I am having a problem figuring out how to show if a user is a member of a group. I am query attributes of all users under a ou and want to show the users is a member or not of the VPNUsers group. This is my current script:

get-qaduser -searchroot $ou.dn -IncludedProperties 'distinguishedName','sAMAccountName','DisplayName','whenCreated','title','info','homeDirectory','accountexpires','lockouttime','mail','department','description' -sizelimit 0 | select-object distinguishedName,sAMAccountName,DisplayName,whenCreated,title,info,homeDirectory,accountexpires,lockouttime,mail,department,description | export-csv $tempDirectory$csvfilename -notypeinformation

Any hep would be appreciated.

$VPNUsers = (Get-QADGroup VPNUsers).dn
$MemberOfVPNUsers = @{name="MemberOfVPNUsers";expression={ if ($_.memberOf -contains $VPNUsers) {"Yes"} else {"No"} }}
Get-QADUser -searchRoot $ou.dn | select Name,$MemberOfVPNUsers ,distinguishedName,sAMAccountName,DisplayName,whenCreated,title,info,homeDirectory,accountexpires,lockouttime,mail,department,description | export-csv "$tempDirectory\$csvfilename" -nti

-Shay

There is another option, the above will give you only the direct members of the VPNUsers group. You can use the -Indirect parameter to get ALL members even if they are not direct members (nested group members):


$VPNUsers = Get-QADGroupMember "domain admins" -Indirect | foreach {$_.SamAccountName}
$MemberOfVPNUsers = @{name="MemberOfVPNUsers";expression={ if ($VPNUsers -contains $_.SamAccountName) {"Yes"} else {"No"} }}
Get-QADUser -searchRoot $ou.dn | select Name,$MemberOfVPNUsers .....