AD Groups Script Examples (PowerShell): Difference between revisions
Jump to navigation
Jump to search
(Initial creation) |
(Added "Compare Group Members") |
||
Line 35: | Line 35: | ||
} | } | ||
} | } | ||
</source> | |||
== Compare Group Members == | |||
This script creates a table of all the members of some groups. This enables you to compare a number of groups side by side in a flexible grid. | |||
<source lang="powershell"> | |||
$GroupNames = @() | |||
$GroupNames += "Group A" | |||
$GroupNames += "Group B" | |||
$GroupNames += "Group C" | |||
$GroupNames += "Group D" | |||
Import-Module ActiveDirectory | |||
# Create table for output | |||
$table = New-Object system.Data.DataTable "Groups" | |||
$col1 = New-Object system.Data.DataColumn Signum,([string]) | |||
$col2 = New-Object system.Data.DataColumn Name,([string]) | |||
$table.columns.add($col1) | |||
$table.columns.add($col2) | |||
# Add columns for each group | |||
foreach ($GroupName in $GroupNames) { | |||
$table.columns.add((New-Object system.Data.DataColumn $GroupName,([bool]))) | |||
} | |||
# Go through each group | |||
foreach ($GroupName in $GroupNames) { | |||
Write-Host "Getting members of $GroupName..." | |||
$GroupMembers = Get-ADGroupMember $GroupName | |||
foreach ($user in $GroupMembers) { | |||
if ($user.objectClass -ne "user") { | |||
# Add handling for groups here ! | |||
Continue | |||
} | |||
# Check if row already exists for user, otherwise create a new row | |||
$row = $table.Select("Signum = '" + $user.SamAccountName + "'") | |||
if ($row.count) { | |||
$row[0][$GroupName] = $true | |||
} else { | |||
$row = $table.NewRow() | |||
$row.Signum = $user.SamAccountName | |||
$row.Name = $user.name | |||
$row[$GroupName]= $true | |||
$table.Rows.Add($row) | |||
} | |||
} | |||
} | |||
$table.AcceptChanges() | |||
$table | Select -ExcludeProperty RowError, RowState, Table, ItemArray, HasErrors | Out-GridView -Title "Group Compare results" | |||
</source> | </source> | ||
[[Category:PowerShell]] | [[Category:PowerShell]] | ||
[[category:Active Directory]] | [[category:Active Directory]] |
Latest revision as of 13:24, 21 June 2013
Group Member Deduplication
This script is for use when you want to remove users/members from one group that also exist in another. It gets a list of users from both groups and then compares, removing duplicates from one of the groups.
$RefGroupName = "Group A" # Reference group (which isn't touched)
$ModGroupName = "Group B" # Group to have users removed from if they exist in the above group
$MakeChanges = $true # Set to $false to see what would be done
$cred = Get-Credential -Message "Domain Admin user/pass"
Import-Module ActiveDirectory
$RefGroup = Get-ADGroup $RefGroupName
$RefGroupMembers = Get-ADGroupMember $RefGroup
$ModGroup = Get-ADGroup $ModGroupName
$ModGroupMembers = Get-ADGroupMember $ModGroupName
foreach ($user in $ModGroupMembers) {
if ($user.objectClass -ne "user") {
Write-Host ("Skipping non-user " + $user.Name)
Continue
}
if ($RefGroupMembers | ?{$_.SamAccountName -eq $user.SamAccountName}) {
Write-Host ($user.SamAccountName + " (" + $user.Name + ") exists in both groups")
if ($MakeChanges) {
Remove-ADGroupMember -Identity $ModGroup -Members $user -Confirm:$false -Credential $cred
Write-Host ($user.SamAccountName + " (" + $user.Name + ") removed from $ModGroupName")
}
} else {
Write-Host ($user.SamAccountName + " (" + $user.Name + ") exists in only $ModGroupName")
}
}
Compare Group Members
This script creates a table of all the members of some groups. This enables you to compare a number of groups side by side in a flexible grid.
$GroupNames = @()
$GroupNames += "Group A"
$GroupNames += "Group B"
$GroupNames += "Group C"
$GroupNames += "Group D"
Import-Module ActiveDirectory
# Create table for output
$table = New-Object system.Data.DataTable "Groups"
$col1 = New-Object system.Data.DataColumn Signum,([string])
$col2 = New-Object system.Data.DataColumn Name,([string])
$table.columns.add($col1)
$table.columns.add($col2)
# Add columns for each group
foreach ($GroupName in $GroupNames) {
$table.columns.add((New-Object system.Data.DataColumn $GroupName,([bool])))
}
# Go through each group
foreach ($GroupName in $GroupNames) {
Write-Host "Getting members of $GroupName..."
$GroupMembers = Get-ADGroupMember $GroupName
foreach ($user in $GroupMembers) {
if ($user.objectClass -ne "user") {
# Add handling for groups here !
Continue
}
# Check if row already exists for user, otherwise create a new row
$row = $table.Select("Signum = '" + $user.SamAccountName + "'")
if ($row.count) {
$row[0][$GroupName] = $true
} else {
$row = $table.NewRow()
$row.Signum = $user.SamAccountName
$row.Name = $user.name
$row[$GroupName]= $true
$table.Rows.Add($row)
}
}
}
$table.AcceptChanges()
$table | Select -ExcludeProperty RowError, RowState, Table, ItemArray, HasErrors | Out-GridView -Title "Group Compare results"