This function compares the members of one group with the members of another. The comparison can be performed on objects that inherit from this group with the recursive mode

  This function used the get-adgroupmember command result in recursive mode or not.   

   It returns a table indicating the LDAP name of the objects as well as whether they are members of one or both groups.        It requires the ActiveDirectory PowerShell module   

No recursive mode :

.\Compare-ADGroup.ps1 -FirstGroup "SDL-CT-Partage-Info" -SecondGroup "SG-Service-Technique" -Recursive $False | fl

UserDn   : CN=SG-Service-Informatique,OU=Securite_global,OU=Groupes,DC=htrab,DC=lan

MemberOf : OnlyFirst

 

UserDn   : CN=Philippe BARTH,OU=Utilisateurs,DC=htrab,DC=lan

MemberOf : OnlySecond

 

UserDn   : CN=Pierre Durand,OU=Utilisateurs,DC=htrab,DC=lanMemberOf : OnlySecond

 

Same group in recursive mode :

.\Compare-ADGroup.ps1 -FirstGroup "SDL-CT-Partage-Info" -SecondGroup "SG-Service-Technique" -Recursive $True

 

UserDn   : CN=Patrick Dupond,OU=Utilisateurs,DC=htrab,DC=lan   

MemberOf : OnlyFirst

 

UserDn   : CN=Philippe BARTH,OU=Utilisateurs,DC=htrab,DC=lan   

MemberOf : Both

 

UserDn   : CN=Pierre Durand,OU=Utilisateurs,DC=htrab,DC=lan   

MemberOf : OnlySecond

 

This example give the inherited member of the both group 

.\Compare-ADGroup.ps1 -FirstGroup "SDL-CT-Partage-Info" -SecondGroup "SG-Service-Technique" -Recursive $True | Where { $_.memberof -eq "Both" }

UserDn                               MemberOf                                        

CN=Philippe BARTH,OU=Utilisateurs,DC=htrab,DC=lan Both