Vista - AD: Looking for user not in a groups

permalink · 04-06-2009

For now I'm here: get-qaduser usertest | select -expand memberof |
foreach {$($_.split(','))[0].substring(3)} | sort

I'm trying to find for every AD user who are not member of a group

Details:
I have 3 groups: "XX Group" / "YY Group" / "ZZ Group"
I have around 250 users

And I need to find all users not member of one of those groups

I'm also thinking about going another way, listing every user member
of each groups "XX Group" / "YY Group" / "ZZ Group", and doing a
comparison with the global list of my AD users.

Thanks guys.

permalink · 04-13-2009

On Apr 6, 5:28*pm, Personne <cpdiv...@xxxxxx> wrote:

Quote:

> For now I'm here: get-qaduser usertest | select -expand memberof |
> foreach {$($_.split(','))[0].substring(3)} | sort
>
> I'm trying to find for every AD user who are not member of a group
>
> Details:
> I have 3 groups: "XX Group" / "YY Group" / "ZZ Group"
> I have around 250 users
>
> And I need to find all users not member of one of those groups
>
> I'm also thinking about going another way, listing every user member
> of each groups "XX Group" / "YY Group" / "ZZ Group", and doing a
> comparison with the global list of my AD users.
>
> Thanks guys.

I believe you can do this in one line with NetCmdlets like so:

get-ldap -server $myserver -cred $mycred -dn $mysearcndn -search "(&
(objectClass=user)(!(memberOf=*)))" | select cn,givenName,memberOf

The search filter there gets all users that do not have a memberOf
attribute (in ldap this is equivalent to not being a member of any
group, there is never a case where the memberOf attribute exists but
has an empty value).

Lance

permalink · 04-13-2009

Hi Personne,

With the version 1.2 of Quest AD cmdlets:

Get-QADUser -sizeLimit 0 -notMemberOf XX,YY,ZZ

You can download the cmdlets here:
http://www.quest.com/powershell/activeroles-server.aspx

---
Shay Levy
Windows PowerShell MVP
http://blogs.microsoft.co.il/blogs/ScriptFanatic
PowerShell Toolbar: http://tinyurl.com/PSToolbar

P> For now I'm here: get-qaduser usertest | select -expand memberof |
P> foreach {$($_.split(','))[0].substring(3)} | sort
P>
P> I'm trying to find for every AD user who are not member of a group
P>
P> Details:
P> I have 3 groups: "XX Group" / "YY Group" / "ZZ Group"
P> I have around 250 users
P> And I need to find all users not member of one of those groups
P>
P> I'm also thinking about going another way, listing every user member
P> of each groups "XX Group" / "YY Group" / "ZZ Group", and doing a
P> comparison with the global list of my AD users.
P>
P> Thanks guys.
P>

permalink · 04-13-2009

Thanks, it seems that netcmdlet isn't free anymore !
Would you have a free version I can download somewhere ?

permalink · 04-13-2009

On Apr 13, 8:50*am, Personne <cpdiv...@xxxxxx> wrote:

Quote:

> Thanks, it seems that netcmdlet isn't free anymore !
> Would you have a free version I can download somewhere ?

It's still free: http://www.quest.com/powershell/activeroles-server.aspx

If you want to get all users that are not a member of any groups, then
Lance's solution is probably better. I was thinking that there was a
specific list of groups you wanted to check for.

permalink · 04-15-2009

tojo2000

you are right, I need to know what are the users which are not part of
a list of groups

Example:
user1 member of group1,group2,group3
user2 member of group1,group3
user3 member of group2,group3
user4 member of group1,group3,group4

I want to search for users who are not member of group2 so it should
returns:
user2 and user4

PS I'm dealing with around 250 users and around 200/300 groups

04-06-2009	#1 (permalink)
Personne n/a posts	AD: Looking for user not in a groups For now I'm here: get-qaduser usertest \| select -expand memberof \| foreach {$($_.split(','))[0].substring(3)} \| sort I'm trying to find for every AD user who are not member of a group Details: I have 3 groups: "XX Group" / "YY Group" / "ZZ Group" I have around 250 users And I need to find all users not member of one of those groups I'm also thinking about going another way, listing every user member of each groups "XX Group" / "YY Group" / "ZZ Group", and doing a comparison with the global list of my AD users. Thanks guys.
My System Specs

04-13-2009	#2 (permalink)
Lance n/a posts	Re: AD: Looking for user not in a groups On Apr 6, 5:28pm, Personne <cpdiv...@xxxxxx> wrote: Quote: > For now I'm here: get-qaduser usertest \| select -expand memberof \| > foreach {$($_.split(','))[0].substring(3)} \| sort > > I'm trying to find for every AD user who are not member of a group > > Details: > I have 3 groups: "XX Group" / "YY Group" / "ZZ Group" > I have around 250 users > > And I need to find all users not member of one of those groups > > I'm also thinking about going another way, listing every user member > of each groups "XX Group" / "YY Group" / "ZZ Group", and doing a > comparison with the global list of my AD users. > > Thanks guys. I believe you can do this in one line with NetCmdlets like so: get-ldap -server $myserver -cred $mycred -dn $mysearcndn -search "(& (objectClass=user)(!(memberOf=)))" \| select cn,givenName,memberOf The search filter there gets all users that do not have a memberOf attribute (in ldap this is equivalent to not being a member of any group, there is never a case where the memberOf attribute exists but has an empty value). Lance
My System Specs

04-13-2009	#3 (permalink)
Shay Levy [MVP] n/a posts	Re: AD: Looking for user not in a groups Hi Personne, With the version 1.2 of Quest AD cmdlets: Get-QADUser -sizeLimit 0 -notMemberOf XX,YY,ZZ You can download the cmdlets here: http://www.quest.com/powershell/activeroles-server.aspx --- Shay Levy Windows PowerShell MVP http://blogs.microsoft.co.il/blogs/ScriptFanatic PowerShell Toolbar: http://tinyurl.com/PSToolbar P> For now I'm here: get-qaduser usertest \| select -expand memberof \| P> foreach {$($_.split(','))[0].substring(3)} \| sort P> P> I'm trying to find for every AD user who are not member of a group P> P> Details: P> I have 3 groups: "XX Group" / "YY Group" / "ZZ Group" P> I have around 250 users P> And I need to find all users not member of one of those groups P> P> I'm also thinking about going another way, listing every user member P> of each groups "XX Group" / "YY Group" / "ZZ Group", and doing a P> comparison with the global list of my AD users. P> P> Thanks guys. P>
My System Specs

04-13-2009	#4 (permalink)
Personne n/a posts	Re: AD: Looking for user not in a groups Thanks, it seems that netcmdlet isn't free anymore ! Would you have a free version I can download somewhere ?
My System Specs

04-13-2009	#5 (permalink)
tojo2000 n/a posts	Re: AD: Looking for user not in a groups On Apr 13, 8:50*am, Personne <cpdiv...@xxxxxx> wrote: Quote: > Thanks, it seems that netcmdlet isn't free anymore ! > Would you have a free version I can download somewhere ? It's still free: http://www.quest.com/powershell/activeroles-server.aspx If you want to get all users that are not a member of any groups, then Lance's solution is probably better. I was thinking that there was a specific list of groups you wanted to check for.
My System Specs

04-15-2009	#6 (permalink)
Personne n/a posts	Re: AD: Looking for user not in a groups tojo2000 you are right, I need to know what are the users which are not part of a list of groups Example: user1 member of group1,group2,group3 user2 member of group1,group3 user3 member of group2,group3 user4 member of group1,group3,group4 I want to search for users who are not member of group2 so it should returns: user2 and user4 PS I'm dealing with around 250 users and around 200/300 groups
My System Specs

Similar Threads
Thread	Forum
Scripting user creation. BUT How to add to groups.....	VB Script
remove user from all groups but 1	PowerShell
blocking user in mail groups	Vista General
User Groups in Vista	Vista account administration