Reputation: 79
Compare-Object on two AD user accounts
Can anyone please give some advice on comparing two ADAccount Objects in PowerShell (v2).
Whenever I run a comparison with Compare-Object, it only shows the difference in the Distinguished name, not the differences in the fields of those accounts.
Short of separately comparing $ADUser.Modified , or $ADUser.DisplayName , etc for every field I want to check, I'm at a loss.
Is there a way to compare each and every field in the ADUser object across the two accounts, showing which fields are different?
(If you are curious... this is actually for comparing two accounts with the same name, but in different domains)
Thanks in advance.
Upvotes: 1
Views: 18955
Answers (3)
Reputation: 311
Based upon the previous answers I made a function to compare two AD Users.
As parameters you only have to give any valid value that would also be accepted by the -Identity parameter of Get-ADUser. (The function itself will query AD for the properties)
The -Property parameter can either be any valid AD/ldap property, or * for all properties.
Since the values of some attributed can be quite lenghty, I would advice to pipe the result in Format-List instead of the default table output.
The usage would be as following:
Compare-ADUser -ReferenceUser <user1> -DifferenceUser <user2>
Compare-ADUser -ReferenceUser <user1> -DifferenceUser <user2> -Property *
Compare-ADUser -ReferenceUser <user1> -DifferenceUser <user2> -Property "City","state","c"
.
Function Compare-ADUser {
[cmdletbinding(SupportsShouldProcess)]
Param(
[parameter(Mandatory = $true)]
[string]$ReferenceUser,
[parameter(Mandatory = $true)]
[string]$DifferenceUser,
[parameter()]
[string[]]$Property
)
begin {}
process {
if ($pscmdlet.ShouldProcess("$ReferenceUser & $DifferenceUser", "Comparing users")) {
$ReferenceUserSplat = @{ Identity = $ReferenceUser }
$DifferenceUserSplat = @{ Identity = $DifferenceUser }
if ($PSBoundParameters.ContainsKey("Property")) {
$ReferenceUserSplat.Properties = $Property
$DifferenceUserSplat.Properties = $Property
}
$ReferenceObject = Get-ADUser @ReferenceUserSplat
$DifferenceObject = Get-ADUser @DifferenceUserSplat
$properties = $ReferenceObject.GetEnumerator() | % { $_.Key }
$properties += $DifferenceObject.GetEnumerator() | % { $_.Key }
foreach ($prop in $properties | Sort | Select -Unique ) {
$ReferenceProperty = $ReferenceObject.($prop)
$DifferenceProperty = $DifferenceObject.($prop)
try {
Remove-Variable comparison -ErrorAction SilentlyContinue
$comparison = Compare-Object -ReferenceObject $ReferenceProperty -DifferenceObject $DifferenceProperty -IncludeEqual -ErrorAction SilentlyContinue
}
catch {
}
finally {
if ( (($comparison.sideindicator -notcontains "<=") -and ($comparison.sideindicator -notcontains "=>")) -and -not
($null -eq $ReferenceProperty -xor $null -eq $DifferenceProperty)) {
$comparison = "Equal"
}
else {
$comparison = "Different"
}
}
[pscustomobject]@{
Property = $prop
Comparison = $comparison
ReferenceUser = $ReferenceProperty
DifferenceUser = $DifferenceProperty
}
}
}
}
end {}
}
Upvotes: 0
Reputation: 11
This is a very great solution for comparing object properties:
Jamie Nelson write a function to compare the properties of 2 AD objects.
So, with a little extra logic, we can do this pretty easily. First, we define the Compare-ObjectProperties function. That function will take any two source objects and get a unique list of all of the property names of both objects we're comparing. This is necessary because objects aren't always going to have the same set of attributes. When that is the case, we want to see where one has a null value and the other is populated. With the list of unique property names, our function can iteratively process them through Compare-Object and only return the properties that are different.
Function Compare-ObjectProperties { Param( [PSObject]$ReferenceObject, [PSObject]$DifferenceObject ) $objprops = $ReferenceObject | Get-Member -MemberType Property,NoteProperty | % Name $objprops += $DifferenceObject | Get-Member -MemberType Property,NoteProperty | % Name $objprops = $objprops | Sort | Select -Unique $diffs = @() foreach ($objprop in $objprops) { $diff = Compare-Object $ReferenceObject $DifferenceObject -Property $objprop if ($diff) { $diffprops = @{ PropertyName=$objprop RefValue=($diff | ? {$_.SideIndicator -eq '<='} | % $($objprop)) DiffValue=($diff | ? {$_.SideIndicator -eq '=>'} | % $($objprop)) } $diffs += New-Object PSObject -Property $diffprops } } if ($diffs) {return ($diffs | Select PropertyName,RefValue,DiffValue)} } $ad1 = Get-ADUser amelia.mitchell -Properties * $ad2 = Get-ADUser carolyn.quinn -Properties * Compare-ObjectProperties $ad1 $ad2
Upvotes: 0
Reputation: 2149
This should give you the property name, what each user had as that property and if it was equal or different.
$user1 = get-aduser Test.User1 -Properties *
$user2 = get-aduser Test.User2 -Properties *
$Usercomparison = @()
$user1.GetEnumerator() | ForEach-Object {
If ($User2.($_.Key) -eq $_.Value)
{
$Comparison = 'Equal'
}
else
{
$Comparison = 'Different'
}
$UserObj = New-Object PSObject -Property ([ordered]@{
Property = $_.Key
User1 = $_.Value
User2 = $User2.($_.Key)
Comparison = $Comparison
})
$UserComparison += $UserObj
}
$UserComparison
Upvotes: 5
Related Questions
- Compare 2 ActiveDirectory properties using Powershell
- Struggling with PSCustomObject in Compare-Object
- Comparing users between AAD and ADS
- Compare users from 2 OU and output only when they differs
- (AD) object equality in PowerShell
- compare-object not displaying all differences
- Powershell comparison with attributes
- Compare outputs of two powershell scripts for AD computers
- Powershell compare-object
- PowerShell Active Directory Compare with Text file