I want to check for users in certain OU if they are members of groups (and which) from another certain OU. How can I do this ?
Example: I have three OUs for users (users1OU, users2OU, users3OU) and two OUs for various grups (grups1OU, groups2OU).
Now I want to know for users from OU users1OU, members of which groups from OU groups2OU, they are.
I'm using powershell 2.0 and win 2008.
Using the activedirectory module from the RSAT tools:
Import-Module activedirectory $memb = @{} foreach ($group in get-adgroup -searchbase "ou=groups2OU,dc=domain,dc=tld" -filter *){ get-adgroupmember $group |? {$_.distinguishedname -like "*ou=users1OU,*"}| %{$memb[$_.name] += @($group.name) } } $memb Enumerate the groups in the groups2OU, get the group members and use the distinguishedname to filter the ones in the users1OU. Create a hash table using the user name as the key, and accumulate a collection of group names as the value.
When you're done, loop through the hashtable keys, and output the user name (key) and group memberships (value) in whatever report format you want.
