I am trying to write s "Simple" script to add users to a specific security groups in AD based upon the organization attribute. If they belong to one org, they will be added to org1 security group. If they belongs to org2 they will be added to the org2 attribute. Simple, right.
I gathering all users with organization=org1 into a variable. Rather than rebuilding the group every time this is ran, I want to only add the delta of users that are not already a member of org1 group.
1. I gather all users that are already in the group into a variable.
2. I gather all users that have org1 value for AD Attibute "organization" (Actually, 'O')
3. I then try to run a compare-object against each variable expecting to find the difference and then just add those to the group. - VIOLA.
When I run the compare-object, it doe not give me the difference. It gives me one name that is already in the group. I cant understand why. I am pasting my script below in case there are glaring errors.
$currentGroupMembers=Get-ADGroupMember-Identityvumcaccounts|selectsamaccountname
$vumcUsers =get-aduser-LDAPFilter"(&(objectclass=user)(Objectcategory=person)(name=*)(O=org1))"-SearchBase"cn=users,dc=testlab,dc=com"-SearchScopeSubtree-Propertiessamaccountname,o|selectsamaccountname
if ($currentGroupMembers) {
compare-object -ReferenceObject$currentGroupMembers-DifferenceObject$vumcusers-PassThru
} Else { if ($currentGroupMembers-eq$null) { foreach ($vumcUserin$vumcUsers) { Add-ADGroupMember-Identityvumcaccounts-members$vumcUser.samaccountname
} } } Clear-Variable currentgroupmembers, vumcusers