Black Mountain

My Experiment on the Internet

PowerShell - Comparing group membership

Wed, 2009-09-23 14:27 — sepeck

powershell

Recently a question came up about not being able to create new objects in certain AD containers. As this was essentially an account access issue I thought I would see if I could get this to work in PowerShell using compare-object.

Using the Quest AD Cmdlets here are the steps. No script, just the command line and the built in compare-object.

# Make sure it gets the information I want first

# I use the -DisplayName option because I didn't have the user ID

Get_QADUser -DisplayName 'John Doe' | Get-QADMemberOf | Sort Name | Select Name

# Now that it works

PS: > $a = Get_QADUser -DisplayName 'John Doe' | Get-QADMemberOf | Sort Name | Select Name

PS: > $b = Get_QADUser speck | Get-QADMemberOf | Sort Name | Select Name

# Now just a straight use of Compare Object

PS: > Compare-Object $a $b

InputObject                                                 SideIndicator

-----------                                                 -------------

@{Name=Some group}                                          =>

@{Name=Some other group}                                    =>

@{Name=Yet a different group}                               =>

@{Name=And what the heck a long group name}                 =>

This indicated that the differences were all in object $b. As a result we were able to identify which group was missing on the account in question without having to manually compare the difference.