Reputation: 4321
Powershell, how to check group memberships for AD users
I want to check for users in certain OU if they are members of groups (and which) from another certain OU. How can I do this ?
Example: I have three OUs for users (users1OU, users2OU, users3OU) and two OUs for various grups (grups1OU, groups2OU).
Now I want to know for users from OU users1OU, members of which groups from OU groups2OU, they are.
I'm using powershell 2.0 and win 2008.
Upvotes: 2
Views: 3597
Answers (1)
Reputation: 68243
Using the activedirectory module from the RSAT tools:
Import-Module activedirectory
$memb = @{}
foreach ($group in get-adgroup -searchbase "ou=groups2OU,dc=domain,dc=tld" -filter *){
get-adgroupmember $group |? {$_.distinguishedname -like "*ou=users1OU,*"}|
%{$memb[$_.name] += @($group.name)
}
}
$memb
Enumerate the groups in the groups2OU, get the group members and use the distinguishedname to filter the ones in the users1OU. Create a hash table using the user name as the key, and accumulate a collection of group names as the value.
When you're done, loop through the hashtable keys, and output the user name (key) and group memberships (value) in whatever report format you want.
Upvotes: 3
Related Questions
- How to get all groups that a user is a member of?
- Powershell : getting AD groups without members
- Get AD Group Members from AD using powershell
- How to get user name and respective group membership in active directory with powershell
- Powershell script for getting AD Group Membership for usernames
- PowerShell Check User Group Membership
- Searching for AD Group Membership
- Powershell command to compare AD user group memberships to a baseline
- powershell to list multiple AD groups membership
- List group memberships for AD users