Comparing AD group membership for two or more users (role-based security)

This one builds a dynamic array in two dimensions. It first iterates through all of the users, identifying all of the unique AD groups that contain at least one of the users. It then builds the array dynamically, for each group identifying which of the users are a member of the group.
The end output is a table of all of the group memberships in a format where a manager can easily compare group memberships for multiple people with given roles to make sure that they all have the appropriate security memberships.
The use case here is primarily for transitioning from ad-hoc security memberships to role-based security memberships.

As before, this works very well with the excellent ImportExcel module mentioned in the Scripting Guys blog, and available from the PowerShell Gallery.

You would use a command line like this:
.\Get-UserGroupMatrix.ps1 -SamAccountName user1,user2,user3 | Export-Excel -path c:\temp\groupreport-role.xlsx -TableName role -TableStyle Medium13 -AutoSize

Leave a Reply

Your email address will not be published. Required fields are marked *