Pages

3/25/2011

Powershell: Find inactive group members

Get the members each group in the list. if the members are on a list of inactive accounts, flag them in the output.

$root=([ADSI]"").distinguishedName
 
$Groups=get-content groups.txt
$Accounts=get-content inactive.txt
 
foreach ($Group in $Groups) {
    "-----------------------------------"
    $Group+":"
    $Group = [ADSI]("LDAP://CN=$Group,CN=Users,"+$root)
    $Output = $Group.member –Replace ‘\,.*$’, ‘’
    $Check = $Output -Replace 'CN=',''
    foreach ($Item in $Check) {
        $test = $Item.ToLower()
        if ($Accounts -contains $test) {
            "***************"+$test
            }
            else {
            $test
        }
    }
}

No comments: