Hi,
I need to generate a list of users that are members in more than one group, out of a list of specific security groups. Here's the situation:
1) We have about 1100 users, all nested under a specific OU called CompanyUsers. There are sub-OUs under CompanyUsers that users may actually be in.
2) We have about 75 groups, all directly under a specific OU called AppGroups. These groups correspond to a user's role within an internal line of business application. All these groups start with a specific character prefix "xyz", so the group name is actually "xyz-approle".
I want to write a script that tells me if a user from point 1) is a member in more than one group in point 2). So far, I've come up with a way to enumerate the users to an array:
$userlist = get-qaduser -searchroot 'dq.ad/dqusers/doral/remote' | select samaccountname |Format-Table -HideTableHeaders
I also have a way to enumerate all the groups that start with xyz that the user is a member of:
get-QADMemberOf -identity <username> -name xyz* -Indirect
I figure I can use the first code line to start a foreach loop that uses the 2nd code line, outputting to CSV format for easy to see manual verification. But I'm having two problems:
1) How to get the output to a CSV file in the format <username>,groupa,groupb,etc.
2) Is there any easier way to do this, say just outputting the users in more than one group?
Any help/ideas are welcome.
Thanks in advance!
John