Monthly Archives: May 2012

New script: Compare group membership of AD accounts

Today I laid down the last lines of code on a script that compares group membership between two Active Directory User Accounts. Based on the the differences in group membership the group membership of the destination account is modified. This scripts only prompts for information through a user interface, making it easy to use. The script is available in the TechNet Script Center Repository.
GUI – Compare group membership of two users and change user membership

Although the script is completely GUI driven it does accept two parameters, sourceaccount & destinationaccount. If the parameters are not supplied the script will prompt the user for both the Source and the Destination account as such.

I made the choice to use the Visual Basic assembly in order to display and gather the information. At the start of the script I use the following line of code to load this assembly:

[void][System.Reflection.Assembly]::LoadWithPartialName('Microsoft.VisualBasic')

And then using the Microsoft.VisualBasic.Interaction to create the input box in which the source account can be entered:

[Microsoft.VisualBasic.Interaction]::InputBox("Text", "Title", "Defaultvalue")

Followed by a prompt for the Destination user, the user on which the changes to group membership will be applied.

Assuming both users exist, the script will now verify if there are any differences in group membership. It looks for two differences:

  • Groups that the source user is a member of and the destination user is not
  • Groups that the destination user is a member of and the source user is not

I am using the Compare-Object Cmdlet to compare the group membership of both users using the property SideIndicator to determine which account is a member of what groups using the following code:

compare-object $destmember.memberof $sourcemember.memberof |
where-object {$_.sideindicator -eq '=>'})

Using this logic we can also determine which groups the destination user is a member of by either switching around the SideIndicator or the order of the $destmember and $sourcemember objects.

If there are any differences in either category, the script will prompt the user with the action it intends to take.

The list of groups that is displayed in this window is a combination of the Compare-Object output which I expand using the Select-Object Cmdlet. The output is then piped into a Foreach-Object loop in which the group names are stripped of their distinguished name to present a more readable format. This is done by using a regular expression combined with the split command. The complete list of clean group names is then joined up and placed on separate lines using the -join command. Here is an example of the code I used for this:

(Compare-Object $destmember.memberof $sourcemember.memberof |
where-object {$_.sideindicator -eq '=>'} | Select -Expand Inputobject |
Foreach {([regex]::split($_,'^CN=|,.+$'))[1]}) -join "`n"

Similarly if the destination user has group membership of a group the source user is not a member of, the script will prompt if the destination user should be removed from those groups.

Based on the answers given on these prompts, the script will now execute one of these options:

  • Nothing
  • Add destination user to source user’s groups
  • Remove destination user from any groups that source is not a member of
  • Both add and remove the destination user from any groups that match the source users account. Effectively cloning group membership.

After the script completes it will display a message informing the user that the actions have successfully been executed.

That is the basic functionality of this script, it allows for easy cloning of group memberships using PowerShell. This script does require the ActiveDirectory module to be installed on the machine on which it is executed. Let me know what you think of this script!

VMware Certified Professional on vSphere 5

As of last week I have achieved the VMWare Certified Professional on vSphere 5 certification. After a training course last month, I have spent most of my spare time studying to prepare for the examination.

For the aspiring VCPs I would like to share the resources I have used to study for this exam. My starting point was both the book and study guide provided by VMWare, the guide can be found here:

http://mylearn.vmware.com/mgrReg/plan.cfm?plan=12457

Furthermore I found vReference.com to be a good resource with a wealth of information in order to properly prepare for the exam. I specifically used the vSphere v5 Notes to assess my own knowledge and whenever I found an unfamiliar topic I would know what to focus on next. With about 50 pages it is quite extensive and it can be found here:

http://www.vreference.com/vsphere-5-notes/

Also there are many virtualization and VMware blogs that cover a wide range of topics. The blogs I frequented the most and which contained the most relevant information for my preparation has been yellow-bricks.com. I would highly recommend this site if you are planning to prepare for the exam or to read up on new developments in the VMware world.

http://www.yellow-bricks.com