Compare list of computer from text file with AD-User property

Question

I new in Powershell world and trying to write a script which perform following:

• Get List of Computers from a text file
• Get list of Users from a text file
• Control if the computer name is added in LogonWorkstations field in each user account

Here is the script I have written as of yet.

$Computers = Get-Content Computers.txt
$Users = Get-Content -Path Users.txt | Sort-Object -Unique
$ADUsers = Get-ADUser -Filter * -Properties LogonWorkstations -SearchScope Subtree -SearchBase "OU=ck,OU=users-com,DC=domain,DC=com" |
Where-Object {$Users -contains $_.Name} | Format-List Name,LogonWorkstations

As the script shows I read and retrieve property for Users and have list of computers in text file.

There are 50+ computers and users my question is how can I compare this line wise example check if computer from line 1 of Computers.txt exist in LogonWorkstations property of user from line 1 of Users.txt?

Answer 1

If each line of both files are corresponding, you can use a simple for loop to iterate through both lists simultaneously. $ADUsers will contain the output of ADUser objects matching the conditions.

$ADUsers = for ($i = 0; $i -lt $Users.Count; $i++) {
    Get-ADUser -Filter "Name -eq '$($Users[$i])'" -Properties LogonWorkstations |
        Where-Object { ($_.LogonWorkstations -split ',') -contains $Computers[$i] }
}

Since LogonWorkstations contains a comma-separated string, you will have to do some string manipulation. Using the -split operator on the , character will result in an array of strings. The -contains operator works nicely when comparing an item or collection of items to a single item.

---

If you want to compare the LogonWorkstations value of a user to any computer in the list, you can do something like the following:

$ADUsers = foreach ($User in $Users) {
    Get-ADUser -Filter "Name -eq '$User'" -Properties LogonWorkstations | Where-Object {
        Compare-Object -Ref ($_.LogonWorkstations -split ',') -Dif $Computers -IncludeEqual -ExcludeDifferent
    }
}

Compare-Object here will only return a value if there is an exact match.

---

Note: I believe the LogonWorkstations attribute has been replaced with UserWorkstations attribute. Both may work now but may not be guaranteed in the future.

Answer 2

I haven't tried the below code but hopefully, you will be able to work out any little issues:

$computers = Get-Content -Path #PATHTOCOMPUTERS.TXT
$users = Get-Content -Path #PATHTOUSERS.TXT | Sort-Object -Unique

#Set a counter to zero
$counter = 0

foreach ($user in $users){

    try{

        #Get the current user from AD
        $adUser = Get-ADUser -Filter { Name -eq $user} -Properties LogonWorkStations -ErrorAction Stop

        #Uses the current index using $counter to get the correct computer from computers.txt and 
        #checks if the user has it setup as a LogonWorkStation
        if ($adUser.LogonWorkstations -eq $computers[$counter]){
            Write-Host "$user has $computer as a logon workstation"
        }else{
            Write-Host "$user doesn't have $computer as a logon workstation"
        }

    }catch{
        Write-Host "Failed to get the AD user"
    }

    #Increment the $counter
    $counter++
}