Points of My Scenario:
1, I have a text file that lists groups and their members like so:
2. Each group is separated from the other by an empty line, and the group name is always the first item in its list.
3. I need a way to specify a memberX that will output a file listing all the GROUPs under which memberX appears.
QUESTION: What approach can I use to output a list of all groups for any member I specify?
See includes a script that extracts info, that you might find helpful.
$Path = '.\groups.txt'
and in the case for you, you need only provide the username whose group membership is of interest to you.
There would not be a need to process the results after the fact.
Could not post the code as it is derivative from the links included in that question.
It lists all users or members of an OU as an input to the data pull.
in your case the feeder is just one user.
1. There are 2 separate AD forests (old and new), where old-forest trusts new-forest.
2. I have to migrate old-forest users to new-forest.
3. Accounts for the users have been set up in new-forest.
4. Groups in new-forest have been created to have equivalent permissions of old-forest groups
5. Old-forest group names are inconsistent, but new-forest group names are created with strict naming conventions.
6. I queried old-forest groups for members, then I translated the users and group names into the equivalent in new-forest
7. The resulting [translated] text file is what I am working with in this case.
At this point, if I queried old-forest members for their groups (as you advise), I would get the list I seek, but it would not be in the translated form (new-forest users & groups). I would have to do that translation work (Ctrl+H: i.e. replace) again.
you create the translation map, i.e. an array of old groups what they need to be on the new domain.
you can then go through a list of old users, and create the commands to be executed on the new that adds the new user to the respective group on the new domain.
you then run the resulting powershell commands on the new domain, unless you run them after confirming the changes
i.e. looping through the process, and outputing the text as opposed to actually run the command.
Here is another multi-piece part of the puzzle:
1. I am an admin in the old-forest ONLY.
2. The new-forest admin 'regime' has created a web application where users can individually request group-memberships
3. The app includes an approval process that - if user is approved - then automates their placement into the new-forest groups.
4. My assigned task is to get the applicable list of new-forest groups to each user - so (s)he can individually apply and go through the approval process.