DEVHIDE
Login Or Sign up

Change active directory users properties based on group membership with exclusions

289 Views Asked by At

I'm trying to change AD properties (Windows VPN, i.e. Routing and Remote dial-in service) of users that are members of some AD group. It is Ok here. But at the same time I need to exclude changing properties of those users that have additional membership in some other groups. Let's say all users are in "Office" group. I can disable VPN to them all with the script below. But in the group also located users which are additionally members of "VPN always on" group. How to exclude they from script action.

Here it is my working script (without exclusion):

Get-ADGroupMember -Identity "Office" | where {$_.objectclass -eq "user"} | foreach { Set-ADUser -Identity $($_.distinguishedName) -clear msnpallowdialin}
windows powershell active-directory rras
Original Q&A
1

There are 1 best solutions below

4
On BEST ANSWER

There almost certainly a better way of doing this but...

Remove the -WhatIf to actually make the changes

Get-ADGroupMember -Identity "Office" | where {$_.objectclass -eq "user"} | ForEach {
    Get-ADUser -Identity $_ -Properties memberof , msnpallowdialin | Where-Object {!($_.memberof -like "*VPN USer Group*")} | Set-ADUser -Clear msnpallowdialin -whatif
}

Related Questions in WINDOWS

Related Questions in POWERSHELL

Related Questions in ACTIVE-DIRECTORY

Related Questions in RRAS

Trending Questions

Popular # Hahtags

javascript python java c# php android html jquery c++ css ios sql mysql r reactjs node.js arrays c asp.net json python-3.x ruby-on-rails .net sql-server swift django angular objective-c pandas excel

Popular Questions

Copyright © 2021 Jogjafile Inc.