Compare Active Directory Group Membership with Powershell

Here is a nice little Powershell script I wrote to compare group membership of two active directory users. You can use this script for many different purposes just edit the reference command and property to whatever object you wish to compare.

$UserReference = Get-ADPrincipalGroupmembership (Read-Host "Reference User")
$UserDifference = Get-ADPrincipalGroupmembership (Read-Host "Difference User")

Compare-object $UserReference $UserDifference -property SamAccountName


=> Means the Difference User is a member of  a group and the Reference User is not a member.
<= Means the Reference User is a member of the group and the Difference User is not a member.

You can also use the -IncludeEqual parameter to include groups both users are a member of that will be represented by the SideIndicator value of:  ==
Posted by
Labels:

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)