Hi all,
I need to check and see if an AD user is in a specific group before the script continues. I have been unable to apply my particular situation to the examples out there. I keep getting different errors, or I don't get the correct outcome of the IF statement. Basically I compare the users of an AD container against an SQL database, and any users not in the SQL database are moved to a different OU and disabled. Any users in the group "ADI-Ignore" are left alone as they are admins or test accounts for example.
I'm hoping someone can help.
Thanks.
#The variable "$data.item[0]" refers to the samAccountName of each user taken from an SQL table.
#Check if any users need to be moved or removed from Active Directory
Add-Content c:\ADIOutput.txt "Checking to see which users need to be deleted or moved."
$ADStaffUsers = Get-ADUser -filter * -SearchBase "OU=Staff,OU=Site,DC=domain,DC=com" | select samAccountName
foreach ($StaffUser in $ADStaffUsers)
{
#ADI Ignore Function
$Group = Get-ADGroup -identity ADI-Ignore
function Get-GroupMembership($data.item[0],$Group)
{
$UserADIIgnoreDelete = [ADSI]"LDAP://cn=$($data.item[0]),ou=staff,ou=site,dc=domain,dc=com"
if ($UserADIIgnoreDelete.memberOf | where { $_ -match $Group} -eq "false")
{
Add-Content c:\ADIOutput.txt "User $($data.item[0]) is not in ADI-Ignore"
$Matched = 1
foreach ($data.item[0] in $data.Rows)
{
if ($StaffUser -ne $data.item[0])
{
$Matched = 0
}
}
if ($Matched = 0)
{
Add-Content c:\ADIOutput.txt "Deleting user $($data.item[0])"
Move-ADObject "CN=$($data_item[0]),OU=Staff,OU=Site,DC=domain,DC=com" -TargetPath "CN=$($data_item[6]),OU=StaffDisabled,OU=Site,DC=domain,DC=com"
}
}
}
}