Active Directory: Determine if user is a member of a given Security Group.

Following on from my post “Working with Users and Security Groups“, as this one is a little more complex, I have given it an entry of its own.

The script returns a list of users that are in or not in a given AD Security Group.

To add other AD attributes to the output, such as Department, add the attribute to the -Properties:

If you’d like to create a nice little HTML table, add the following:
1. Create the header content. Essentially this is CSS. I use this for many scripts that I want to output to HTML.

2. Variable-ise and remove the ‘Select’ from the following line:

3. Set another variable, add the “Select” and pipe to HTML as a string. We use ConvertTo-HTML to get it into HTML. As we will pipe this in the next step, we only need the HTML table. We use -Fragment to stop PowerShell creating any other content except what is in the ”

” tags.

4. We now pipe this out, converting to HTML, this time with all the other HTML content to make it a valid HTML file:

The cmdlet creates “Not_MemberOf_GG_TEST_GROUP.html” in C:\Temp.
You may notice, there is a footer with a little maths going on to give a percentage and total count. The code for this is added above $UsersInGroup | Select Name… and looks like:

So here is the whole thing.

The last line has the code ; ii C:\Temp\Not_MemberOf_$sGroup.html. ii is an alias for Invoke-Item. Essentially, this opens the HTML file as soon as it is created.

A little trick with aliases:

As you can see, this one has three aliases:
Get-ChildItem

Please feel free to leave a comment...