Comparing Active Directory Group Membership with Powershell
Mon, May 16, 2011One of the ways that PowerShell shines for me is in examples like this.
I had a user who had access to network resources not managed directly in AD. This application uses LDAP integration to decide which users have access. A user wanted to know which group they were missing membership from.
I used the Compare-Object cmdlet as follows -
Compare-Object -ReferenceObject $(Get-QADUser "UserWith") -DifferenceObject $(Get-QADUser "UserWithout")
The output shows differences in membership, and provides an arrow indicating the direction of the difference.
