Comparing group membership

A question on the forum asked about comparing the memberships of two groups & displaying information about the users that are in both. The normal reaction is that you have to iterate through the two groups but then I remembered Compare-Object and came up with this

$group1 = Get-ADGroupMember -Identity ADL-group1 | select SamAccountName            
$group2 = Get-ADGroupMember -Identity ADL-group2 | select SamAccountName            
Compare-Object -ReferenceObject $group1 -DifferenceObject $group2 -IncludeEqual |             
where SideIndicator -eq "==" |            
foreach {            
 $sam = ($_.InputObject).SamAccountName             
 Get-ADUser -Identity $sam -Properties *            

Get the group membership of each group into a variable – I’m using the Microsoft cmdlets and just selecting the samaccountname to compare.

Using Compare-Object I used the –IncludeEqual parameter to make sure I got the matches and then filtered on the SideIndicator value of “==” .  That gets me the matches.

I then loop through them and use Get-ADUser to pull back the properties I need.

If you want to do this with the quest cmdlets use distinguished name instead of samaccountname

This entry was posted in PowerShell and Active Directory. Bookmark the permalink.

One Response to Comparing group membership

  1. cavallogolooso says:

    Reblogged this on Depresso Gioioso.

Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s