locked
AD - import users and check AD group membership RRS feed

  • Question

  • Hi I'm relatively useless with PowerShell and I am wanting to write a script that will do the following and am just getting stuck with part B.

    Part A- import a list of users from a CSV

    Part B- check if the users are members of an ad group and if so remove from group A and add to group B 

    Can anyone point me in the best direction ? that would be amazing.

    Wednesday, May 21, 2014 4:53 AM

Answers

  • Hi,

    I happen to have something already written that will do what you're after:

    Import-Csv .\userList.csv | ForEach {
    
        $userDetails = Get-ADUser -Identity $_.Username -Properties memberOf
    
        If ($userDetails.memberOf -contains 'CN=Test Group 1,OU=Security Groups,DC=domain,DC=com') {
    
            Remove-ADGroupMember -Identity 'Group A' -Members $userDetails.SamAccountName -Confirm:$false -WhatIf
            Add-ADGroupMember -Identity 'Group B' -Members $userDetails.SamAccountName -Confirm:$false -WhatIf
    
        }
    
    }

    This will require in input CSV file with a header of Username that contains the usernames to test. You'll also need to update the names of the groups for 'Group A' and 'Group B' along with the DN of the group to test against.

    Remove the -WhatIf parameters from the Remove/Add lines if you're happy with what you see in the output.


    Don't retire TechNet! - (Don't give up yet - 12,830+ strong and growing)

    Wednesday, May 21, 2014 5:08 AM

All replies