Often I get access requests, especially for new employees, for setting up someone’s network permissions like Dan's in the marketing department. Dan is new to the Marketing team and his manager wants his account set up like Paul's account. So, normally, I would do a side by side comparison in ADUC and then fill in the gaps. That sounds a little tedious. So, I wrote a quick function to compare groups and output those that are common between each and unique to each. Here is a sample of the output from the function:
PS C:\> Get-PWADGroupComparison pwetter djohnson
--------------------------------------------------------------------------
[Paul Wetter] and [Dan Johnson] have the following groups in common:
--------------------------------------------------------------------------
Domain Users
SCCM-Technicians
TESTDG1
--------------------------------------------------------------------------
The following groups are unique to [Paul Wetter]:
--------------------------------------------------------------------------
ConfigMgrAgents
ConfigMgrAdmins
DnsAdmins
GPOTest
SCOMAdmins
--------------------------------------------------------------------------
The following groups are unique to [Dan Johnson]:
--------------------------------------------------------------------------
SCCM-MWAdmins
SCCM-Techs-Level-1
PS C:\>
Nothing too fancy but, very useful for finding groups. And then copying and pasting and applying groups to new user or pasting into a ticketing system.
So, here's the PowerShell fuction. Enjoy!
function Get-PWADGroupComparison{
<#
.SYNOPSIS
This will compare 2 user accounts in active directory and tell you their group membership and how they are similar and different.
.PARAMETER Identity1
The first user account that you would like to compare.
.PARAMETER Identity2
The second user account that you would like to compare.
.EXAMPLE
Get-PWADGroupComparison -Identity1 BobJ -Identity2 DanO
.EXAMPLE
Get-PWADGroupComparison BobJ DanO
.NOTES
Author: Paul Wetter
Website: www.wetterssoure.com
The script are provided AS IS with no guarantees, no warranties, and they confer no rights.
#>
[CmdletBinding()]
param (
[Parameter(ValueFromPipelineByPropertyName=$true,Mandatory=$True,ValueFromPipeline=$True,
HelpMessage="The first user account that you would like to compare")]
[string]$Identity1,
[Parameter(ValueFromPipelineByPropertyName=$true,Mandatory=$False,ValueFromPipeline=$True,
HelpMessage="The second user account that you would like to compare")]
[string]$Identity2
)
$user1 = (Get-ADPrincipalGroupMembership -Identity $Identity1 | select Name | Sort-Object -Property Name).Name
Write-Verbose ($user1 -join "; ")
$user2 = (Get-ADPrincipalGroupMembership -Identity $Identity2 | select Name | Sort-Object -Property Name).Name
Write-Verbose ""
Write-Verbose ($user2 -join "; ")
$SameGroups = (Compare-Object $user1 $user2 -PassThru -IncludeEqual -ExcludeDifferent)
Write-Verbose ""
Write-Verbose ($SameGroups -join "; ")
$UniqueID1 = (Compare-Object $user1 $user2 -PassThru | where {$_.SideIndicator -eq "<="})
Write-Verbose ""
Write-Verbose ($UniqueID1 -join "; ")
$UniqueID2 = (Compare-Object $user1 $user2 -PassThru | where {$_.SideIndicator -eq "=>"})
Write-Verbose ""
Write-Verbose ($UniqueID2 -join "; ")
$ID1Name = (Get-ADUser -Identity $Identity1 | Select Name).Name
Write-Verbose ""
Write-Verbose ($ID1Name -join "; ")
$ID2Name = (Get-ADUser -Identity $Identity2 | Select Name).Name
Write-Verbose ""
Write-Verbose ($ID2Name -join "; ")
Write-Host "--------------------------------------------------------------------------"
Write-Host "[$ID1Name] and [$ID2Name] have the following groups in common:"
Write-Host "--------------------------------------------------------------------------"
$SameGroups
Write-Host ""
Write-Host "--------------------------------------------------------------------------"
Write-Host "The following groups are unique to [$ID1Name]:"
Write-Host "--------------------------------------------------------------------------"
$UniqueID1
Write-Host ""
Write-Host "--------------------------------------------------------------------------"
Write-Host "The following groups are unique to [$ID2Name]:"
Write-Host "--------------------------------------------------------------------------"
$UniqueID2
}
Comments
Thanks man, what a great job!
Thanks man, what a great job!
Wrote up a GUI for it
I (with the help of ChatGPT) wrote a GUI wrapper for script as a base
Add-Type -AssemblyName System.Windows.Forms
Add-Type -AssemblyName System.Drawing
function Get-PWADGroupComparison {
<#
.SYNOPSIS
This will compare 2 user accounts in active directory and tell you their group membership and how they are similar and different.
.PARAMETER Identity1
The first user account that you would like to compare.
.PARAMETER Identity2
The second user account that you would like to compare.
.EXAMPLE
Get-PWADGroupComparison -Identity1 BobJ -Identity2 DanO
.EXAMPLE
Get-PWADGroupComparison BobJ DanO
.NOTES
Author: Paul Wetter
Website: www.wetterssoure.com
The script is provided AS IS with no guarantees, no warranties, and it confers no rights.
#>
[CmdletBinding()]
param (
[Parameter(ValueFromPipelineByPropertyName=$true,Mandatory=$True,ValueFromPipeline=$True,
HelpMessage="The first user account that you would like to compare")]
[string]$Identity1,
[Parameter(ValueFromPipelineByPropertyName=$true,Mandatory=$False,ValueFromPipeline=$True,
HelpMessage="The second user account that you would like to compare")]
[string]$Identity2
)
$user1 = (Get-ADPrincipalGroupMembership -Identity $Identity1 | select Name | Sort-Object -Property Name).Name
Write-Verbose ($user1 -join "; ")
$user2 = (Get-ADPrincipalGroupMembership -Identity $Identity2 | select Name | Sort-Object -Property Name).Name
Write-Verbose ""
Write-Verbose ($user2 -join "; ")
$SameGroups = (Compare-Object $user1 $user2 -PassThru -IncludeEqual -ExcludeDifferent)
Write-Verbose ""
Write-Verbose ($SameGroups -join "; ")
$UniqueID1 = (Compare-Object $user1 $user2 -PassThru | where {$_.SideIndicator -eq "<="})
Write-Verbose ""
Write-Verbose ($UniqueID1 -join "; ")
$UniqueID2 = (Compare-Object $user1 $user2 -PassThru | where {$_.SideIndicator -eq "=>"})
Write-Verbose ""
Write-Verbose ($UniqueID2 -join "; ")
$ID1Name = (Get-ADUser -Identity $Identity1 | Select Name).Name
Write-Verbose ""
Write-Verbose ($ID1Name -join "; ")
$ID2Name = (Get-ADUser -Identity $Identity2 | Select Name).Name
Write-Verbose ""
Write-Verbose ($ID2Name -join "; ")
$Results = @{
CommonGroups = $SameGroups
UniqueGroupsUser1 = $UniqueID1
UniqueGroupsUser2 = $UniqueID2
Username1 = $ID1Name
Username2 = $ID2Name
}
return $Results
}
# GUI Script
function Show-ComparisonGUI {
param (
[hashtable]$ComparisonResults
)
$form = New-Object System.Windows.Forms.Form
$form.Size = New-Object System.Drawing.Size(700, 500)
$form.Text = "AD User Groups Comparison"
$label1 = New-Object System.Windows.Forms.Label
$label1.Location = New-Object System.Drawing.Point(20, 20)
$label1.Text = "Username 1:"
$form.Controls.Add($label1)
$textBox1 = New-Object System.Windows.Forms.TextBox
$textBox1.Location = New-Object System.Drawing.Point(120, 20)
$textBox1.Size = New-Object System.Drawing.Size(200, 20)
$textBox1.Text = $ComparisonResults.Username1
$form.Controls.Add($textBox1)
$label2 = New-Object System.Windows.Forms.Label
$label2.Location = New-Object System.Drawing.Point(20, 60)
$label2.Text = "Username 2:"
$form.Controls.Add($label2)
$textBox2 = New-Object System.Windows.Forms.TextBox
$textBox2.Location = New-Object System.Drawing.Point(120, 60)
$textBox2.Size = New-Object System.Drawing.Size(200, 20)
$textBox2.Text = $ComparisonResults.Username2
$form.Controls.Add($textBox2)
$compareButton = New-Object System.Windows.Forms.Button
$compareButton.Location = New-Object System.Drawing.Point(350, 50)
$compareButton.Size = New-Object System.Drawing.Size(100, 30)
$compareButton.Text = "Compare"
$compareButton.Add_Click({
$ComparisonResults = Get-PWADGroupComparison -Identity1 $textBox1.Text -Identity2 $textBox2.Text
Show-ComparisonResults -ComparisonResults $ComparisonResults
})
$form.Controls.Add($compareButton)
$labelResults = New-Object System.Windows.Forms.Label
$labelResults.Location = New-Object System.Drawing.Point(20, 100)
$labelResults.Text = "Groups for:"
$form.Controls.Add($labelResults)
$textBoxResults = New-Object System.Windows.Forms.TextBox
$textBoxResults.Location = New-Object System.Drawing.Point(20, 120)
$textBoxResults.Size = New-Object System.Drawing.Size(650, 300)
$textBoxResults.Multiline = $true
$textBoxResults.ReadOnly = $true
$form.Controls.Add($textBoxResults)
$form.Add_Shown({ $form.Activate() })
$form.ShowDialog()
# Display results in the text box
$textBoxResults.Text = @"
Results for $($ComparisonResults.Username1) and $($ComparisonResults.Username2):
Common Groups:
$($ComparisonResults.CommonGroups -join "`r`n")
Unique Groups for $($ComparisonResults.Username1):
$($ComparisonResults.UniqueGroupsUser1 -join "`r`n")
Unique Groups for $($ComparisonResults.Username2):
$($ComparisonResults.UniqueGroupsUser2 -join "`r`n")
"@
}
# Function to show results in the same Comparison GUI
function Show-ComparisonResults {
param (
[hashtable]$ComparisonResults
)
# Update existing TextBox with results
$textBoxResults.Text = @"
Results for $($ComparisonResults.Username1) and $($ComparisonResults.Username2):
Common Groups:
$($ComparisonResults.CommonGroups -join "`r`n")
Unique Groups for $($ComparisonResults.Username1):
$($ComparisonResults.UniqueGroupsUser1 -join "`r`n")
Unique Groups for $($ComparisonResults.Username2):
$($ComparisonResults.UniqueGroupsUser2 -join "`r`n")
"@
}
# Example: Show GUI with text boxes for entering usernames
Show-ComparisonGUI -ComparisonResults @{
Username1 = ""
Username2 = ""
CommonGroups = @()
UniqueGroupsUser1 = @()
UniqueGroupsUser2 = @()
}
Made some small changes to your script above for the UI
Add-Type -AssemblyName System.Windows.Forms
Add-Type -AssemblyName System.Drawing
function Get-PWADGroupComparison {
<#
.SYNOPSIS
This will compare 2 user accounts in active directory and tell you their group membership and how they are similar and different.
.PARAMETER Identity1
The first user account that you would like to compare.
.PARAMETER Identity2
The second user account that you would like to compare.
.EXAMPLE
Get-PWADGroupComparison -Identity1 BobJ -Identity2 DanO
.EXAMPLE
Get-PWADGroupComparison BobJ DanO
.NOTES
Author: Paul Wetter
Website: www.wetterssoure.com
The script is provided AS IS with no guarantees, no warranties, and it confers no rights.
#>
[CmdletBinding()]
param (
[Parameter(ValueFromPipelineByPropertyName=$true,Mandatory=$True,ValueFromPipeline=$True,
HelpMessage="The first user account that you would like to compare")]
[string]$Identity1,
[Parameter(ValueFromPipelineByPropertyName=$true,Mandatory=$False,ValueFromPipeline=$True,
HelpMessage="The second user account that you would like to compare")]
[string]$Identity2
)
$user1 = (Get-ADPrincipalGroupMembership -Identity $Identity1 | select Name | Sort-Object -Property Name).Name
Write-Verbose ($user1 -join "; ")
$user2 = (Get-ADPrincipalGroupMembership -Identity $Identity2 | select Name | Sort-Object -Property Name).Name
Write-Verbose ""
Write-Verbose ($user2 -join "; ")
$SameGroups = (Compare-Object $user1 $user2 -PassThru -IncludeEqual -ExcludeDifferent)
Write-Verbose ""
Write-Verbose ($SameGroups -join "; ")
$UniqueID1 = (Compare-Object $user1 $user2 -PassThru | where {$_.SideIndicator -eq "<="})
Write-Verbose ""
Write-Verbose ($UniqueID1 -join "; ")
$UniqueID2 = (Compare-Object $user1 $user2 -PassThru | where {$_.SideIndicator -eq "=>"})
Write-Verbose ""
Write-Verbose ($UniqueID2 -join "; ")
$ID1Name = (Get-ADUser -Identity $Identity1 | Select Name).Name
Write-Verbose ""
Write-Verbose ($ID1Name -join "; ")
$ID2Name = (Get-ADUser -Identity $Identity2 | Select Name).Name
Write-Verbose ""
Write-Verbose ($ID2Name -join "; ")
$Results = @{
CommonGroups = $SameGroups
UniqueGroupsUser1 = $UniqueID1
UniqueGroupsUser2 = $UniqueID2
Username1 = $ID1Name
Username2 = $ID2Name
}
return $Results
}
# GUI Script
function Show-ComparisonGUI {
param (
[hashtable]$ComparisonResults
)
$form = New-Object System.Windows.Forms.Form
$form.Size = New-Object System.Drawing.Size(700, 500)
$form.Text = "AD User Groups Comparison"
$label1 = New-Object System.Windows.Forms.Label
$label1.Location = New-Object System.Drawing.Point(20, 20)
$label1.Text = "Username 1:"
$form.Controls.Add($label1)
$textBox1 = New-Object System.Windows.Forms.TextBox
$textBox1.Location = New-Object System.Drawing.Point(120, 20)
$textBox1.Size = New-Object System.Drawing.Size(200, 20)
$textBox1.Text = $ComparisonResults.Username1
$form.Controls.Add($textBox1)
$label2 = New-Object System.Windows.Forms.Label
$label2.Location = New-Object System.Drawing.Point(20, 60)
$label2.Text = "Username 2:"
$form.Controls.Add($label2)
$textBox2 = New-Object System.Windows.Forms.TextBox
$textBox2.Location = New-Object System.Drawing.Point(120, 60)
$textBox2.Size = New-Object System.Drawing.Size(200, 20)
$textBox2.Text = $ComparisonResults.Username2
$form.Controls.Add($textBox2)
$compareButton = New-Object System.Windows.Forms.Button
$compareButton.Location = New-Object System.Drawing.Point(350, 50)
$compareButton.Size = New-Object System.Drawing.Size(100, 30)
$compareButton.Text = "Compare"
$compareButton.Add_Click({
$ComparisonResults = Get-PWADGroupComparison -Identity1 $textBox1.Text -Identity2 $textBox2.Text
Show-ComparisonResults -ComparisonResults $ComparisonResults
})
$form.Controls.Add($compareButton)
$labelResults = New-Object System.Windows.Forms.Label
$labelResults.Location = New-Object System.Drawing.Point(20, 100)
$labelResults.Text = "Groups for:"
$form.Controls.Add($labelResults)
$textBoxResults = New-Object System.Windows.Forms.TextBox
$textBoxResults.Location = New-Object System.Drawing.Point(20, 120)
$textBoxResults.Size = New-Object System.Drawing.Size(650, 300)
$textBoxResults.Multiline = $true
$textBoxResults.ScrollBars = "Vertical" # Adding scroll bar
$textBoxResults.ReadOnly = $true
$textBoxResults.WordWrap = $false # Allowing horizontal scrolling
$form.Controls.Add($textBoxResults)
# Handle the form's Resize event to resize the text box dynamically
$form.add_Resize({
$textBoxResults.Width = $form.ClientSize.Width - 40 # Adjusting for margins
$textBoxResults.Height = $form.ClientSize.Height - 220 # Adjusting for other controls and margins
})
$form.Add_Shown({ $form.Activate() })
$form.ShowDialog()
# Display results in the text box
$textBoxResults.Text = @"
Results for $($ComparisonResults.Username1) and $($ComparisonResults.Username2):
Common Groups:
$($ComparisonResults.CommonGroups -join "`r`n")
Unique Groups for $($ComparisonResults.Username1):
$($ComparisonResults.UniqueGroupsUser1 -join "`r`n")
Unique Groups for $($ComparisonResults.Username2):
$($ComparisonResults.UniqueGroupsUser2 -join "`r`n")
"@
}
# Function to show results in the same Comparison GUI
function Show-ComparisonResults {
param (
[hashtable]$ComparisonResults
)
# Update existing TextBox with results
$textBoxResults.Text = @"
Results for $($ComparisonResults.Username1) and $($ComparisonResults.Username2):
Common Groups:
$($ComparisonResults.CommonGroups -join "`r`n")
Unique Groups for $($ComparisonResults.Username1):
$($ComparisonResults.UniqueGroupsUser1 -join "`r`n")
Unique Groups for $($ComparisonResults.Username2):
$($ComparisonResults.UniqueGroupsUser2 -join "`r`n")
"@
}
# Example: Show GUI with text boxes for entering usernames
Show-ComparisonGUI -ComparisonResults @{
Username1 = ""
Username2 = ""
CommonGroups = @()
UniqueGroupsUser1 = @()
UniqueGroupsUser2 = @()
}
Great Script - "Wrote up a GUI for it"
Thanks for the script, the GUI does make it easier. Have a great day.
Add new comment