none
Computer object memberOf RRS feed

  • Question

  • Hi,

    I've written a script which gets a list of security groups from an OU, then for each computer object in that security group it moves it to an OU that matches the name of the security group. The script works great, except when a computer object is a member of 2 security groups e.g. businessGroup-One and businessGroup-Two, then it moves it to the one which is last alphabetically. Can anyone help me write something that says:

    If computer is a member of multiple security groups with a name of "businessGroup-*" then write to file computer name and group names, otherwise move computer to OU "businessGroup-".

    I can't figure out how to basically do matching on names of groups to a defined string, in this case "businessGroup-*". I thought counting the number of groups would work but some computer objects are members of multiple non-related groups so I'd need to match on a string.

    Hope this makes sense!

    Thanks in advance
    • Edited by David4576 Monday, February 3, 2020 7:18 PM
    Monday, February 3, 2020 7:13 PM

Answers

  • This is the approximate template you need to use:

    foreach ($computer in $groupMembers) {
        $group = Get-ADComputer $computer | 
            Get-ADPrincipalGroupMembership |
            Where-Object{$_.Name -like 'group-*'}
        if($group.Count -gt 1){
           	$computer | Export-Csv MemberOfMultipleGroups.csv -Append
        } else {
        	Move-ADObject $computer -TargetPath $destOU
        	$computer | Export-Csv ComputersMoved.csv -Append
        }
    }


    \_(ツ)_/



    • Edited by jrv Monday, February 3, 2020 10:32 PM
    • Marked as answer by David4576 Monday, February 3, 2020 10:45 PM
    Monday, February 3, 2020 10:31 PM

All replies

  • Please carefully review the following links to set your expectation for posting in technical forums.


    \_(ツ)_/

    Monday, February 3, 2020 7:59 PM
  • It would be helpful to understand what you want in addition to what I've written. I can paste my code so far but I felt it was overcomplicating the request. I've tried my hardest to explain the particular aspect I'm struggling with. I'm not asking you to write a script, I'm trying to get help with a particular aspect which I'm not finding easy and can't make headway.

    Monday, February 3, 2020 8:11 PM
  • The forum requires that you ask a clear technical question.  Your question is ambiguous.    A wild card will return multiple matches if they exist,  Outside of that there is nothing else in your post that makes it possible to even begin to understand what you are asking.

    The links explain how to ask a question and how to correctly post code.  We won't write code for you and we cannot know what the issue is without your code.

    If you copied the code from the Internet and do not know how to write PS code then you will have to learn enough to understand how to ask a question that can be answered.

    If you do know how to write code then paste only the part that is an issue.

    Reread the following until you understand what it is telling you.

    How to ask questions in a technical forum


    \_(ツ)_/

    Monday, February 3, 2020 8:25 PM
  • Well I think I understand your question and your dilemma. You have a list of Security groups in an OU. You look at the members of each security group and pick out the computers in that group. You then want to move the computers in that group to an OU whose name matches that security group only if it is in one single group.

    If the computer is in two or more security groups found in this list you want to write the computer name and group name to a file and not do the move.

    Seeing your code would make it easier for the Posh experts to see what approach you are taking to retrieving and parsing the list.

    A little more explanation of your hierarchy may help as well.  Since computers can only be in one OU it looks to me like it would move the computer to the OU of the first group it finds.

    Monday, February 3, 2020 9:18 PM
  • Understood. Apologies. Let me try again.

    $baseOUForOUs = "OU=myOU,DC=contoso,DC=com"
    $baseOUForGroups = "OU=myGroups,DC=contoso,DC=com""
    
    foreach ($group in Get-ADGroup -Filter * -SearchBase $baseOUForGroups) {
    	$destOU = Get-ADOrganizationalUnit -Filter 'Name -eq $group' -SearchBase $baseOUForOUs
    	$groupMembers = Get-ADGroup $group | Get-ADGroupMember	
    	foreach ($computer in $groupMembers) {
    		$computerObj = Get-ADComputer $computer -Properties MemberOf
    		if ($computerObj.MemberOf <is a member of multiple groups which match the name 'group-*-computers'> ){
    			"$($computerObj.Name) is a member of multiple groups so can't be moved. It's a member of the following groups <$'group-group1-computers', $'group-group2-computers, $'group-group3-computers'> | Out-File MemberOfMultipleGroups.csv -Append
    		} else {
    			Move-ADObject -Identity $computerObj.distinguishedname -TargetPath $destOU
    			"Moved $computer to $destOU" | Out-File ComputersMoved.csv -Append
    		}
    	}
    }

    Thanks jrv and JRussell97 :)

    Monday, February 3, 2020 10:11 PM
  • Your code is not code that can be run.  It is missing much of the code that belongs where the comments are and doesn't tell us what code is giving you the problem.

    To get the groups for an account use "Get-AdPrincipalGroupMembership".

    This will allow you to find the computers you want.

    The code you posted appears to be a bunch of unrelated bits of code pasted together.  

    Get-AdComputer $computer | Get-ADPrincipalGroupMembership  | select name

    Now just test the results for the groups of interest.


    \_(ツ)_/

    Monday, February 3, 2020 10:22 PM
  • This is the approximate template you need to use:

    foreach ($computer in $groupMembers) {
        $group = Get-ADComputer $computer | 
            Get-ADPrincipalGroupMembership |
            Where-Object{$_.Name -like 'group-*'}
        if($group.Count -gt 1){
           	$computer | Export-Csv MemberOfMultipleGroups.csv -Append
        } else {
        	Move-ADObject $computer -TargetPath $destOU
        	$computer | Export-Csv ComputersMoved.csv -Append
        }
    }


    \_(ツ)_/



    • Edited by jrv Monday, February 3, 2020 10:32 PM
    • Marked as answer by David4576 Monday, February 3, 2020 10:45 PM
    Monday, February 3, 2020 10:31 PM
  • I don't really know what you want from me. I've literally done everything you've said. You've said:

    "If you do know how to write code then paste only the part that is an issue."

    So I've done this, I've trimmed the code and posted a brief extract, and I've added a sentence where I don't know how to code it. If I knew how to code this bit and so it'd run then I'd literally have no point in posting the question, other than look at my code, it works!?

    Not being funny but you've said it won't run, I agree, I've written some plain English to explain what I'm trying to achieve. I'm not sure how to achieve this but otherwise the code is good.

    jrv you've helped me a lot in the past so I do appreciate your time and effort and I'm trying to post as you're requesting.

    Monday, February 3, 2020 10:31 PM
  • I don't really know what you want from me. I've literally done everything you've said. You've said:

    "If you do know how to write code then paste only the part that is an issue."

    So I've done this, I've trimmed the code and posted a brief extract, and I've added a sentence where I don't know how to code it. If I knew how to code this bit and so it'd run then I'd literally have no point in posting the question, other than look at my code, it works!?

    Not being funny but you've said it won't run, I agree, I've written some plain English to explain what I'm trying to achieve. I'm not sure how to achieve this but otherwise the code is good.

    jrv you've helped me a lot in the past so I do appreciate your time and effort and I'm trying to post as you're requesting.

    I mean that if you don't know how to write any code in PowerShell.  This forum is not a place to ask people to rewrite code that you have not written and have found on the Internet.

    If you learn basic PowerShell then it will be easier to ask an understandable and logical question.  We can't guess at what you want.  You have to be technically accurate in technical forums.


    \_(ツ)_/

    Monday, February 3, 2020 10:35 PM
  • The above code is all mine, I've not found any of it on the Internet.
    Monday, February 3, 2020 10:43 PM
  • The above code is all mine, I've not found any of it on the Internet.

    Sorry but the code does not help to explain what you are trying to do.  YOu have to have a clear and logocal english language description of a task before you can program it.  Your description is faulty and missing key disambiguating inflormation.  Try to think it through a nd state clearly in English what it is you are trying to do.

    The best guess I can make I posted above but that is just a best guess.  You have to clarify your ask.


    \_(ツ)_/

    Monday, February 3, 2020 10:47 PM
  • Understood, thanks for your input. I can figure the rest out now from your code and how you've done it.

    Appreciate your time :)

    Monday, February 3, 2020 10:49 PM
  • You need to decide what you want to output.  Adding a CSV extension to a file does not make it a CSV,

    You need to learn the basics of PowerShell, AD and computer data and files.  These are all basic prerequisites to working in computer technology.

    This will fix your problems:

    $baseOUForOUs = 'OU=myOU,DC=contoso,DC=com'
    $baseOUForGroups = 'OU=myGroups,DC=contoso,DC=com'
    
    foreach ($computer in $groupMembers) {
        $group = Get-ADComputer $computer | 
            Get-ADPrincipalGroupMembership |
            Where-Object{$_.Name -like 'group-*'}
        if($group -gt 1){
           	$computer | Out-File MemberOfMultipleGroups.txt -Append
        } else {
        	Move-ADObject $computer -TargetPath $destOU
        	$computer | Out-File ComputersMoved.txt -Append
        }
    }
    

    When you have issues with a CmdLet then you need to look at the help for the CmdLet.  First you need to take the time to actually learn basic PowerShell and stop trying to guess at everything.


    \_(ツ)_/

    Monday, February 3, 2020 11:15 PM
  • With the greatest of respect it was due to the -append on the output and the output file not matching the structure e.g. the comma separate fields. Deleting the output files and starting over fixed it so I deleted my post which I believe you're replying to.

    Thanks for your time.

    Monday, February 3, 2020 11:38 PM