cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 

Searching multiple AD security groups for members?

Scouter_Ted
Copper Contributor

‎Dec 31 2019 01:07 PM

‎Dec 31 2019 01:07 PM

Searching multiple AD security groups for members?

I'm not sure if this is off topic for this group, but the groups control the licensing for O365 for exchange hybrid, so I figured this would be a good place to start.

 

Every time a user leaves the company I need to search through multiple AD groups to see if they have a license for any O365 licenses.  M365-E3, O365-e3, F1, E1, and E5.  Do that manually in ADUC sucks because there are a LOT of people in those groups.

 

Does anyone know of a way in powershell that I could easily search all of those AD groups?  

And better yet, does anyone know of a way I could grab a list of names from a spreadsheet, and search for all of those names?  

 

Some days I might only get one or 2 names to search for, other days I might get 12 or 15.  Do those one by one would get old so the spreadsheet method would be great if anyone knows of a way to do that.

 

Note I'm NOT a PS guru by any stretch, but hopefully I can cobble together something if someone can point me in the right direction.

 

Thanks.

Ted

 

Labels:
3,824 Views
0 Likes
3 Replies
Reply
3 Replies
Vasil Michev

‎Jan 02 2020 09:06 AM

‎Jan 02 2020 09:06 AM

Re: Searching multiple AD security groups for members?

Depends on the group type. Generally speaking, you can use the good old AD tools: 

 

/// List all groups (non-recursive)

(Get-ADUser -Filter {UserPrincipalName -like "XXXXXXXX"} -Properties MemberOf).MemberOf

/// List all groups (recursive)
Get-ADGroup -LDAPFilter "(member:1.2.840.113556.1.4.1941:=CN=XXXXXX,OU=User,OU=Accounts,OU=P01,DC=domain,DC=com)" | measure

where I've used the LDAP_MATCHING_RULE_IN_CHAIN identifier ("1.2.840.113556.1.4.1941"): https://docs.microsoft.com/en-us/windows/win32/adsi/search-filter-syntax?redirectedfrom=MSDN

0 Likes
Reply
Djcarr

‎Jan 02 2020 01:45 PM

‎Jan 02 2020 01:45 PM

Re: Searching multiple AD security groups for members?

You can create a script to remove departed users from all groups and schedule it to run weekly once you confirm they are gone.
0 Likes
Reply
oliwer_sundgren

‎Jan 02 2020 10:47 PM

‎Jan 02 2020 10:47 PM

Re: Searching multiple AD security groups for members?

Hello@Scouter_Ted !

 

You could do a simple powershell script with a "foreach" loop and a "if" statement together with a CSV file to quite easily remove AD users from the license groups autimatically with the help of the CSV file ( Spreadsheet ). 

 

It also helps if the license groups follow some kind of name standard. 

 

Let me know if you need further guidance with the powershell script. 

 

Cheers! 
Kind regards
Oliwer

0 Likes
Reply