bill-long/Compare-GroupMembership.ps1

## Compare-GroupMembership.ps1
# Compare-GroupMembership.ps1
#
# Compares group membership across all GCs to verify replication.

param($Alias)

$forest = [System.DirectoryServices.ActiveDirectory.Forest]::GetCurrentForest()
$allGCs = $forest.FindAllGlobalCatalogs()
$dictionary = New-Object 'System.Collections.Generic.Dictionary[string, System.Collections.Generic.HashSet[string]]'
foreach ($gc in $allGCs) {
    $searcher = $gc.GetDirectorySearcher()
    $searcher.Filter = "(mailnickname=" + $Alias + ")"
    $result = $searcher.FindOne()
    $members = New-Object 'System.Collections.Generic.HashSet[string]'
    $offset = 0
    do {
        $countReturned = 0
        $memberFinderResults = $null
        $memberRangeProp = ("member;range=" + $offset + "-*")
        $memberFinder = New-Object System.DirectoryServices.DirectorySearcher($result.Path, "(objectClass=*)", @("distinguishedName", $memberRangeProp), "Base")
        try {
            $memberFinderResults = $memberFinder.FindOne()
        }
        catch { }
        foreach ($property in $memberFinderResults.Properties.Keys) {
            if ($property.StartsWith("member;")) {
                $countReturned = $memberFinderResults.Properties[$property].Count
                foreach ($val in $memberFinderResults.Properties[$property]) {
                    $members.Add($val) | Out-Null
                }
            }
        }

        $offset += $countReturned
    } while ($countReturned -gt 0)

    Write-Host $gc ":" $members.Count "members"
    $dictionary.Add($gc, $members)
}

# We have the group membership from all GCs
# Now get a list of all unique values
$uniqueValues = New-Object 'System.Collections.Generic.HashSet[string]'
foreach ($key in $dictionary.Keys) {
    $uniqueValues.UnionWith($dictionary[$key])
}

Write-Host $uniqueValues.Count "members across all GCs"

foreach ($key in $dictionary.Keys) {
    $membersOnThisGC = $dictionary[$key]
    foreach ($val in $uniqueValues) {
        if (!($membersOnThisGC.Contains($val))) {
            Write-Host $key "missing value:" $val
        }
    }
}
	# Compare-GroupMembership.ps1
	#
	# Compares group membership across all GCs to verify replication.

	param($Alias)

	$forest = [System.DirectoryServices.ActiveDirectory.Forest]::GetCurrentForest()
	$allGCs = $forest.FindAllGlobalCatalogs()
	$dictionary = New-Object 'System.Collections.Generic.Dictionary[string, System.Collections.Generic.HashSet[string]]'
	foreach ($gc in $allGCs) {
	$searcher = $gc.GetDirectorySearcher()
	$searcher.Filter = "(mailnickname=" + $Alias + ")"
	$result = $searcher.FindOne()
	$members = New-Object 'System.Collections.Generic.HashSet[string]'
	$offset = 0
	do {
	$countReturned = 0
	$memberFinderResults = $null
	$memberRangeProp = ("member;range=" + $offset + "-*")
	$memberFinder = New-Object System.DirectoryServices.DirectorySearcher($result.Path, "(objectClass=*)", @("distinguishedName", $memberRangeProp), "Base")
	try {
	$memberFinderResults = $memberFinder.FindOne()
	}
	catch { }
	foreach ($property in $memberFinderResults.Properties.Keys) {
	if ($property.StartsWith("member;")) {
	$countReturned = $memberFinderResults.Properties[$property].Count
	foreach ($val in $memberFinderResults.Properties[$property]) {
	$members.Add($val) \| Out-Null
	}
	}
	}

	$offset += $countReturned
	} while ($countReturned -gt 0)

	Write-Host $gc ":" $members.Count "members"
	$dictionary.Add($gc, $members)
	}

	# We have the group membership from all GCs
	# Now get a list of all unique values
	$uniqueValues = New-Object 'System.Collections.Generic.HashSet[string]'
	foreach ($key in $dictionary.Keys) {
	$uniqueValues.UnionWith($dictionary[$key])
	}

	Write-Host $uniqueValues.Count "members across all GCs"

	foreach ($key in $dictionary.Keys) {
	$membersOnThisGC = $dictionary[$key]
	foreach ($val in $uniqueValues) {
	if (!($membersOnThisGC.Contains($val))) {
	Write-Host $key "missing value:" $val
	}
	}
	}