the Where block to match your group.
Get-ADUser -filter * -SearchBase "OU=BR,OU=HO,DC=net,DC=Companyname,DC=co,DC=uk" -Properties memberOf | where-object { $_.memberOf -contains $group1 }

Open in new window

The searches will work as long as the group you're interested in is not the Primary Group of the user.  If it is, then we have to change the approach.
Avatar of Alex
Alex
Flag of United Kingdom of Great Britain and Northern Ireland image

ASKER

OK that's great, there is one problem, I need the list of users NOT in those groups in the OU :D

So can we specify that?

BTW that script worked :D
ASKER CERTIFIED SOLUTION
Avatar of footech
footech
Flag of United States of America image
Link to home
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Start Free Trial
Avatar of Alex
Alex
Flag of United Kingdom of Great Britain and Northern Ireland image

ASKER

LEGEND....... wait for it............................................................................................................................................................................................................DARY!