locked
GET-ADGROUP to search for more than one group RRS feed

  • Question

  • I want to use Powershell to query Active Directory to find out if a random string of groups exist or not.  I can use this to find out about one:  get-adgroup -identity BKR-ASSOC-MAD, but how do I search for a bunch of them?  I will want to search for exact matches on the names.  The only results I care about are whether they exist or not.

    I know you're supposed to use -filter or -ldapfilter but I just can't figure out what the syntax should look like and I can't find any good examples.  I tried something like get-adgroup -filter {groupname -eq "bkr-assoc-mad" -and (I also tried -or) "bkr-assoc-mke"} but that didn't work.

    In case you need to know more:  I've written a program which will create users in Active Directory and also add them to several groups.  The groupnames are generated by a series of Ifs and are put into a string which is formatted correctly to be used with Add-ADPrincipalGroupMembership -memberof.  Yesterday when I tested I'd included a groupname which didn't exist and as a result, none of the groups were added for that user.  I know I can use an error thingy to have it ignore that and continue on, but I decided it would be a good idea to check ahead of time to see what does and what doesn't exist.  That way I can determine if my code needs updating.

    Thursday, June 20, 2013 3:48 PM

Answers

  • You can add the list of group names you are looking for into an array, or easier would be a text file, so you can change easier, then loop through that list and see if they exist.

    Get-Content C:\GroupNames.txt | ForEach-Object {
      try
      {
        If (Get-ADGroup $_)
        {
          Write-Host "$_ exists."
        }
      }
      catch
      {
        $group = $_.TargetObject
        Write-Host "$group Doesn't exist"
      }
    }


    If you find that my post has answered your question, please mark it as the answer. If you find my post to be helpful in anyway, please click vote as helpful.


    • Edited by clayman2 Thursday, June 20, 2013 4:03 PM Modified code
    • Marked as answer by Anon-a-Mouse Thursday, June 20, 2013 6:58 PM
    Thursday, June 20, 2013 4:00 PM
  • Hi,

    Another solution :

    import-module ActiveDirectory
    
    $user = Get-ADUser userAccount
    
    $groups = @("domain Admins"; "test")
    
    foreach($group in $groups) {
        if(get-adgroup -filter {Name -eq $group})
        {        
            Add-ADPrincipalGroupMembership -Identity $user -MemberOf $group
            write-host ("user Added to " + $group + " group")
        }
        Else 
        { 
            Write-Host ("Group : " + $group + " does not exists")
        }
    }

    Regards,

    Régis

    • Proposed as answer by Régis Lainé Thursday, June 20, 2013 4:08 PM
    • Marked as answer by Yan Li_ Tuesday, June 25, 2013 5:57 AM
    Thursday, June 20, 2013 4:08 PM

All replies

  • I'd run the Get-ADGroup just before the Add-ADPrincipalGroupMembership.

    Something like this should work:

    if(get-adgroup -filter {groupname -eq "bkr-assoc-mad"}){
        Add-ADPrincipalGroupMembership .....
    }

    Karl


    When you see answers and helpful posts, please click Vote As Helpful, Propose As Answer, and/or Mark As Answer



    My Blog: http://unlockpowershell.wordpress.com
    My Book: Windows PowerShell 2.0 Bible
    My E-mail: -join ("6B61726C6D69747363686B65406D742E6E6574"-split"(?<=\G.{2})",19|%{[char][int]"0x$_"})

    Thursday, June 20, 2013 3:55 PM
  • or perhaps:

    foreach ($group in $randomInputgroups){
        if(get-adgroup -filter {groupname -eq $group}){
            Add-ADPrincipalGroupMembership .....
        }
    }

    Karl

    When you see answers and helpful posts, please click Vote As Helpful, Propose As Answer, and/or Mark As Answer



    My Blog: http://unlockpowershell.wordpress.com
    My Book: Windows PowerShell 2.0 Bible
    My E-mail: -join ("6B61726C6D69747363686B65406D742E6E6574"-split"(?<=\G.{2})",19|%{[char][int]"0x$_"})

    Thursday, June 20, 2013 3:59 PM
  • You can add the list of group names you are looking for into an array, or easier would be a text file, so you can change easier, then loop through that list and see if they exist.

    Get-Content C:\GroupNames.txt | ForEach-Object {
      try
      {
        If (Get-ADGroup $_)
        {
          Write-Host "$_ exists."
        }
      }
      catch
      {
        $group = $_.TargetObject
        Write-Host "$group Doesn't exist"
      }
    }


    If you find that my post has answered your question, please mark it as the answer. If you find my post to be helpful in anyway, please click vote as helpful.


    • Edited by clayman2 Thursday, June 20, 2013 4:03 PM Modified code
    • Marked as answer by Anon-a-Mouse Thursday, June 20, 2013 6:58 PM
    Thursday, June 20, 2013 4:00 PM
  • Hi,

    Another solution :

    import-module ActiveDirectory
    
    $user = Get-ADUser userAccount
    
    $groups = @("domain Admins"; "test")
    
    foreach($group in $groups) {
        if(get-adgroup -filter {Name -eq $group})
        {        
            Add-ADPrincipalGroupMembership -Identity $user -MemberOf $group
            write-host ("user Added to " + $group + " group")
        }
        Else 
        { 
            Write-Host ("Group : " + $group + " does not exists")
        }
    }

    Regards,

    Régis

    • Proposed as answer by Régis Lainé Thursday, June 20, 2013 4:08 PM
    • Marked as answer by Yan Li_ Tuesday, June 25, 2013 5:57 AM
    Thursday, June 20, 2013 4:08 PM