Comparing group membership

A question on the forum asked about comparing the memberships of two groups & displaying information about the users that are in both. The normal reaction is that you have to iterate through the two groups but then I remembered Compare-Object and came up with this

$group1 = Get-ADGroupMember -Identity ADL-group1 | select SamAccountName            
            
$group2 = Get-ADGroupMember -Identity ADL-group2 | select SamAccountName            
            
Compare-Object -ReferenceObject $group1 -DifferenceObject $group2 -IncludeEqual |             
where SideIndicator -eq "==" |            
foreach {            
 $sam = ($_.InputObject).SamAccountName             
             
 Get-ADUser -Identity $sam -Properties *            
            
}

Get the group membership of each group into a variable – I’m using the Microsoft cmdlets and just selecting the samaccountname to compare.

Using Compare-Object I used the –IncludeEqual parameter to make sure I got the matches and then filtered on the SideIndicator value of “==” .  That gets me the matches.

I then loop through them and use Get-ADUser to pull back the properties I need.

If you want to do this with the quest cmdlets use distinguished name instead of samaccountname

Published Mon, Dec 3 2012 22:58 by RichardSiddaway
Filed under:

Leave a Comment

(required) 
(required) 
(optional)
(required) 
If you can't read this number refresh your screen
Enter the numbers above: