locked
GET-ADGROUP to search for more than one group RRS feed

 > 

  • Question

  • Question
    Sign in to vote
    0
    Sign in to vote

    I want to use Powershell to query Active Directory to find out if a random string of groups exist or not.  I can use this to find out about one:  get-adgroup -identity BKR-ASSOC-MAD, but how do I search for a bunch of them?  I will want to search for exact matches on the names.  The only results I care about are whether they exist or not.

    I know you're supposed to use -filter or -ldapfilter but I just can't figure out what the syntax should look like and I can't find any good examples.  I tried something like get-adgroup -filter {groupname -eq "bkr-assoc-mad" -and (I also tried -or) "bkr-assoc-mke"} but that didn't work.

    In case you need to know more:  I've written a program which will create users in Active Directory and also add them to several groups.  The groupnames are generated by a series of Ifs and are put into a string which is formatted correctly to be used with Add-ADPrincipalGroupMembership -memberof.  Yesterday when I tested I'd included a groupname which didn't exist and as a result, none of the groups were added for that user.  I know I can use an error thingy to have it ignore that and continue on, but I decided it would be a good idea to check ahead of time to see what does and what doesn't exist.  That way I can determine if my code needs updating.

    Thursday, June 20, 2013 3:48 PM

Answers

  • Question
    Sign in to vote
    2
    Sign in to vote

    You can add the list of group names you are looking for into an array, or easier would be a text file, so you can change easier, then loop through that list and see if they exist.

    Get-Content C:\GroupNames.txt | ForEach-Object {
  try
  {
    If (Get-ADGroup $_)
    {
      Write-Host "$_ exists."
    }
  }
  catch
  {
    $group = $_.TargetObject
    Write-Host "$group Doesn't exist"
  }
}

    If you find that my post has answered your question, please mark it as the answer. If you find my post to be helpful in anyway, please click vote as helpful.


    • Edited by clayman2 Thursday, June 20, 2013 4:03 PM Modified code
    • Marked as answer by Anon-a-Mouse Thursday, June 20, 2013 6:58 PM
    Thursday, June 20, 2013 4:00 PM
  • Question
    Sign in to vote
    0
    Sign in to vote

    Hi,

    Another solution : 

    import-module ActiveDirectory

$user = Get-ADUser userAccount

$groups = @("domain Admins"; "test")

foreach($group in $groups) {
    if(get-adgroup -filter {Name -eq $group})
    {        
        Add-ADPrincipalGroupMembership -Identity $user -MemberOf $group
        write-host ("user Added to " + $group + " group")
    }
    Else 
    { 
        Write-Host ("Group : " + $group + " does not exists")
    }
}

    Regards,

    Régis

    • Proposed as answer by Régis Lainé Thursday, June 20, 2013 4:08 PM
    • Marked as answer by Yan Li_ Tuesday, June 25, 2013 5:57 AM
    Thursday, June 20, 2013 4:08 PM

All replies

  • Question
    Sign in to vote
    1
    Sign in to vote

    I'd run the Get-ADGroup just before the Add-ADPrincipalGroupMembership.

    Something like this should work:

    if(get-adgroup -filter {groupname -eq "bkr-assoc-mad"}){
    Add-ADPrincipalGroupMembership .....
}

    Karl

    When you see answers and helpful posts, please click Vote As Helpful, Propose As Answer, and/or Mark As Answer


    My Blog: http://unlockpowershell.wordpress.com
    My Book: Windows PowerShell 2.0 Bible
    My E-mail: -join ("6B61726C6D69747363686B65406D742E6E6574"-split"(?<=\G.{2})",19|%{[char][int]"0x$_"})

    Thursday, June 20, 2013 3:55 PM
  • Question
    Sign in to vote
    1
    Sign in to vote

    or perhaps:

    foreach ($group in $randomInputgroups){
    if(get-adgroup -filter {groupname -eq $group}){
        Add-ADPrincipalGroupMembership .....
    }
}

    Karl

    When you see answers and helpful posts, please click Vote As Helpful, Propose As Answer, and/or Mark As Answer


    My Blog: http://unlockpowershell.wordpress.com
    My Book: Windows PowerShell 2.0 Bible
    My E-mail: -join ("6B61726C6D69747363686B65406D742E6E6574"-split"(?<=\G.{2})",19|%{[char][int]"0x$_"})

    Thursday, June 20, 2013 3:59 PM
  • Question
    Sign in to vote
    2
    Sign in to vote

    You can add the list of group names you are looking for into an array, or easier would be a text file, so you can change easier, then loop through that list and see if they exist.

    Get-Content C:\GroupNames.txt | ForEach-Object {
  try
  {
    If (Get-ADGroup $_)
    {
      Write-Host "$_ exists."
    }
  }
  catch
  {
    $group = $_.TargetObject
    Write-Host "$group Doesn't exist"
  }
}

    If you find that my post has answered your question, please mark it as the answer. If you find my post to be helpful in anyway, please click vote as helpful.


    • Edited by clayman2 Thursday, June 20, 2013 4:03 PM Modified code
    • Marked as answer by Anon-a-Mouse Thursday, June 20, 2013 6:58 PM
    Thursday, June 20, 2013 4:00 PM
  • Question
    Sign in to vote
    0
    Sign in to vote

    Hi,

    Another solution : 

    import-module ActiveDirectory

$user = Get-ADUser userAccount

$groups = @("domain Admins"; "test")

foreach($group in $groups) {
    if(get-adgroup -filter {Name -eq $group})
    {        
        Add-ADPrincipalGroupMembership -Identity $user -MemberOf $group
        write-host ("user Added to " + $group + " group")
    }
    Else 
    { 
        Write-Host ("Group : " + $group + " does not exists")
    }
}

    Regards,

    Régis

    • Proposed as answer by Régis Lainé Thursday, June 20, 2013 4:08 PM
    • Marked as answer by Yan Li_ Tuesday, June 25, 2013 5:57 AM
    Thursday, June 20, 2013 4:08 PM