Script to view members of group who belong to a specific OU 1

[cyberspace]

I tried this over in the Windows 2008 Server first but was directed here, so apologies for double post for anybody that notices!

I've been asked to provide a list of members of a specific group who belong to a particular site.

There is 1 OU per site. There is an OU which contains 6 security groups. Most users are assigned to at least 1 of these groups.

I need to find out people from Site X who belong to each one of these groups. Eg People from Site A who belong to Group 1. If I go to the group properties and click members, it naturally shows all members from all sites, and this makes getting the information I need a lengthy process. I just want to see Site X in the results.

Is this something that I could achive with powershell?

Many Thanks

'When all else fails.......read the manual'

 

[crobin1]

Here are two different ways to do it.

Base PowerShell. Note that the Contains comparison is case-sensitive. Modify the LDAP path to be the full path to the group you want to check

[ADSI]$group1 = "LDAP://CN=yourgroupname,OU=yourgroupOU,DC=yourdomain,DC=com"
$group1.member | where {($_).Contains("Site A")}

With the free Quest AD cmdlets:

Get-QADGroupMember "yourgroupname" | where {$_.ParentContainerDN -match "Site A"}

 

[cyberspace]

Thanks for this crobin!

In the mean time I used a rather long winded solution by piping the output of dsget commands relating to the needed groups. I then used grep on the text file in a linux machine to get the lines I needed, and then tidied it up in Excel!

To run these commands, do I need to save them with a particular extension? Sorry, I'm not familiar with powershell.

'When all else fails.......read the manual'

 

[crobin1]

The extension for PowerShell script files is .ps1 (that's the number one, not the letter L)

 

[markdmac]

Here is another example that might give you a little more usable output. If you are not already running PowerShell v2.0 I recommend the upgrade so you can use the GridView.

If the server is running Exchange 2007, you can upgrade to v2.0 provided you install the prerequisite updates first.
faq1582-7350

[ADSI]$group1 = "LDAP://CN=Domain Admins,CN=Users,DC=spidersparlor,DC=local"
$group1.member | foreach {$user=[adsi]"LDAP://$_";  $user | 
Select @{name="LDAP";Expression={$_.DistinguishedName}},
       @{name="Name";Expression={$_.Name}},
	   @{name="Login";Expression={$_.samAccountName}}}|
Out-GridView

I hope that helps.

Regards,

Mark

Check out my scripting solutions at

http://www.thespidersparlor.com/vbscript

Work SMARTER not HARDER. The Spider's Parlor's Admin Script Pack is a collection of Administrative scripts designed to make IT Administration easier! Save time, get more work done, get the Admin Script Pack.