Prologue

Ace Fekay here again.

You might say to yourself this is some really simple stuff. Sure, it might be, for the pro. As many of you know, I’m an avid Active Directory and Exchange server engineer/architect, and an MVP in Active Directory.

Therefore with AD, Exchange, and Office 365, you will find that scripting comes into play more and more with your daily tasks. The main reason I’m posting simple scripts is that to get the job done, I just needed an arsenal of simple quickie scripts when called upon a simple task, such as this one, when tasked to quickly get a list of users in a group.

I hope this, and my future scripts, especially with Office 365, help you out.

Scope

I needed to get a user membership list from a global group called, “Marketing Dept,” into a CSV. Group scope doesn’t matter. I just need a list of the members because the share owner that the group is controlling access, needed a list to ensure that it’s current and to clean up any disabled accounts from users that have left the company.

And yes, this is simple stuff. The main reason I’m posting this, and I will be posting much more, including Office 365 scripts, is that I had to look it up and there is no one place to get all of this at the simple level. All I see are elaborate scripts that do more than what I needed. Hence, my posts.

Summary

I hope this helps!

Published 8/17/2015

Ace Fekay
MVP, MCT, MCSE 2012, MCITP EA & MCTS Windows 2008/R2, Exchange 2013, 2010 EA & 2007, MCSE & MCSA 2003/2000, MCSA Messaging 2003
Microsoft Certified Trainer
Microsoft MVP – Directory Services

This posting is provided AS-IS with no warranties or guarantees and confers no rights.

Prologue

Ace here again. Yep, me again. I’ve been on the sidelines lately with a big mail migration, then changed roles to the AD and Windows management side of things.

Part of what I do is perform necessary file maintenance (FSRM, DFS, fileserver migration, etc.), and of course, respond to tickets for requests or issues.

One request that came in was for 16 new users that are to have identical group memberships as a current user. I looked at the group membership of the user in question and saw he was part of 11 or 12 groups. Hmm, and he wants this done for 16 users? I could sit there and add group to each user one at a time. Nah, too much work.

So I thought to try to do it programmatically, because who knows when this will come up again.

Script

It’s pretty straight forward.

#===========================================================================================
# This was created for a ticket request to mimic one user, SomeSamAccountUsername, group membership to add to a list of user accounts.
# By Ace Fekay 7/15/2015
#
# First, get a memberOf for SomeSamAccountUsername and save it to a file called c:\PSScripts\SomeSamAccountUsername-grouplist.txt
#     Run Get-QADMemberOf SomeSamAccountUsername
#
#     Copy and paste the output from the screen to the file
#     In the file, keep the DN values and delete everything else.
#
# Second, get a list of the user accounts that you want adjusted from the ticket owner
#     Then save the list in another text file called c:\PSscripts\Usernames.txt
#     Prefix the user accounts with the domain name, such as philly\username
#
# Third, read the first user in the list, then add the groups to that user, then read the next user in the list, repeat.
#===========================================================================================

# The next line adds all of the Quest tools.

Add-PSSnapIn Quest *
Get-QADMemberOf SomeSamAccountUsername

#===========================================================================================
# Sample output from Get-QADMemberOf SomeSamAccountUsername:
#===========================================================================================
#
#Name                           Type            DN
##
#Domain Users                   group           CN=Domain Users,OU=IT,DC=philly,DC=contoso,DC=com
#Deployment Technician          group           CN=Deployment Technician,OU=IT,DC=philly,DC=contoso,DC=com
#Desktop-Technician             group           CN=Desktop-Technician,OU=IT,DC=philly,DC=contoso,DC=com
#AddComputerToDomain            group           CN=AddComputerToDomain,OU=IT,DC=philly,DC=contoso,DC=com
#Vendor-A-contractors           group           CN=Vendor-A-contractors,OU=IT,DC=philly,DC=contoso,DC=com
#General-Group                  group           CN=General-Group,OU=IT,DC=philly,DC=contoso,DC=com
#Wireless-Users                 group           CN=Wireless-Users,OU=IT,DC=philly,DC=contoso,DC=com
#Group-B                        group           CN=Group-B,OU=IT,DC=philly,DC=contoso,DC=com
#IT-Staff                       group           CN=IT-Staff,OU=IT,DC=philly,DC=contoso,DC=com
#IT-Admins                      group           CN=IT-Admins,OU=IT,DC=philly,DC=contoso,DC=com
#IT-Technicians                 group           CN=IT-Technicianss,OU=IT,DC=philly,DC=contoso,DC=com
#Client-Support                 group           CN=Client-Support,OU=IT,DC=philly,DC=contoso,DC=com

# #=================================================================================================
# Sample of what C:\PSScripts\groupmembership\SomeSamAccountUsername-grouplist.txt will look like:
# #=================================================================================================
# CN=Domain Users,OU=IT,DC=philly,DC=contoso,DC=com
# CN=Deployment Technician,OU=IT,DC=philly,DC=contoso,DC=com
# CN=Desktop-Technician,OU=IT,DC=philly,DC=contoso,DC=com
# CN=AddComputerToDomain,OU=IT,DC=philly,DC=contoso,DC=com
# CN=Vendor-A-contractors,OU=IT,DC=philly,DC=contoso,DC=com
# CN=General-Group,OU=IT,DC=philly,DC=contoso,DC=com
# CN=Wireless-Users,OU=IT,DC=philly,DC=contoso,DC=com
# CN=Group-B,OU=IT,DC=philly,DC=contoso,DC=com
# CN=IT-Staff,OU=IT,DC=philly,DC=contoso,DC=com
# CN=IT-Admins,OU=IT,DC=philly,DC=contoso,DC=com
# CN=IT-Technicians,OU=IT,DC=philly,DC=contoso,DC=com
# CN=Client-Support,OU=IT,DC=philly,DC=contoso,DC=com
#=================================================================================================

#===========================================================================================
# Sample of what C:\PSScripts\groupmembership\List-Of-Usernames.txt username list will look like:
#==========================================================================================
# philly\username1
# philly\username2
# philly\username3
# philly\username4
# philly\username5
# philly\username6
# philly\username7
# philly\username8
# philly\username9
# philly\username10
# philly\username11
# philly\username12
# philly\username13
# philly\username14
# philly\username15
# philly\username16
#==========================================================================================

$GroupList = get-content C:\PSScripts\groupmembership\SomeSamAccountUsername-grouplist.txt
$UsernameList = get-content C:\PSScripts\groupmembership\List-Of-Usernames.txt

# Now pull in each user one a time:
Foreach ($Username in $UsernameList)
{

# Now pull in each group one at a time and add them to the user
   Foreach ($Group in $GroupList)

# Add the group to the user
    {
    Add-QADGroupMember -Identity $Group -Member $Username

# Write out on the screen what username is and what group they were added to:
    write-host $Username “has been added to ” $Group

# Repeat for next group until all groups are done.
   }

# Repeat for the next user
}
#===========================================================================================
# That’s it!
#===========================================================================================