Powershell: Find users with the same attribute value in Active Directory

0
votes

I've been working an identity management project involving Active Directory and hit a case I can't figure out the Powershell to. Essentially we are looking at the employeeID attribute, we want to find all users that have the same value in that attribute across the whole domain. Users shouldn't have the same employeeID, so if there are two or more with the same employeeID. They need to be cleaned up.

I know Powershell could do this for me but I'm not sure what commands I would need. I've been looking Get-ADUser but nothing is jumping out at me to even get started. I essentially just want a report of all users that have the same employeeID as another user so that they can be cleaned up.

1
powershellactive-directory

1 Answers

2
votes

You could:

  • Enumerate all accounts with an employeeID value
  • Compare and group them based on the value using Group-Object
# Fetch all user accounts with an employeeID
$employeeAccounts = Get-ADUser -Filter 'employeeID -like "*"' -Properties employeeID

# Group them by value of employeeID attribute, keep any group with more than 1 account
$accountsByEmployeeID = $employeeAccounts |Group-Object employeeID |Where-Object Count -gt 1

foreach($ID in $accountsByEmployeeID){
  # $accounts will contain a list of accounts with the same employeeID
  # you could send an email, file a ticket, or disable one or more of the accounts here
  $accounts = $ID.Group
}