Compare-Object Users in 2 ADGroups

hi, want users in 1 group not in another

$sourcegroup= "test1"
$targetgroup= "test2"

so want know users in adgroup "test1" not in "test2"

and add them "test2" group

i think of working, don't compare-object working yet

my script goes

$sourcegroup= "test1" $targetgroup= "test2"  $sourceusers =get-adgroup -identity $sourcegroup -properties member | select-object -expandproperty member | get-aduser | select samaccountname    $targetusers =get-adgroup -identity $targetgroup -properties member | select-object -expandproperty member | get-aduser | select samaccountname    $diff= compare-object -differenceobject $targetusers  -referenceobject  $sourceusers     foreach ($user in $diff) { add-adgroupmember -identity $targetgroup $user.inputobject.samaccountname -erroraction silentlycontinue  }

how can compare both groups , users test1 not on test2 ?

thanks

this can done more , efficiently using ldap filter. however, must specify full distinguished names of groups. following display dn's of users in first group not in second. can pipe results command add them second group:

get-aduser -ldapfilter "(&(memberof=cn=test1,ou=west,dc=mydomain,dc=com)(!memberof=cn=test2,ou=west,dc=mydomain,dc=com))"

in ldap syntax, "&" character "and" operator, while "!" "not" operator. note filtering done on dc , need returned client.

---

richard mueller - mvp directory services

Windows Server  >  Windows PowerShell