One of the most exciting set of features in our AD cmdlets 1.2 is the one related to various group membership operations. (See full what’s new in AD cmdlets 1.2 by the way.)
This includes both the new Get-QADMemberOf cmdlet, and a few membership-related parameters in other cmdlets. Let me give you a few examples of how they work.
Get-QADMemberOf cmdlet lets you find groups to which a particular object (user, group, computer) belongs. For example:
# Find all my direct group membership Get-QADMemberOf 'Dmitry Sotnikov' # Find all groups including indirect membership Get-QADMemberOf 'Dmitry Sotnikov' -Indirect # Count my groups (Get-QADMemberOf 'Dmitry Sotnikov').Count # Change my groups Get-QADMemberOf 'Dmitry Sotnikov' -Indirect | Set-QADGroup -Description 'Dmitry was here'
MemberOf, IndirectMemberOf, NotMemberOf, NotIndirectMemberOf parameters of Get-QADComputer, Get-QADGroup, Get-QADObject, and Get-QADUser
# Find all users in London from Managers groups Get-QADUser -City 'London' -IndirectMemberOf 'Managers' # Find all users in an OU who do not belong to a specific group Get-QADUser -SearchRoot 'mydomain.local/users/berlin' -NotMemberOf 'ToBeMigrated' # And so on...
And, finally:
ContainsMember, ContainsIndirectMember, NotContainsMember, NotContainsIndirectMember parameters for Get-QADGroup
# Find all groups to which I do not belong and add me to them Get-QADGroup -NotContainsIndirectMember 'Dmitry Sotnikov' | Add-QADGroupMember -Member 'Dmitry Sotnikov' # Find all groups which contain myself but not Andrei Get-QADGroup -ContainsMember 'Dmitry Sotnikov' -NotContainsMember 'Andrei Polevoi'
I am sure there are a lot of other interesting scenarios which these new features open. Find them and blog them! 🙂
Tags: AD, AD cmdlets, Active Directory, Examples, PowerShell, cmdlets, one-liner
Subscribe by email
Dmitry's Blog: Cloud, PowerShell and beyond 