A study in Powershell scripting: Part 3

This is the third part of my series of studying scripting. I will follow up with how I used the previous function I created to get the results that I wanted. (NB I have changed the name of some groups to something else to maintain privacy. )

Onto the example. I produced three groups to represent the separation of the alphabet.

Write-Verbose -Message "Collecting members from Contoso_GeneralAccess Active Directory group with surnames starting from A-H...."

$contoso_ah_extract = Export-ADGroupmember -ADGroup Contoso_GeneralAccess -ADProperty surname -regex "^[A-H]" | where {
	$_.samaccountname -notmatch "\b[A-Za-z]*admin\b" -and`
	$_.samaccountname -notmatch "\b[A-Za-z]*svc\b" -and $_.enabled -eq $TRUE} | select -ExpandProperty samaccountname

Write-Verbose -Message "Collecting members from Contoso_GeneralAccess Active Directory group with surnames starting from I-P...."
$contoso_ip_extract = Export-ADGroupmember -ADGroup Contoso_GeneralAccess -ADProperty surname -regex "^[I-P]" | where {
	$_.samaccountname -notmatch "\b[A-Za-z]*admin\b" -and`
	$_.samaccountname -notmatch "\b[A-Za-z]*svc\b" -and $_.enabled -eq $TRUE} | select -ExpandProperty samaccountname

Write-Verbose -Message "Collecting members from Contoso_GeneralAccess Active Directory group with surnames starting from R-Z...."
$contoso_qz_extract = Export-ADGroupmember -ADGroup Contoso_GeneralAccess -ADProperty surname -regex "^[Q-Z]" | where {
	$_.samaccountname -notmatch "\b[A-Za-z]*admin\b" -and`
	$_.samaccountname -notmatch "\b[A-Za-z]*svc\b" -and $_.enabled -eq $TRUE} | select -ExpandProperty samaccountname

So essentially what this snippet is saying is Find all users in the Contoso_GeneralAccess group and export all users that surname begins a-h, i-p, q-z and then dumps them as samaccountname format. It puts them into variables for the next lot of processing.

The next series of tasks is to grab the sharefile groupmembers. I want to put this in group variables so I can compare them with the extract variables above. The code is below:


Write-Verbose -Message "Collecting members from Sharefile_A-H group..."
$sharefileadgroup_ah = get-adgroup Sharefile_A-H | get-adgroupmember | Get-ADUser | select -ExpandProperty samaccountname
$sharefileadgroup_ah_obj = get-adgroup Sharefile_A-H

Write-Verbose -Message "Collecting members from Sharefile_I-P group..."
$sharefileadgroup_ip = get-adgroup Sharefile_I-P | get-adgroupmember | Get-ADUser | select -ExpandProperty samaccountname
$sharefileadgroup_ip_obj = get-adgroup Sharefile_I-P

Write-Verbose -Message "Collecting members from Sharefile_Q-Z group..."
$sharefileadgroup_qz = get-adgroup Sharefile_Q-Z | get-adgroupmember | Get-ADUser | select -ExpandProperty samaccountname
$sharefileadgroup_qz_obj = get-adgroup Sharefile_Q-Z

Then I use Compare-Object to do the comparison. My notes that I made in the script should explain the details what I am actually doing and the reasoning behind it. (NB Thats why its so important to add inline comments in my opinion so that when it comes to review in a few months time then then I can understand the logic!)


# This region compares the groups as discussed in the beginning notes. It creates variables on what to add and remove in the respective share file groups using the compare-object cmdlet. As the reference object is the  
# variable $Contoso_ range, Users which has the sideindicator => means that in this case the users exist in the differenceobject variable which is the sharefile group but not Contoso group and therefore should be removed. 
# Those that has the side indicator <= means that it exists in the Contoso group range and not the sharefile group and there should be added. #region Comparison: Write-Verbose -Message "Comparing members from Contoso_GeneralAccess group extract from A-H to decipher what to add and remove from Sharefile_A-H group..." $objects_to_remove_in_sharefile_ah_group = Compare-Object -ReferenceObject $Contoso_ah_extract -DifferenceObject $sharefileadgroup_ah | where { $_.sideindicator -eq "=>" } | Select -expandproperty inputobject
$objects_to_add_in_sharefile_ah_group = Compare-Object -ReferenceObject $Contoso_ah_extract -DifferenceObject $sharefileadgroup_ah | where { $_.sideindicator -eq "<=" } | Select -expandproperty inputobject Write-Verbose -Message "Comparing members from Contoso_GeneralAccess group extract from I-P to decipher what to add and remove from Sharefile_I-P group..." $objects_to_remove_in_sharefile_ip_group = Compare-Object -ReferenceObject $Contoso_ip_extract -DifferenceObject $sharefileadgroup_ip | where { $_.sideindicator -eq "=>" } | Select -expandproperty inputobject
$objects_to_add_in_sharefile_ip_group = Compare-Object -ReferenceObject $Contoso_ip_extract -DifferenceObject $sharefileadgroup_ip | where { $_.sideindicator -eq "<=" } | Select -expandproperty inputobject Write-Verbose -Message "Comparing members from Contoso_GeneralAccess group extract from Q-Z to decipher what to add and remove from Sharefile_Q-Z..." $objects_to_remove_in_sharefile_qz_group = Compare-Object -ReferenceObject $Contoso_qz_extract -DifferenceObject $sharefileadgroup_qz | where { $_.sideindicator -eq "=>" } | Select -expandproperty inputobject
$objects_to_add_in_sharefile_qz_group = Compare-Object -ReferenceObject $Contoso_qz_extract -DifferenceObject $sharefileadgroup_qz | where { $_.sideindicator -eq "<=" } | Select -expandproperty inputobject

#endregion

In the next post I will discuss about removing and adding users from these groups using the comparison object and how I created an email report to send out what was deleted and added.

I hope that this gives some insight to people learning Powershell.