Written
January 16, 2013
Very Interesting. The error means the user is member of two groups with the same sAMAccountName (pre-Windows 2000 name). I never anticipated this (sAMAccountName should be unique in the domain). There are two ways this can happen. One is if the same group is created by two admins at almost the same time while connected to different DC's, so the objects are saved before replication exposes the conflict. This should be rare, and the duplicate should be deleted. The more likely cause is that the user is a member of two different groups with the same sAMAccountName in different domains in the same forest.
In the script, $Group is the group name in the form "Domain\GroupName", where "Domain" is the NetBIOS name of the domain and "GroupName" is the sAMAccountName of the group. Your user is a member of "Domain1\Group1" and "Domain2\Group1". The script only saves the name "Group1" in the hash table, so the function can test for membership in the group "Group1" (without the domain name).
Assuming my theory is correct, the solution is to identify groups by "Domain\GroupName". In place of this statement:
$GroupList.Add($ADObject.sAMAccountName.ToString() `
+ "\" + $Group.Value.Split("\")[1], $True)
use this:
$GroupList.Add($ADObject.sAMAccountName.ToString() `
+ "\" + $Group.Value, $True)
In addition, the name of the group passed to the function must be in the form "Domain\GroupName". For example:
If (IsMember $User "Domain1\Group1" -eq $True)
{
"User " + $User.sAMAccountName + " is a member of group Domain1\Group1"
}