Vista - Get groupmembership of a user

permalink · 01-08-2008

Hello,

i'm trying to write a script that checks several Security Groups if a user
is member of one of those.
But i cant find a way to enumerate the groups a user is a member of or what
users are member of a specific group.

i need somehing like this:
IF <User> is member of <Group> execute command1

final my script should look like this:
$Mailboxes = get-mailbox
foreach ($A in $Mailboxes) {
IF $A is memberof Group1 execute cmd1
ELSEIF $A is memberof Group2 execute cmd2
ELSEIF $A is memberof Group3 execute cmd3
ELSE execute cmd4

can someone help me please?

permalink · 01-08-2008

For domain users and groups, download Quest's cmdlets for active directory.
It's free, You can download it here:

http://www.quest.com/activeroles-server/arms.aspx

-----
Shay Levi
$cript Fanatic
http://scriptolog.blogspot.com
Hebrew weblog: http://blogs.microsoft.co.il/blogs/scriptfanatic

Quote:

> Hello,
>
> i'm trying to write a script that checks several Security Groups if a
> user
> is member of one of those.
> But i cant find a way to enumerate the groups a user is a member of or
> what
> users are member of a specific group.
> i need somehing like this:
> IF <User> is member of <Group> execute command1
> final my script should look like this:
> $Mailboxes = get-mailbox
> foreach ($A in $Mailboxes) {
> IF $A is memberof Group1 execute cmd1
> ELSEIF $A is memberof Group2 execute cmd2
> ELSEIF $A is memberof Group3 execute cmd3
> ELSE execute cmd4
> can someone help me please?
>

permalink · 01-08-2008

Perhaps this will help (assuming you dont want to install the Quest cmdlets)

found here: http://bsonposh.com/modules/wordpress/?page_id=22

For local Groups
---------------
function Get-GroupMember{
# From: Brandon Shell (bsonposh.com)
# Example:
# -- To List Users of a group
# PS> Get-GroupMembers -group Administrators -server myserver1
# -- To Check if User is member of Group
# PS> Get-GroupMembers -group Administrators -server myserver -user jsmith
#################################################################
Param([string]$group,[string]$server,[string]$user)

# Check if $server has value. If not set to Local Host Name
If(!($server)){$server = get-content env:COMPUTERNAME}

# Getting Group Object
$g = [ADSI]("WinNT://$server/$group,group")

# Getting Member User Names
$ulist = $g.psbase.invoke("Members") | %{$_.GetType().InvokeMember("Name",
'GetProperty', $null, $_, $null)}

# If User is specified we check each member for match
if($user){
foreach($u in $ulist){
if($u -eq $user){$found = $true}
}
if($found){Write-Host "User [$user] Found" -ForegroundColor green;$true}
else{Write-Host "User [$user] NOT found!" -ForegroundColor red;$false}
}
else{ # No user specified... Output Member list
$ulist
}
}

For Domain Groups
------------------
function Get-ADGroupMember{
# From: Brandon Shell (bsonposh.com)
# Example:
# -- To List Users of a group
# PS> Get-GroupMembers -group Administrators -server myserver1
# -- To Check if User is member of Group
# PS> Get-GroupMembers -group Administrators -server myserver -user jsmith
#################################################################
Param([string]$group,[string]$server,[string]$user)

# Check if $server has value. If not set to Local Host Name
If(!($server)){$server = ([ADSI]"").DC}

# Getting Group Object
$g = [ADSI]("WinNT://$server/$group,group")

# Getting Member User Names
$ulist = $g.psbase.invoke("Members") | %{$_.GetType().InvokeMember("Name",
'GetProperty', $null, $_, $null)}

# If User is specified we check each member for match
if($user){
foreach($u in $ulist){
if($u -eq $user){$found = $true}
}
if($found){Write-Host "User [$user] Found" -ForegroundColor green;$true}
else{Write-Host "User [$user] NOT found!" -ForegroundColor red;$false}
}
else{ # No user specified... Output Member list
$ulist
}
}

Brandon Shell
---------------
Blog: http://www.bsonposh.com/
PSH Scripts Project: www.codeplex.com/psobject

T> Hello,
T>
T> i'm trying to write a script that checks several Security Groups if a
T> user
T> is member of one of those.
T> But i cant find a way to enumerate the groups a user is a member of
T> or what
T> users are member of a specific group.
T> i need somehing like this:
T> IF <User> is member of <Group> execute command1
T> final my script should look like this:
T> $Mailboxes = get-mailbox
T> foreach ($A in $Mailboxes) {
T> IF $A is memberof Group1 execute cmd1
T> ELSEIF $A is memberof Group2 execute cmd2
T> ELSEIF $A is memberof Group3 execute cmd3
T> ELSE execute cmd4
T> can someone help me please?
T>

permalink · 01-08-2008

Are all of these groups mutually exclusive ie can a user only be a member of
1 of them?? Do you want to process for all users in a particular group?
--
Richard Siddaway
Please note that all scripts are supplied "as is" and with no warranty
Blog: http://richardsiddaway.spaces.live.com/
PowerShell User Group: http://www.get-psuguk.org.uk

"ThorstenK" wrote:

Quote:

> Hello,
>
> i'm trying to write a script that checks several Security Groups if a user
> is member of one of those.
> But i cant find a way to enumerate the groups a user is a member of or what
> users are member of a specific group.
>
> i need somehing like this:
> IF <User> is member of <Group> execute command1
>
> final my script should look like this:
> $Mailboxes = get-mailbox
> foreach ($A in $Mailboxes) {
> IF $A is memberof Group1 execute cmd1
> ELSEIF $A is memberof Group2 execute cmd2
> ELSEIF $A is memberof Group3 execute cmd3
> ELSE execute cmd4
>
> can someone help me please?

01-08-2008	#1 (permalink)
ThorstenK n/a posts	Get groupmembership of a user Hello, i'm trying to write a script that checks several Security Groups if a user is member of one of those. But i cant find a way to enumerate the groups a user is a member of or what users are member of a specific group. i need somehing like this: IF <User> is member of <Group> execute command1 final my script should look like this: $Mailboxes = get-mailbox foreach ($A in $Mailboxes) { IF $A is memberof Group1 execute cmd1 ELSEIF $A is memberof Group2 execute cmd2 ELSEIF $A is memberof Group3 execute cmd3 ELSE execute cmd4 can someone help me please?
My System Specs

01-08-2008	#2 (permalink)
Shay Levi n/a posts	Re: Get groupmembership of a user For domain users and groups, download Quest's cmdlets for active directory. It's free, You can download it here: http://www.quest.com/activeroles-server/arms.aspx ----- Shay Levi $cript Fanatic http://scriptolog.blogspot.com Hebrew weblog: http://blogs.microsoft.co.il/blogs/scriptfanatic Quote: > Hello, > > i'm trying to write a script that checks several Security Groups if a > user > is member of one of those. > But i cant find a way to enumerate the groups a user is a member of or > what > users are member of a specific group. > i need somehing like this: > IF <User> is member of <Group> execute command1 > final my script should look like this: > $Mailboxes = get-mailbox > foreach ($A in $Mailboxes) { > IF $A is memberof Group1 execute cmd1 > ELSEIF $A is memberof Group2 execute cmd2 > ELSEIF $A is memberof Group3 execute cmd3 > ELSE execute cmd4 > can someone help me please? >
My System Specs

01-08-2008	#3 (permalink)
Brandon Shell [MVP] n/a posts	Re: Get groupmembership of a user Perhaps this will help (assuming you dont want to install the Quest cmdlets) found here: http://bsonposh.com/modules/wordpress/?page_id=22 For local Groups --------------- function Get-GroupMember{ # From: Brandon Shell (bsonposh.com) # Example: # -- To List Users of a group # PS> Get-GroupMembers -group Administrators -server myserver1 # -- To Check if User is member of Group # PS> Get-GroupMembers -group Administrators -server myserver -user jsmith ################################################################# Param([string]$group,[string]$server,[string]$user) # Check if $server has value. If not set to Local Host Name If(!($server)){$server = get-content env:COMPUTERNAME} # Getting Group Object $g = [ADSI]("WinNT://$server/$group,group") # Getting Member User Names $ulist = $g.psbase.invoke("Members") \| %{$_.GetType().InvokeMember("Name", 'GetProperty', $null, $_, $null)} # If User is specified we check each member for match if($user){ foreach($u in $ulist){ if($u -eq $user){$found = $true} } if($found){Write-Host "User [$user] Found" -ForegroundColor green;$true} else{Write-Host "User [$user] NOT found!" -ForegroundColor red;$false} } else{ # No user specified... Output Member list $ulist } } For Domain Groups ------------------ function Get-ADGroupMember{ # From: Brandon Shell (bsonposh.com) # Example: # -- To List Users of a group # PS> Get-GroupMembers -group Administrators -server myserver1 # -- To Check if User is member of Group # PS> Get-GroupMembers -group Administrators -server myserver -user jsmith ################################################################# Param([string]$group,[string]$server,[string]$user) # Check if $server has value. If not set to Local Host Name If(!($server)){$server = ([ADSI]"").DC} # Getting Group Object $g = [ADSI]("WinNT://$server/$group,group") # Getting Member User Names $ulist = $g.psbase.invoke("Members") \| %{$_.GetType().InvokeMember("Name", 'GetProperty', $null, $_, $null)} # If User is specified we check each member for match if($user){ foreach($u in $ulist){ if($u -eq $user){$found = $true} } if($found){Write-Host "User [$user] Found" -ForegroundColor green;$true} else{Write-Host "User [$user] NOT found!" -ForegroundColor red;$false} } else{ # No user specified... Output Member list $ulist } } Brandon Shell --------------- Blog: http://www.bsonposh.com/ PSH Scripts Project: www.codeplex.com/psobject T> Hello, T> T> i'm trying to write a script that checks several Security Groups if a T> user T> is member of one of those. T> But i cant find a way to enumerate the groups a user is a member of T> or what T> users are member of a specific group. T> i need somehing like this: T> IF <User> is member of <Group> execute command1 T> final my script should look like this: T> $Mailboxes = get-mailbox T> foreach ($A in $Mailboxes) { T> IF $A is memberof Group1 execute cmd1 T> ELSEIF $A is memberof Group2 execute cmd2 T> ELSEIF $A is memberof Group3 execute cmd3 T> ELSE execute cmd4 T> can someone help me please? T>
My System Specs

01-08-2008	#4 (permalink)
RichS n/a posts	RE: Get groupmembership of a user Are all of these groups mutually exclusive ie can a user only be a member of 1 of them?? Do you want to process for all users in a particular group? -- Richard Siddaway Please note that all scripts are supplied "as is" and with no warranty Blog: http://richardsiddaway.spaces.live.com/ PowerShell User Group: http://www.get-psuguk.org.uk "ThorstenK" wrote: Quote: > Hello, > > i'm trying to write a script that checks several Security Groups if a user > is member of one of those. > But i cant find a way to enumerate the groups a user is a member of or what > users are member of a specific group. > > i need somehing like this: > IF <User> is member of <Group> execute command1 > > final my script should look like this: > $Mailboxes = get-mailbox > foreach ($A in $Mailboxes) { > IF $A is memberof Group1 execute cmd1 > ELSEIF $A is memberof Group2 execute cmd2 > ELSEIF $A is memberof Group3 execute cmd3 > ELSE execute cmd4 > > can someone help me please?
My System Specs

Similar Threads
Thread	Forum
Get-ACL, format the list and get groupmembership	PowerShell
Vista Home Premium: New user account failing to load user profile	Vista account administration
User Accounts, Switch User, Hibernate, Sleep, Restart	Vista account administration
Control the Maximum allowed User Sessions in Fast User Switching	Vista General
User Profile Bad if this user is not first user logged onto Vista	Vista account administration