locked
Compare group membership of two security groups RRS feed

  • Question

  • Hi, i created this script two compare the group membership of two security groups. I think i am getting the output of who is not in both groups but how would i indicate which of the two groups a user is not in?

    Import-Module ActiveDirectory
    
    $Group1 = Get-ADGroupMember "test1" 
    $Group2= Get-ADGroupMember "test2" 
    
    Compare-Object -ReferenceObject $Group2 -DifferenceObject $Group1 -Prop sAMAccountName, name `
    -passThru | Sort-Object Name | Select-Object name, samaccountname | export-csv "c:\temp\group_compare.csv" -notypeinformation
    
    
    

    Friday, November 1, 2013 1:43 PM

Answers

  • Hi

    You can transform the data in the select part.

    Compare-Object -ReferenceObject $Group2 -DifferenceObject $Group1 -Prop sAMAccountName, name |`
     Sort-Object Name |`
     Select-Object name, samaccountname, @{label='group';expression={if ($_.sideindicator -eq '<='){'group2'}elseif ($_.sideindicator -eq '=>'){'group1'}elseif ($_.sideindicator -eq '=='){'both'} }}| `
     export-csv "c:\temp\group_compare.csv" -notypeinformation



    Please remember to click “Mark as Answer” on the post that helps you, and to click “Unmark as Answer” if a marked post does not actually answer your question. Even if you are not the author of a thread you can always help others by voting as Helpful. This can be beneficial to other community members reading the thread.


    Oscar Virot

    • Marked as answer by glacket Friday, November 1, 2013 4:32 PM
    Friday, November 1, 2013 4:10 PM

All replies

  • Hi.

    There is a an property called SideIndicator which says is in the help specified as:

    The result of the comparison indicates whether a property value appeared only in the object from the reference set (indicated by the <= symbol), only in the object from the difference set (indicated by the => symbol) or, if the
    IncludeEqual parameter is specified, in both objects (indicated by the == symbol).



    Please remember to click “Mark as Answer” on the post that helps you, and to click “Unmark as Answer” if a marked post does not actually answer your question. Even if you are not the author of a thread you can always help others by voting as Helpful. This can be beneficial to other community members reading the thread.


    Oscar Virot

    Friday, November 1, 2013 2:58 PM
  • Using -sideindicator, how i would i tie the symbols to group names?
    Friday, November 1, 2013 3:20 PM
  • for example if sideindicator was <== then it should say test1 instead, ==> would be test2, == would say BOTH.
    • Edited by glacket Friday, November 1, 2013 3:34 PM
    Friday, November 1, 2013 3:26 PM
  • Hi

    You can transform the data in the select part.

    Compare-Object -ReferenceObject $Group2 -DifferenceObject $Group1 -Prop sAMAccountName, name |`
     Sort-Object Name |`
     Select-Object name, samaccountname, @{label='group';expression={if ($_.sideindicator -eq '<='){'group2'}elseif ($_.sideindicator -eq '=>'){'group1'}elseif ($_.sideindicator -eq '=='){'both'} }}| `
     export-csv "c:\temp\group_compare.csv" -notypeinformation



    Please remember to click “Mark as Answer” on the post that helps you, and to click “Unmark as Answer” if a marked post does not actually answer your question. Even if you are not the author of a thread you can always help others by voting as Helpful. This can be beneficial to other community members reading the thread.


    Oscar Virot

    • Marked as answer by glacket Friday, November 1, 2013 4:32 PM
    Friday, November 1, 2013 4:10 PM
  • Hi

    You can transform the data in the select part.

    Compare-Object -ReferenceObject $Group2 -DifferenceObject $Group1 -Prop sAMAccountName, name |`
     Sort-Object Name |`
     Select-Object name, samaccountname, @{label='group';expression={if ($_.sideindicator -eq '<='){'group2'}elseif ($_.sideindicator -eq '=>'){'group1'}elseif ($_.sideindicator -eq '=='){'both'} }}| `
     export-csv "c:\temp\group_compare.csv" -notypeinformation



    Oscar Virot

    So you are essentially creating a new column and determining the groupname using if, elseif statement. Awesome. i was not sure how to go about writing that out. Looks like that did it. Thanks.
    Friday, November 1, 2013 4:31 PM