Comments on: Managing group membership in Active Directory with PowerShell (Part 2) http://www.leadfollowmove.com/archives/powershell/managing-group-membership-in-active-directory-with-powershell-part-2 Adam Bell on Deployment, Automation, PowerShell et al Thu, 25 Feb 2010 23:14:19 -0600 http://wordpress.org/?v=2.9.2 hourly 1 By: Ryan http://www.leadfollowmove.com/archives/powershell/managing-group-membership-in-active-directory-with-powershell-part-2/comment-page-1#comment-974 Ryan Tue, 17 Feb 2009 19:19:38 +0000 http://www.leadfollowmove.com/?p=48#comment-974 You could just use the remove syntax for removing a user from the group: $group.remove("LDAP://$userDN") also Ive been using this in AD 2003 and ive never had to use $group.SetInfo() You could just use the remove syntax for removing a user from the group:

$group.remove(“LDAP://$userDN”)

also Ive been using this in AD 2003 and ive never had to use

$group.SetInfo()

]]> By: Adam Bell http://www.leadfollowmove.com/archives/powershell/managing-group-membership-in-active-directory-with-powershell-part-2/comment-page-1#comment-758 Adam Bell Thu, 04 Dec 2008 01:05:06 +0000 http://www.leadfollowmove.com/?p=48#comment-758 Fred, Unfrotunately, not all environments are able to install third party tools. Also the post was written before Quest had released their tools .... I’m a big fan of the Quest AD CmdLets and they make managing AD activities a lot easier. There is value in knowing how to do it without these tools though so the crap way still has value. ;) Think defence environments for example ….. Cheers, Adam Fred,

Unfrotunately, not all environments are able to install third party tools. Also the post was written before Quest had released their tools ….

I’m a big fan of the Quest AD CmdLets and they make managing AD activities a lot easier.

There is value in knowing how to do it without these tools though so the crap way still has value. ;)

Think defence environments for example …..

Cheers,
Adam

]]> By: Fred http://www.leadfollowmove.com/archives/powershell/managing-group-membership-in-active-directory-with-powershell-part-2/comment-page-1#comment-743 Fred Tue, 18 Nov 2008 23:22:26 +0000 http://www.leadfollowmove.com/?p=48#comment-743 forget this crap... just got get the Quest AD tools for PS they are free.... one line management. http://www.quest.com/powershell/ forget this crap… just got get the Quest AD tools for PS they are free…. one line management.

http://www.quest.com/powershell/

]]> By: Modifying Group Memberships with Powershell, Part II « Just Another Sysadmin http://www.leadfollowmove.com/archives/powershell/managing-group-membership-in-active-directory-with-powershell-part-2/comment-page-1#comment-571 Modifying Group Memberships with Powershell, Part II « Just Another Sysadmin Sun, 20 Jan 2008 02:33:05 +0000 http://www.leadfollowmove.com/?p=48#comment-571 [...] membership in Exchange 2007 Managing group membership in Active Directory with PowerShell (Part 1) Managing group membership in Active Directory with PowerShell (Part 2) Powershell and ActiveDirectory - Modify-Group-Membership PowerShell script to list user group [...] [...] membership in Exchange 2007 Managing group membership in Active Directory with PowerShell (Part 1) Managing group membership in Active Directory with PowerShell (Part 2) Powershell and ActiveDirectory – Modify-Group-Membership PowerShell script to list user group [...]

]]> By: Peter {faa780ce-0f0a-4c28-81d2-3667b71287fd} http://www.leadfollowmove.com/archives/powershell/managing-group-membership-in-active-directory-with-powershell-part-2/comment-page-1#comment-32 Peter {faa780ce-0f0a-4c28-81d2-3667b71287fd} Wed, 28 Feb 2007 22:04:29 +0000 http://www.leadfollowmove.com/?p=48#comment-32 Thanks, as with everything AD-related, I understand that There Is Something Up with my domain, and I'll try this on a VM to see what happens. Thanks, as with everything AD-related, I understand that There Is Something Up with my domain, and I’ll try this on a VM to see what happens.

]]> By: AdamBell http://www.leadfollowmove.com/archives/powershell/managing-group-membership-in-active-directory-with-powershell-part-2/comment-page-1#comment-31 AdamBell Tue, 27 Feb 2007 16:17:46 +0000 http://www.leadfollowmove.com/?p=48#comment-31 Hi Peter, I agree on the rewriting of the group membership. I wouldn't do this in a large prod environment for the same fear! You should be able to perform this action using the .Net framework, but I have just been transfering old VBScript code for these examples. Interesting that you are experiencing issues with the sample code. I tested all of my examples in a 2003 AD hosted in VMware. Admittedly theres no scale here - replication etc but the code worked fine. Have you checked te code for typo's? If you're still having problems, email me offline and I'll send you the code function to test. HTH Hi Peter,

I agree on the rewriting of the group membership. I wouldn’t do this in a large prod environment for the same fear! You should be able to perform this action using the .Net framework, but I have just been transfering old VBScript code for these examples.

Interesting that you are experiencing issues with the sample code. I tested all of my examples in a 2003 AD hosted in VMware. Admittedly theres no scale here – replication etc but the code worked fine.

Have you checked te code for typo’s? If you’re still having problems, email me offline and I’ll send you the code function to test.

HTH

]]> By: Peter {faa780ce-0f0a-4c28-81d2-3667b71287fd} http://www.leadfollowmove.com/archives/powershell/managing-group-membership-in-active-directory-with-powershell-part-2/comment-page-1#comment-30 Peter {faa780ce-0f0a-4c28-81d2-3667b71287fd} Mon, 26 Feb 2007 23:46:31 +0000 http://www.leadfollowmove.com/?p=48#comment-30 Also I tried implementing your "old way sample" just now, and it looks like the simple $group.add($ldapstring) syntax is busted. I've also tried just now using $group.psbase.invoke("add",$ldapstring) and I'm out of luck there too. Anyway, FYI Also I tried implementing your “old way sample” just now, and it looks like the simple $group.add($ldapstring) syntax is busted. I’ve also tried just now using $group.psbase.invoke(“add”,$ldapstring) and I’m out of luck there too.

Anyway, FYI

]]> By: Peter {faa780ce-0f0a-4c28-81d2-3667b71287fd} http://www.leadfollowmove.com/archives/powershell/managing-group-membership-in-active-directory-with-powershell-part-2/comment-page-1#comment-29 Peter {faa780ce-0f0a-4c28-81d2-3667b71287fd} Mon, 26 Feb 2007 23:04:32 +0000 http://www.leadfollowmove.com/?p=48#comment-29 My only question about this is: is the PowerShell way dangerous? With the old way, you know you're JUST adding a new user. With the new way, it looks like you're rebuilding the membership collection entirely and saying "make this happen". Potentially this new way removes everyone from the group, then re-adds them all (plus one). Maybe it doesn't, but maybe it does. I'm too scared to find out (especially in production on an "almost everyone"-type group with over 1000 members). Anyway, I agree PowerShell is quite powerful. My only question about this is: is the PowerShell way dangerous? With the old way, you know you’re JUST adding a new user. With the new way, it looks like you’re rebuilding the membership collection entirely and saying “make this happen”. Potentially this new way removes everyone from the group, then re-adds them all (plus one).

Maybe it doesn’t, but maybe it does. I’m too scared to find out (especially in production on an “almost everyone”-type group with over 1000 members).

Anyway, I agree PowerShell is quite powerful.

]]>