header image

Finding users who are NOT in one of a set of groups

Posted by: | May 6, 2011 | No Comment |

I was asked an interesting question today.  Can we find out which users are NOT members of any of the groups in a particular list?

As usual the answer is yes of course. I then sat down to research the answer. Discovering is a user is in a particular group is easy but I found the reverse question wasn’t as difficult to answer as I’d first thought.

First we identify the groups
Get-QADGroup "sw i*"

 

This means we can check we are dealing with the right groups.  We can then put them into a variable
$groups = Get-QADGroup "sw i*"

We then get the users
Get-QADUser -SizeLimit 0 -SearchRoot "OU-name" -notmemberof $groups | select Name, samaccountname, DN | export-csv users.csv -NoTypeInformation

The –notmemberof parameter makes this so easy.

under: PowerShell and Active Directory