Recently a question came up about not being able to create new objects in certain AD containers. As this was essentially an account access issue I thought I would see if I could get this to work in PowerShell using compare-object.
Using the Quest AD Cmdlets here are the steps. No script, just the command line and the built in compare-object.
# Make sure it gets the information I want first
# I use the -DisplayName option because I didn't have the user ID
Get_QADUser -DisplayName 'John Doe' | Get-QADMemberOf | Sort Name | Select Name
# Now that it works
PS: > $a = Get_QADUser -DisplayName 'John Doe' | Get-QADMemberOf | Sort Name | Select Name
PS: > $b = Get_QADUser speck | Get-QADMemberOf | Sort Name | Select Name
# Now just a straight use of Compare Object
PS: > Compare-Object $a $b
InputObject SideIndicator
----------- -------------
@{Name=Some group} =>
@{Name=Some other group} =>
@{Name=Yet a different group} =>
@{Name=And what the heck a long group name} =>
# I use the -DisplayName option because I didn't have the user ID
Get_QADUser -DisplayName 'John Doe' | Get-QADMemberOf | Sort Name | Select Name
# Now that it works
PS: > $a = Get_QADUser -DisplayName 'John Doe' | Get-QADMemberOf | Sort Name | Select Name
PS: > $b = Get_QADUser speck | Get-QADMemberOf | Sort Name | Select Name
# Now just a straight use of Compare Object
PS: > Compare-Object $a $b
InputObject SideIndicator
----------- -------------
@{Name=Some group} =>
@{Name=Some other group} =>
@{Name=Yet a different group} =>
@{Name=And what the heck a long group name} =>
This indicated that the differences were all in object $b. As a result we were able to identify which group was missing on the account in question without having to manually compare the difference.
