Reputation: 127
How to iterate through user's group membership and return user if they are a member of a list of groups
I have a large number of samAccountNames in a csv that I need to write a script that checks each user and sees if they are a member of any of 3 AD groups. I tried a script that searches through the groups and then finds the user, but I run into issues where the groups contain too many members which throws an error.
I tried looping through each user and pulling group membership, but I think I don't know how to properly search for a value in an array, or at least I think that is my problem
This is what I want:
#Groups to look for
$groups = 'Group1', 'Group2', 'Group3'
#Import users to check from a csv file
Import-Csv "$PSScriptroot\Users.csv" | ForEach-Object {
#define users variable
$users = $_."samAccountName"
foreach ($user in $users) {
#Get all groups that the $user is a member of
$membership = Get-ADPrincipalGroupMembership $user | select name
foreach ($group in $groups) {
#Check if $group is in $membership
}
}
}
#export a new csv of all $users who were found to be in an $groups
Looking for any help on how to accomplish this. Thanks!
Upvotes: 0
Views: 1881
Answers (1)
Reputation: 7057
Considering it's your intent to re-export to CSV, you need to think about adding Boolean columns (properties) that represent the user's membership in a given group.
I didn't test this, but it's an idea:
# Groups to look for
$groups = 'Group1', 'Group2', 'Group3'
# Import users to check from a csv file
Import-Csv "$PSScriptroot\Users.csv" |
ForEach-Object {
# Get all groups that the $user is a member of
$membership = (Get-ADPrincipalGroupMembership $_.samAccountName).Name
$_ |
Select-Object *,
@{Name = 'Group1'; Expression = { 'Group1' -in $membership }},
@{Name = 'Group2'; Expression = { 'Group2' -in $membership }},
@{Name = 'Group3'; Expression = { 'Group3' -in $membership }}
} |
Export-Csv -Path "$PSScriptroot\Users_New.csv" -NoTypeInformation
In this case, we're adding properties to the objects produced by Import-Csv. Property's value will be True/False respective to the membership received from Get-ADUserPrincipalGroupMembership. Then, immediately create a new CSV file.
You could also go in the other direction by preloading the membership of the groups and checking the users against those stored lists. Again untested bu that may look something like:
$Members =
@{
Group1 = (Get-ADGroupMember 'Group1').samAccountName
Group2 = (Get-ADGroupMember 'Group2').samAccountName
Group3 = (Get-ADGroupMember 'Group3').samAccountName
}
Import-Csv "$PSScriptroot\Users.csv" |
Select-Object *,
@{Name = 'Group1'; Expression = { $_.samAccountName -in $Members['Group1'] }},
@{Name = 'Group2'; Expression = { $_.samAccountName -in $Members['Group2'] }},
@{Name = 'Group3'; Expression = { $_.samAccountName -in $Members['Group3'] }} |
Export-Csv -Path "$PSScriptroot\Users_New.csv" -NoTypeInformation
This has the added advantage of being able to interrogate the group membership recusively. Simply add the -Recursive switch parameter to the Get-ADGroupMember command.
Upvotes: 1
Related Questions
- Grabbing Specific AD Groups that a User is a Member Of
- How to get all groups that a user is a member of?
- Check if the user is a member of a list of AD groups
- Return list of ad accounts and check if member of group
- Script To extract a list of AD Groups a USER is a Member OF
- See if a any of a list of users, is a member of an AD group
- How to check a list of groups to see if there are members
- PowerShell: Get all groups a member belongs to, include group type
- List group memberships for AD users
- How to loop through Active Directory group members in Powershell