In day by day life there are loads state of affairs the place it’s important to copy members of AD teams, or checking if somebody is member of an AD group. Due to this fact I created this blogpost to supply a small help doing this duties by way of powershell.
Operate to test consumer Group Membership
Here’s a brief perform checking if an consumer is member of a particular group:
perform Examine-UserInGroup {
[CmdletBinding()]
param (
[Parameter(
Mandatory=$true,
Position=0)]
[string] $samaccount,
[Parameter(Mandatory=$true)]
[string] $groupsamaccount
)
$consumer = $samaccount
$group = "$groupsamaccount"
[string]$memberofs = Get-ADuser -Id "$consumer" -Properties MemberOf | Choose-Object MemberOf -ExpandProperty MemberOf
If ($memberofs -match $group) {
return $true
} Else {
return $false
}
}
How can I take advantage of this perform? Here’s a brief instance:
$membergroupb = Examine-UserInGroup -samaccount "user-a" -groupsamaccount "group-b"
if($membergroupb -eq $false){
Add-ADGroupMember -identity "group-b" -members "user-a"
}
First line checks if the consumer is member or not (TRUE or FALSE), and with the IF you’ll be able to add an motion if the consumer is just not a member (for instance including)
Listing all teams of particular consumer
If you wish to get all groupmemberships from one particular consumer you need to use this sort of onliner:
Get-ADPrincipalGroupMembership -Id USERSAMACCOUNTNAME | choose SamAccountName,identify
If you wish to exclude some particular teams, there may be an extension you’ll be able to add to the command above:
Get-ADPrincipalGroupMembership -Id USERSAMACCOUNTNAME | choose SamAccountName,identify |the place{$_.identify -ne "SAMACCOUNTGROUPNOTWANTED"} | kind identify
#a number of teams not needed
Get-ADPrincipalGroupMembership -Id USERSAMACCOUNTNAME | choose SamAccountName,identify |the place{$_.identify -ne "SAMACCOUNTGROUPNOTWANTED" -and $_.identify -ne "SAMACCOUNTANOTHERGROUP" } | kind identify
Operate test if an AD group exists
Checking if an AD group exists already within the present AD
perform Examine-Groupexists {
[CmdletBinding()]
param (
[Parameter(
Mandatory=$true,
Position=0)]
[string] $groupname,
[Parameter(Mandatory=$true)]
[string] $dc
)
$gn = $groupname
$domaincontroller = $dc
$groupexists = $(attempt {Get-ADGroup -Filter "SamAccountName -eq '$gn'"} catch {$null})
If ($groupexists) {
return $true
} Else {
return $false
}
}
How one can use this perform? See this expample.
$grpname = "NEWADGROUPNAME"
$DC = "DOMAINCONTROLLER"
if(Examine-Groupexists -groupname $grpname -dc $DC)
{
Write-Host "$grpname already exists!" -ForegroundColor Yellow
}
else{
Write-Host "$grpname accessible..." -ForegroundColor Inexperienced
New-ADGroup -SamAccountName "$grpname" -DisplayName "$grpname" -Server "$DC" -GroupScope World -Identify "$grpname" -Description "DESCRIPTION" -Path "distinguished identify to OU"
}
This brief script checks if the identify of the group is on the market, and if its not used it creates a brand new AD group
Have enjoyable with this powershell capabilities an small scripts. If you happen to preferred this text please click on on useful.
