0

I have seen various posts that cover similar topics to this. But none that match my exact requirements.

My aim is:

  • Use a CSV containing col 1 (ADGroupName), col 2 (extensionAttirbute1)
  • Delete users from AD groups based on CSV
  • Add users to AD groups based on CSV

I'm sure this can be done simply however, to get it to work with the extensionAttribute1 value, is proving difficult.

Below is some of the code:

So, I have 2 functions.

  • First creates CSVs to work from. (Working).
  • Second function adds/removes AD groups based on CSV contents. (Working).

Below is where I left the final function after wiping out various bits of code after it didn't work.

Function SyncGroups {
  $Groups = Import-Csv "C:\Temp\Scripts\GroupMembership.csv"

  foreach ($user in $Groups) {
    Add-ADGroupMember -Identity $user.Group -Members $user.extensionAttribute1
    Get-ADUser -Filter {extensionAttribute1 -eq $user.extensionAttribute1}
  }
}
Ansgar Wiechers
  • 193,178
  • 25
  • 254
  • 328
KYS
  • 13
  • 6
  • Please can you post some of your code? – Richard Oct 13 '16 at 14:32
  • What have you tried to make the code from other posts work in your scenario. SO is not a place where we help you with particular problems in your code, not a place where we do your work for you. – Ansgar Wiechers Oct 13 '16 at 15:04
  • Sorry. I was dashing out. I did not mean to cause offence Ansgar.. – KYS Oct 14 '16 at 06:57
  • No offense taken. Just pointing out what you can and cannot expect from SO. And of course I meant to write *"SO **is** a place where we help you with particular problems in your code"* (scratch the "not" in that half sentence). – Ansgar Wiechers Oct 14 '16 at 13:46

2 Answers2

0

The problem you're facing is a common misunderstanding of how the parameter -Filter works (see this answer to a similar question). It's better to think of the argument to the parameter as a string (because that's essentially what it is, despite the notation), and define it as such.

Either assign $user.extensionAttribute1 to a variable and use that variable in the expression:

foreach ($user in $Groups) {
  Add-ADGroupMember -Identity $user.Group -Members $user.extensionAttribute1
  $attr = $user.extensionAttribute1
  Get-ADUser -Filter "extensionAttribute1 -eq '$attr'"
}

or put $user.extensionAttribute1 in a subexpression:

foreach ($user in $Groups) {
  Add-ADGroupMember -Identity $user.Group -Members $user.extensionAttribute1
  Get-ADUser -Filter "extensionAttribute1 -eq '$($user.extensionAttribute1)'"
}
Community
  • 1
  • 1
Ansgar Wiechers
  • 193,178
  • 25
  • 254
  • 328
0

Thanks Ansgar.

After trying your code, I realised that I had the ordering the wrong way round so below is how I managed to get it to work. I couldn't have done it though without your clear description for the misunderstanding I had. 

$Groups = import-csv "C:\Temp\Scripts\GroupMembership.csv"

Foreach($user in $Groups){       
$Member = Get-ADUser -Filter "extensionAttribute1 -eq '$($user.ExtensionAttribute1)'"
Add-ADGroupMember -Identity $user.Group -Members $Member
}

Thank you.

KYS
  • 13
  • 6