Powershell – How to check if a user is in a particular group from a particular OU in Powershell

active-directorypowershell

Here's my question.

I have multiple OUs that represent physical locations so it's structured like this.

COMPANY.COM\LOC1\Users (user1, user2, user3 etc…)
COMPANY.COM\LOC2\Users (user4, user5, user6 etc…)

Each location has a group that the user should be a part of and I need to audit to make sure users are a part of that group.

OU LOC1, I need to make sure all users (user1, user2, user3) in OU LOC1 are a part of security group LOC1_GRP and output the ones that aren't.

Best Answer

what about Get-QADUser? You can filter all users for example not belonging to a specific group like this:

get-qaduser -searchroot 'company.com/LOC1/Users' | ? {[string]$_.memberof -notmatch 'LOC1_GRP'}

Related Solutions

Windows – How to run a PowerShell script

Launch Windows PowerShell, and wait a moment for the PS command prompt to appear
Navigate to the directory where the script lives
```
PS> cd C:\my_path\yada_yada\ (enter)
```
Execute the script:
```
PS> .\run_import_script.ps1 (enter)
```

What am I missing??

Or: you can run the PowerShell script from cmd.exe like this:

powershell -noexit "& ""C:\my_path\yada_yada\run_import_script.ps1""" (enter)

according to this blog post here

Or you could even run your PowerShell script from your C# application :-)

Asynchronously execute PowerShell scripts from your C# application

Powershell – How to handle command-line arguments in PowerShell

You are reinventing the wheel. Normal PowerShell scripts have parameters starting with -, like script.ps1 -server http://devserver

Then you handle them in param section in the beginning of the file.

You can also assign default values to your params, read them from console if not available or stop script execution:

 param (
    [string]$server = "http://defaultserver",
    [Parameter(Mandatory=$true)][string]$username,
    [string]$password = $( Read-Host "Input password, please" )
 )

Inside the script you can simply

write-output $server

since all parameters become variables available in script scope.

In this example, the $server gets a default value if the script is called without it, script stops if you omit the -username parameter and asks for terminal input if -password is omitted.

Update: You might also want to pass a "flag" (a boolean true/false parameter) to a PowerShell script. For instance, your script may accept a "force" where the script runs in a more careful mode when force is not used.

The keyword for that is [switch] parameter type:

 param (
    [string]$server = "http://defaultserver",
    [string]$password = $( Read-Host "Input password, please" ),
    [switch]$force = $false
 )

Inside the script then you would work with it like this:

if ($force) {
  //deletes a file or does something "bad"
}

Now, when calling the script you'd set the switch/flag parameter like this:

.\yourscript.ps1 -server "http://otherserver" -force

If you explicitly want to state that the flag is not set, there is a special syntax for that

.\yourscript.ps1 -server "http://otherserver" -force:$false

Links to relevant Microsoft documentation (for PowerShell 5.0; tho versions 3.0 and 4.0 are also available at the links):

Best Answer

Related Solutions

Windows – How to run a PowerShell script

Powershell – How to handle command-line arguments in PowerShell

Related Topic