locked
Compare Membership Of Two Active Directory Groups RRS feed

  • Question

  • I got the below command to compare two ad groups and it is working fine. My query is how to add group name with the output, either as header or adding Colum of the group name.

    Reason, I’m going to find it for multiple group and i need to highlight mismatching user with group name and in my case both the group name will be same because comparing the groups from 2 different forest.

    diff (Get-ADGroupMember "Group 1") (Get-ADGroupMember -server $domain "Group 1") -Property 'SamAccountName' -IncludeEqual

    For example
    Actual Output:
    SamAccountName SideIndicator
    -------------- -------------
    USER1          ==
    USER2          =>
    USER3          =>

    Expectation: 
    Group 1
    SamAccountName SideIndicator

    -------------- -------------
    USER1          ==
    USER2          =>
    USER3          =>

    Group 2
    SamAccountName SideIndicator
    -------------- -------------
    USER1          ==
    USER2          =>
    USER3          =>

    Or it should like
    SamAccountName SideIndicator Group Name
    -------------- -------------
    USER1          ==               Group 1
    USER2          =>               Group 1
    USER3          =>               Group 1

    SamAccountName SideIndicator Group Name
    -------------- -------------

    USER1          ==               Group 2
    USER2          =>               Group 2
    USER3          =>               Group 2




    • Edited by Sarathi1012 Thursday, September 26, 2019 8:36 PM
    Thursday, September 26, 2019 8:34 PM

All replies

  • You will have to write a script to reformat the output as needed.


    \_(ツ)_/

    Thursday, September 26, 2019 8:40 PM
  • Sorry i tried as much as possible but no luck, that's why i worte here to get someone's help
    Thursday, September 26, 2019 8:48 PM
  • What have you tried? Post your code.

    \_(ツ)_/

    Thursday, September 26, 2019 8:51 PM
  • Since there is limited properties in group i can't get it directly, so i tried with write-host but again not getting with proper format
    Thursday, September 26, 2019 8:58 PM
  • Without a script there is really no way to help you.

    I suggest that you start by learning basic PowerShell.

    Learning to script properly with PowerShell


    \_(ツ)_/

    Thursday, September 26, 2019 9:47 PM
  • Sure, i'm begginer in powershell. My script is here

    diff (Get-ADGroupMember "Group 1") (Get-ADGroupMember -server $domain "Group 1") -Property 'SamAccountName' -IncludeEqual

    Just need to add a header or comlum with group name, it would be great if you could help me here.

    Thursday, September 26, 2019 9:54 PM
  • No - you have to write a script that formats the output as needed. That is just a script you copied from somewhere.

    Please carefully review the following links to set your expectation for posting in technical forums.


    \_(ツ)_/

    Thursday, September 26, 2019 10:09 PM
  • Thanks for the great information. First of all, if i got evertything then i won't write anything here and secondly it donesn't matter i developed or copied from somewhere. Which i copied here that fulfilled my requirement almost 95%. I just came here only when i struggle to complete it. I never mind if you won't help me. I hope someone can help in this PUBLIC forum. 
    Thursday, September 26, 2019 10:26 PM
  • We can't and won't write custom code. You need to learn PowerShell enough to write your own script.

    This is a technical forum for technicians who are trained in Windows technologies who have a single question about a script they are writing.  It is not a free-for-all public forum and is not scoped or resourced to design code for you.

    Here is the post at the top of this forum.  Please read it carefully.  Forum Posting Guidelines Alert me

    Also there is no single command that can do what you ask.  It will be a multistep script that formats the data as you require.  Remember that PowerShell is an object system.  It is not a batch system or a script like Basic.  It needs to be learned from the ground up which you will need to do if you what to ge a modern Windows technician.


    \_(ツ)_/

    Thursday, September 26, 2019 10:56 PM
  • No problem, i got the solution!
    Thursday, September 26, 2019 11:07 PM
  • Here is a starter for you that you can change to the text and format that you want.

    $group1 = Get-ADGroupMember 'Group 1'
    $group2 = Get-ADGroupMember -server $domain 'Group 2'
    Compare-Object $group1 $group2 -Property SamAccountName -IncludeEqual |
    	ForEach-Object -Begin {'Group 1 Indicator Group2'}  -Process {
    		switch ($_.SideIndicator) {
    			'==' { <# Place formatter code here #> 
    					'{0}  ==  {0}' -f $_.SamAccountName}
    			'=>' { <# Place formatter code here #> }
    			'<=' { <# Place formatter code here #> }
    		}
    	}


    You must learn PowerShell to go any further.


    \_(ツ)_/



    Thursday, September 26, 2019 11:10 PM
  • Hi,

    Was your issue resolved?

    If you resolved it using our solution, please "mark it as answer" to help other community members find the helpful reply quickly.

    If you resolve it using your own solution, please share your experience and solution here. It will be very beneficial for other community members who have similar questions.

    If no, please reply and tell us the current situation in order to provide further help.

    Best Regards,

    Lee


    Just do it.

    Friday, September 27, 2019 6:09 AM
  • Hi,

    Was your issue resolved?

    If you resolved it using our solution, please "mark it as answer" to help other community members find the helpful reply quickly.

    If you resolve it using your own solution, please share your experience and solution here. It will be very beneficial for other community members who have similar questions.

    If no, please reply and tell us the current situation in order to provide further help.

    Best Regards,

    Lee


    Just do it.

    Thursday, October 3, 2019 2:05 AM