Script: Compare-ADGroups.ps1

Posted on by Carol

I recently wanted to do some analysis of existing groups in a well established AD that has a lot of groups (more groups than users in fact). I was hoping to find groups that looked like good candidates for conversion to role-based (aka criteria-based) groups.

I came across a great script by Ashley McGlone that compares groups in AD to each other, looking for percentage membership matches: https://gallery.technet.microsoft.com/PowerShell-to-Find-Stale-441759fc.

I’ve made a number of modification to this script so it now also:

  • Compares groups in one OU to groups in another – this allows me to compare to an OU of “IAM managed” groups looking for suitable nesting candidates,
  • Compares groups to a CSV of “proposed groups” to give an idea about whether it would help to create new role-based groups,
  • Starts writing the report file as soon as results are available – the original script waited right until the end, which can be a very long wait if you have a lot of comparisons.

My modified version is here: https://www.wapshere.com/missmiis/compare-adgroups-ps1

I've been doing IT for 30 years, and IdM for 15. I live in Australia and build IdM solutions based on Microsoft Identity Manager. I also play the violin, but that doesn't help much with the IdM solutions.

Leave a Reply

Your email address will not be published. Required fields are marked *

CAPTCHA Image

*