0

I am looking to create a script which will only show users in an OU who are members of "non-standard" groups.

For example, all users in the "Accounting" OU will be members of at least one group with "Accounting" in its name. Example: "XYZ-Accounting-Global". This is our standard group naming. Those users with only "Accounting" group memberships can be skipped.

I would like to target only those users in the OU which are members of any non-standard group for that OU.

  • Example: User is in the "Accounting" OU, and is a member of "XYZ-Accounting-Global", BUT is also a member of "XYZ-Payroll-Global".

So far, I have come up with this:

$domain = "DC=company,DC=com"

$dept = read-host "What is the DEPT. name?"

Get-ADuser -SearchBase "OU=$dept,OU=Users,OU=company,$domain" -Filter * -properties memberof | Where-Object {!($_.memberof -like "*$dept*")}

This isn't working correctly though. It seems to be returning those users who are not members of a group with the $dept name in it. Unfortunately, I do not know how to fix this.

Any help is appreciated. Thank you.

krisFR
  • 13,280
  • 4
  • 36
  • 42
user201727
  • 1
  • 1

1 Answers1

1

It seems to be returning those users who are not members of a group with the $dept name in it

This is certainly because of the ! you use in your Where-Object filter, which means not.

Try removing the exclamation mark :

Where-Object {($_.memberof -like "*$dept*")}

Edit

Regarding your comment, you could try :

Where-Object {($_.memberof -notlike "*$dept*")}
krisFR
  • 13,280
  • 4
  • 36
  • 42
  • Hi. Thanks for the reply. I had tried removing the "!" before, but when I do that, it returns ALL of the user objects in the OU. I'm really just trying to return those users with group memberships that do NOT contain the name of their dept ($dept). – user201727 Feb 20 '14 at 17:11
  • @user201727 Ok, i've posted an Edit – krisFR Feb 20 '14 at 17:17
  • Thanks again, but it still shows all user objects in the OU. Perhaps it is not possible for Powershell to do what I need it to do. My numerous Google searches on this have not come up with anyone who is trying to do the same thing. – user201727 Feb 20 '14 at 19:54
  • @user201727 I am sure this can be done with PowerShell. The fact is that you are not clear enough about your OU/Groups/Users architecture. Please be more precise : print-screen or text Treeview – krisFR Feb 20 '14 at 22:27