Site Logo Image Maintenance Scripts

A repository of PowerShell Scripts to automate a variety of IT related maintenance tasks.

© 2025. All rights reserved.

Compare-GroupMembership.ps1

19 Sep 2025

Description

Purpose

Compares the group membership of two Active Directory users.

Detailed Description

The Compare-GroupMembership function compares the group membership of two Active Directory users and returns a list of all the groups that either user is a member of, along with a Boolean value indicating whether each user is a member of each group.

Back to Top

Usage

Example 1

Compare-GroupMembership -SourceUser "jdoe" -DestinationUser "asmith"

This example compares the group membership of the “jdoe” and “asmith” users.

Back to Top

Notes

Author: Your Name Date: Today’s Date

Back to Top

Script

<#
    .SYNOPSIS
        Compares the group membership of two Active Directory users.
    
    .DESCRIPTION
        The Compare-GroupMembership function compares the group membership of two Active Directory users and returns a list of all the groups that either user is a member of, along with a Boolean value indicating whether each user is a member of each group.
    
    .PARAMETER SourceUser
        The username of the source user to compare. Supports pipeline input.
    
    .PARAMETER DestinationUser
        The username of the destination user to compare. Supports pipeline input.
    
    .EXAMPLE
        Compare-GroupMembership -SourceUser "jdoe" -DestinationUser "asmith"
    
        This example compares the group membership of the "jdoe" and "asmith" users.
    
    .NOTES
        Author: Your Name
        Date:   Today's Date
#>

function Compare-GroupMembership {
    [CmdletBinding()]
    param (
        [Parameter(Mandatory = $true, ValueFromPipeline = $true)]
        [ValidateNotNullOrEmpty()]
        [string] $SourceUser,

        [Parameter(Mandatory = $true, ValueFromPipeline = $true)]
        [ValidateNotNullOrEmpty()]
        [string] $DestinationUser
    )

    begin {
        Write-Verbose "Starting group membership comparison..."
    }

    process {
        try {
            # Retrieve source user groups
            Write-Verbose "Retrieving groups for SourceUser: $SourceUser"
            $SourceUserObject = Get-ADUser -Identity $SourceUser -Properties MemberOf, PrimaryGroup
            $SourceUserGroups = @($SourceUserObject.MemberOf)
            $SourceUserPrimaryGroup = (Get-ADGroup -Identity $SourceUserObject.PrimaryGroup).DistinguishedName
            $SourceUserGroups += $SourceUserPrimaryGroup
        }
        catch {
            Write-Error "Failed to retrieve groups for SourceUser: $SourceUser. $_"
            return
        }

        try {
            # Retrieve destination user groups
            Write-Verbose "Retrieving groups for DestinationUser: $DestinationUser"
            $DestinationUserObject = Get-ADUser -Identity $DestinationUser -Properties MemberOf, PrimaryGroup
            $DestinationUserGroups = @($DestinationUserObject.MemberOf)
            $DestinationUserPrimaryGroup = (Get-ADGroup -Identity $DestinationUserObject.PrimaryGroup).DistinguishedName
            $DestinationUserGroups += $DestinationUserPrimaryGroup
        }
        catch {
            Write-Error "Failed to retrieve groups for DestinationUser: $DestinationUser. $_"
            return
        }

        # Combine and deduplicate all groups
        Write-Verbose "Combining and deduplicating group memberships..."
        $AllGroups = ($SourceUserGroups + $DestinationUserGroups) | Sort-Object -Unique

        # Retrieve group names
        Write-Verbose "Retrieving group names..."
        $GroupNames = @{}
        foreach ($Group in $AllGroups) {
            try {
                $GroupObject = Get-ADGroup -Identity $Group -ErrorAction Stop
                $GroupNames[$Group] = $GroupObject.Name
            }
            catch {
                Write-Verbose "Failed to retrieve group name for $Group. $_"
            }
        }

        # Generate output
        Write-Verbose "Generating output..."
        foreach ($Group in $AllGroups) {
            $GroupName = $GroupNames[$Group]
            $SourceUserMember = $SourceUserGroups -contains $Group
            $DestinationUserMember = $DestinationUserGroups -contains $Group

            [PSCustomObject]@{
                GroupName         = $GroupName
                DistinguishedName = $Group
                $SourceUser       = $SourceUserMember
                $DestinationUser  = $DestinationUserMember
            }
        }
    }

    end {
        Write-Verbose "Group membership comparison completed."
    }
}

Back to Top

Download

Please feel free to copy parts of the script or if you would like to download the entire script, simply click the download button. You can download the complete repository in a zip file by clicking the Download link in the menu bar on the left hand side of the page.

Report Issues

You can report an issue or contribute to this site on GitHub. Simply click the button below and add any relevant notes. I will attempt to respond to all issues as soon as possible.

Issue

Back to Top