Not sure if this is even possible, but I'm trying to compare properties of an ADgroup object and a PSCustomObject object. We're in the middle of a user audit which requires validating a list of active employees against our active AD user accounts along with their AD group memberships. Here's a basic breakdown of what I have so far:
(we're defining two separate search paths because we have groups in different OUs)
- $mainGroups = get-adgroup -filter * -searchbase 'OU_here'
- $subGroups = get-adgroup filter * -searchbase 'Different_OU_here'
List of usernames from HR system
- $sourceUsers = get-content -path 'c:\temp\users.txt'
List of usernames from AD
- $ADUserName = get-aduser -filter * -searchbase 'User_OU' -searchscope subtree | select -expandproperty SamAccountName
Empty array to store custom object/properties
- $userObjEQ = @()
Compare HR to AD
$compareResults = compare-object -referenceobject $sourceUsers -differenceObject $ADUserName
Find group memberships of all matching users, create custom object, etc
foreach ($result in $compareResults) { if ($result.SideIndicator -eq '==') { $groupMem = get-adprincipalgroupmembership -identity $result.InputObject } $userObjEQ += [pscustomobject] @{ 'UserName' = $result.InputObject 'Groups' = $groupMem.Name } }
From this point on, I want to compare every group from each matching user to the group name from the $mainGroups to see if there's a match. If there isn't then compare it to the $subGroups group names. If there's a match do nothing, if there's a mismatch, output the username along with any mismatched group names. Just not sure how best to compare these objects. Any hints will be appreciated.
