Displaying AD groups where a user account is member of?
Posted: Wed Feb 05, 2020 8:28 pm
People,
I need someone to assist in fixing the logic in my current script below where it should show MemberOf = Yes or True for specific name patterns that is Member of specific sets of AD groups:
The script above always shows MemberOf = False even when the user account Administrator is a member of those AD groups I mentioned.
I need someone to assist in fixing the logic in my current script below where it should show MemberOf = Yes or True for specific name patterns that is Member of specific sets of AD groups:
Code: Select all
function Get-CanonicalName ([string[]]$DistinguishedName) {
foreach ($dn in $DistinguishedName) {
$d = $dn.Split(',') ## Split the dn string up into it's constituent parts
$arr = (@(($d | Where-Object { $_ -notmatch 'DC=' }) | ForEach-Object { $_.Substring(3) })) ## get parts excluding the parts relevant to the FQDN and trim off the dn syntax
[array]::Reverse($arr) ## Flip the order of the array.
## Create and return the string representation in canonical name format of the supplied DN
"{0}/{1}" -f (($d | Where-Object { $_ -match 'dc=' } | ForEach-Object { $_.Replace('DC=', '') }) -join '.'), ($arr -join '/')
}
}
$groups = 'IT Team', 'Production Access', 'Global DL', 'Local Admins'
$users = Get-ADUser -Filter {(Name -like "*Administrator*")}
ForEach ($group in $groups) {
$members = Get-ADGroupMember -Identity $group | Select-Object -ExpandProperty SamAccountName
Compare-Object -ReferenceObject $members -DifferenceObject $users -IncludeEqual |
Where-Object { '==', '=>' -contains $_.SideIndicator } |
Select-Object -Property @{n = 'SamAccountName'; e = { Get-CanonicalName($_.InputObject) } },
@{n = 'GroupName'; e = { $group } },
@{n = 'MemberOf'; e = { $_.SideIndicator -eq '==' } } | Format-Table -AutoSize
}