none
Powershell script Users and Admins

    Question

  • I have som strugles with my powershell script.

    i have made a script that he has to count all the Users

    but now i want to add a part but i can't get it to work.

    i want that everyone that is in the Domain Admin group, does not get added to the count.

    Example:

    i have 15 user and 2 admins

    now it shows 17 users when i run the script

    but i want it to only give me 15 because he does not count the admins.

    on the bottom is my script and maybe you can help me

    -------------------------------------------------------------------------------------------

    param ( $Show )
    if ( !$Show ) 
    {
        PowerShell -NoExit -File $MyInvocation.MyCommand.Path 1
        return
    }

    #dit instaleert de ActiveDirectory module
    Import-Module ActiveDirectory 


    #dit is alleen tekst
    Echo "Aantal Users"
    #dit telt de aantal Users
    (Get-ADUser -filter *).count

    #dit is alleen tekst
    Echo "Aantal Disabled Users"
    #dit telt de Users met de status Disabled
    (Get-ADUser -filter * |Where {$_.enabled -ne "False"}).count


    Tuesday, February 06, 2018 6:22 PM

All replies

  • Use code posting tool for posting code.


    Regards kvprasoon

    Tuesday, February 06, 2018 7:18 PM
  • The above script does not have any filter which will check the admin group membership.

    $Admins = Get-AdGroupMember -Identity 'Domain Admins' | Select-Object -ExpandProperty Name
    
    Get-AdUser -Filter * | Where-Object -FilterScript { $Admins -notcontains $_.Name }


    Regards kvprasoon




    Tuesday, February 06, 2018 7:42 PM
  • Not currently connected to AD .. this example might be buggy

    (get-aduser -filter * -searchbase <yourOU> -properties memberof |?{-not ($_.memberof -match "Domain Admins")}).count

    Tuesday, February 06, 2018 8:10 PM
  • The above script does not have any filter which will check the admin group membership.

    $Admins = Get-AdGroupMember -Identity 'Domain Admins' | Select-Object -ExpandProperty Name
    
    Get-AdGroup -Filter * | Where-Object -FilterScript { $Admins -notcontains $_.Name }


    Regards kvprasoon



    Ure looking for ADGgroups instead of ADUsers .. 
    Tuesday, February 06, 2018 8:14 PM


  • #dit is alleen tekst
    Echo "Aantal Disabled Users"
    #dit telt de Users met de status Disabled
    (Get-ADUser -filter * |Where {$_.enabled -ne "False"}).count


    My deutsch is terrible, but looks like your comment means "checking disabled users"
    .. and u actually getting enabled users .. ??

    Get-Aduser -filter {enabled -eq $false}

    Better for your domain controller if u filter out the objects before passing the pipeline.

    Tuesday, February 06, 2018 8:22 PM
  • Tuesday, February 06, 2018 8:37 PM
    Moderator
  • This is what you need:

            $Count = 0      
    
            $Users = Get-Aduser -Filter * -Properties *
    
            ForEach($User in $Users) {
    
                $Flag = 1
                
                try {$GroupMembership = Get-ADPrincipalGroupMembership $User -ErrorAction Ignore} catch {}
    
                If ($GroupMembership) {
                
                    ForEach ($Group in $GroupMembership) {
    
                        If ($Group.name -eq "Domain Admin") {
                        $Flag = 0
                        }
                    }
                }
    
                If ($Flag -eq 1) {
                
                $Count++
                
                }
            }
    
            $Count

    Tuesday, February 06, 2018 8:48 PM
  • This is what you need:

            $Count = 0      
    
            $Users = Get-Aduser -Filter * -Properties *
    
            ForEach($User in $Users) {
    
                $Flag = 1
                
                try {$GroupMembership = Get-ADPrincipalGroupMembership $User -ErrorAction Ignore} catch {}
    
                If ($GroupMembership) {
                
                    ForEach ($Group in $GroupMembership) {
    
                        If ($Group.name -eq "Domain Admin") {
                        $Flag = 0
                        }
                    }
                }
    
                If ($Flag -eq 1) {
                
                $Count++
                
                }
            }
    
            $Count

    This is exactly how u should NOT approach this
    Tuesday, February 06, 2018 9:00 PM
  • Hi,

    Based on my research, you can have a try with the following command to get the count of AD users who are not disabled and are not in the Domain Admins group, please replace the Domain Admins group's DistinguishedName to your actual name, for your reference:
    Get-ADUser -Filter "Enabled -eq 'True'" -Properties Memberof | 
        Where-Object {$_.Memberof -notcontains 'CN=Domain Admins,CN=Users,DC=contoso,DC=com'} | 
            Measure-Object | Select-Object Count

    If you need further help, please feel free to let us know.

    Best Regards,
    Albert

    Please remember to mark the replies as an answers if they help.
    If you have feedback for TechNet Subscriber Support, contact tnmff@microsoft.com

    Wednesday, February 07, 2018 2:39 AM
  • My bad,.. that was a typo

    Regards kvprasoon

    Wednesday, February 07, 2018 3:54 AM
  • Hi,

    Just checking in to see if the information provided was helpful. Does the script work?

    Please let us know if you would like further assistance.

    Best Regards,
    Albert

    Please remember to mark the replies as an answers if they help.
    If you have feedback for TechNet Subscriber Support, contact tnmff@microsoft.com

    Friday, February 09, 2018 8:49 AM
  • Hi,

    I am checking how the issue is going, if you still have any questions, please feel free to contact us.

    If you resolved it using our solution, please "mark it as answer" to help other community members find the helpful reply quickly.
    If you resolve it using your own solution, please share your experience and solution here. It will be very beneficial for other community members who have similar questions.
    If no, please reply and tell us the current situation in order to provide further help.

    Appreciate for your feedback.

    Best Regards,
    Albert

    Please remember to mark the replies as an answers if they help.
    If you have feedback for TechNet Subscriber Support, contact tnmff@microsoft.com

    Tuesday, February 13, 2018 9:08 AM