none
Script to Search if a Domain User is member of particular Group or Not RRS feed

  • Question

  • Hi Friends,

    Currently I am working on a script where I am taking input from a CSV- columns are below 

    Samaccountname, OtherTelephone, preferredLanguage, employeeID

    The requirement is :

    1. To check if Samaccountname  Exits in CSV if Yes

    then check if samaccountname is member of the Group G_VPN_SCRAT. If not please add it.

    Script is working fine and add new members to the group but if I provide any existing user in the CSV. it does not say that user already Exits. it add existing user as well.

    Please  Help

    Add-PSSnapin Quest.ActiveRoles.ADManagement -ErrorAction SilentlyContinue
     
    Import-Module ActiveDirectory

    $user=Import-Csv D:\MyStuff\RD\VPN.csv

    ForEach ($users In $user)
    {
     if ($users.samaccountname -eq "")
     {
      Write-Output "SAMACCOUNTNAME is blank" 
     }
      else
      {
       $group="G_VPN_SCRAT"
       
        if ($users.memberof -notmatch  $group)
          {
          
        Add-QADGroupMember -Identity  $group $users.Samaccountname
        
        }
         else
         {
         
         Write-Host $users.Samaccountname  "user is allready a member"
          
         }
         
       
      }
       
       
    }

    Thanks for help

    Tuesday, October 14, 2014 8:20 AM

Answers

  • Hello jrv,

    just to understand deeper what we should do if I want to use

    "$user=Get-QAduser$_.samaccountname" as a global variable

    in current script it won't take as it is piping input from CSV. So, please suggest How we can achieve that as I have other part of script to develop where I need to copy "othertelephone" column to othertelephone attribute

    in that case as well I will have to use samaccountname as identifier to copy it. that's why if I can provide global variable I wont need to store Get-Aduser in each block.

    $group=Get-QAdGroup 'G_VPN_SCRAT'

    Import-Csv D:\MyStuff\RD\VPN.csv |
        
    ForEach-Object{
             
    if ($_.samaccountname -eq ""){ Write-Host "SAMACCOUNTNAME is blank"   -fore green
             
    }else{
                   $user
    =Get-QAduser $_.samaccountname
                  
    if ($user.memberof -contains  $group.DN){
                      
    Write-Host "$($_.Samaccountname) user is allready a member" -fore green
                  
    }else{
                      
    Add-QADGroupMember $group $_.Samaccountname
                  
    }
             
    }
        
    }

    Thanks for your Help again

    • Marked as answer by STscripter Thursday, October 30, 2014 1:08 PM
    Wednesday, October 15, 2014 6:29 AM

All replies

  • Look very closely at this reformatted version of you script.  It cannot work because it is designed wrong.

    Why are you adding both AD CmdLets and Quest Cmdlets?

    You are never retrieving the ADUser object.  The CSV file has no MemberOf property.

    The file is being imported into $user but it should be $users. 

    Add-PSSnapin Quest.ActiveRoles.ADManagement -ErrorAction SilentlyContinue
       
    Import-Module ActiveDirectory
    
    $user=Import-Csv D:\MyStuff\RD\VPN.csv 
    ForEach ($users In $user){ 
        if ($users.samaccountname -eq ""){
              Write-Output "SAMACCOUNTNAME is blank"   
        }else { 
            $group='G_VPN_SCRAT' 
            if ($users.memberof -notmatch  $group){ 
                 Add-QADGroupMember -Identity  $group $users.Samaccountnams
            }else{
                 Write-Host $users.Samaccountname  "user is allready a member"
            }
        }
    }


    ¯\_(ツ)_/¯



    • Edited by jrv Tuesday, October 14, 2014 8:43 AM
    Tuesday, October 14, 2014 8:41 AM
  • This is closer to what you want:

    Import-Module ActiveDirectory
    $group=Get-AdGroup 'G_VPN_SCRAT' 
    
    Import-Csv D:\MyStuff\RD\VPN.csv |
         ForEach-Object{
              if ($_.samaccountname -eq ""){
                   Write-Host "SAMACCOUNTNAME is blank"   -fore green
              }else{
                   $user=Get-Aduser $_.samaccountname -Properties memberof
                   if ($user.memberof -contains  $group.DistinguishedName){ 
                       Write-Host $users.Samaccountname  'user is allready a member' -fore green
                   }else{
                       Add-ADGroupMember $group $_.Samaccountnams
                   }
              }
         }
    
    


    ¯\_(ツ)_/¯

    Tuesday, October 14, 2014 8:54 AM
  • Hi , thanks for the script

    is there is any cmdlet in quest to achieve this ?

    however I a run above script get below error

    Get-ADDomain : Unable to contact the server. This may be because this server does not exist, it is currently down,

    I tried get-addomain  but it does not resolved

    Tuesday, October 14, 2014 11:07 AM
  • You can't use either if you are not in a domain. 

    ¯\_(ツ)_/¯

    Tuesday, October 14, 2014 11:37 AM
  • I  have several scripts and all working fine 

    even the script I have pasted at top is executing well  however output is bad

    in above script the Piped the output but I really want to use method I used just if you could please help to help me with the method I can use with like memberof or anything

    thanks for your time again

    Tuesday, October 14, 2014 11:42 AM
  • Sorry but I don't write scripts on demand.

    Your script has many issues. You can substitute the quest CmdLets in the script I posted or you can use it as a hint as to how it has to be done.

    I don't have your system so you will have to work it out.


    ¯\_(ツ)_/¯

    Tuesday, October 14, 2014 11:53 AM
  • Here - this works with Quest:

    $group=Get-QAdGroup 'G_VPN_SCRAT' 
    
    Import-Csv D:\MyStuff\RD\VPN.csv |
         ForEach-Object{
              if ($_.samaccountname -eq ""){
                   Write-Host "SAMACCOUNTNAME is blank"   -fore green
              }else{
                   $user=Get-QAduser $_.samaccountname
                   if ($user.memberof -contains  $group.DistinguishedName){ 
                       Write-Host $users.Samaccountname  'user is allready a member' -fore green
                   }else{
                       Add-QADGroupMember $group $_.Samaccountnams
                   }
              }
         }
    


    ¯\_(ツ)_/¯

    Tuesday, October 14, 2014 11:58 AM
  • Thanks JRV

    this scripts executed well without any error however output is same as I was getting with my script

    it adds to the group  both new and existing users.  it does not check if I have existing user in the CSV

    if I have 3 uses in the CSV , 2 is new and one is existing . it simply executing else block

    Tuesday, October 14, 2014 12:08 PM
  • Sorry - I missed one edit:

    $group=Get-QAdGroup 'G_VPN_SCRAT' 
    
    Import-Csv D:\MyStuff\RD\VPN.csv |
         ForEach-Object{
              if ($_.samaccountname -eq ""){
                   Write-Host "SAMACCOUNTNAME is blank"   -fore green
              }else{
                   $user=Get-QAduser $_.samaccountname
                   if ($user.memberof -contains  $group.DN){ 
                       Write-Host "$($_.Samaccountname) user is allready a member" -fore green
                   }else{
                       Add-QADGroupMember $group $_.Samaccountname
                   }
              }
         }


    ¯\_(ツ)_/¯

    Tuesday, October 14, 2014 12:14 PM
  • Hi jrv..

    WOW Thanks above script works well......Thanks a lot

    However I banged my mind  why my script not worked below is my script which also works.

    I am starting working on next phase work of my script ..if I will face any issue I will let you know

    $group="G_VPN_SCRAT"

    Import-CsvD:\MyStuff\RD\VPN.csv|

    ForEach-Object{

    if($_.samaccountname -eq"")

    {

    Write-Output"SAMACCOUNTNAME is blank" 

    }

    else

    {

          

    $users=Get-QADUser-SamAccountName$_.samaccountname

      

    if( $users.Memberof-match  $group)

      {   

    Write-Host"($users.Samaccountname) user is allready a member"

    }

    else

    {

    Add-QADGroupMember  $group$_.samaccountname

    }

    }

    }

     

    Tuesday, October 14, 2014 2:07 PM
  • Hello jrv,

    just to understand deeper what we should do if I want to use

    "$user=Get-QAduser$_.samaccountname" as a global variable

    in current script it won't take as it is piping input from CSV. So, please suggest How we can achieve that as I have other part of script to develop where I need to copy "othertelephone" column to othertelephone attribute

    in that case as well I will have to use samaccountname as identifier to copy it. that's why if I can provide global variable I wont need to store Get-Aduser in each block.

    $group=Get-QAdGroup 'G_VPN_SCRAT'

    Import-Csv D:\MyStuff\RD\VPN.csv |
        
    ForEach-Object{
             
    if ($_.samaccountname -eq ""){ Write-Host "SAMACCOUNTNAME is blank"   -fore green
             
    }else{
                   $user
    =Get-QAduser $_.samaccountname
                  
    if ($user.memberof -contains  $group.DN){
                      
    Write-Host "$($_.Samaccountname) user is allready a member" -fore green
                  
    }else{
                      
    Add-QADGroupMember $group $_.Samaccountname
                  
    }
             
    }
        
    }

    Thanks for your Help again

    • Marked as answer by STscripter Thursday, October 30, 2014 1:08 PM
    Wednesday, October 15, 2014 6:29 AM