Categories

Comparing group membership

A question on the forum asked about comparing the memberships of two groups & displaying information about the users that are in both. The normal reaction is that you have to iterate through the two groups but then I remembered Compare-Object and came up with this

$group1 = Get-ADGroupMember -Identity ADL-group1 | select SamAccountName            
            
$group2 = Get-ADGroupMember -Identity ADL-group2 | select SamAccountName            
            
Compare-Object -ReferenceObject $group1 -DifferenceObject $group2 -IncludeEqual |             
where SideIndicator -eq "==" |            
foreach {            
 $sam = ($_.InputObject).SamAccountName             
             
 Get-ADUser -Identity $sam -Properties *            
            
}


Get the group membership of each group into a variable – I’m using the Microsoft cmdlets and just selecting the samaccountname to compare.



Using Compare-Object I used the –IncludeEqual parameter to make sure I got the matches and then filtered on the SideIndicator value of “==” .  That gets me the matches.



I then loop through them and use Get-ADUser to pull back the properties I need.



If you want to do this with the quest cmdlets use distinguished name instead of samaccountname

Leave a Reply

Your email address will not be published. Required fields are marked *

You may use these HTML tags and attributes: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <strike> <strong>