PoshCode Archive  Artifact Content

Artifact 6990830cb2c10c86612d67f7ecf41233b33203ee94290780f32d66ff09bb2535:

  • File Update-AD-Security-Group.ps1 — part of check-in [62a96998e8] at 2018-06-10 13:04:41 on branch trunk — Update AD Security Group with users that have attribut X set. This script does all updates on the PDC emulator. (user: St3v3o size: 1856)

# encoding: ascii
# api: powershell
# title: Update AD Security Group
# description: Update AD Security Group with users that have attribut X set.  This script does all updates on the PDC emulator.
# version: 0.1
# type: module
# author: St3v3o
# license: CC0
# function: Get-FSMORoles
# x-poshcode-id: 2071
# x-archived: 2016-06-15T06:47:54
# x-published: 2011-08-16T08:19:00
#
#
#Active Directory Group Name To Be Edited
#Load Active Directory Module
if(@(get-module | where-object {$_.Name -eq "ActiveDirectory"} ).count -eq 0) {import-module ActiveDirectory}

###Functions
function Get-FSMORoles
{
Param (
  $Domain
  )
  
  $DomainDN = $Domain.defaultNamingContext
  
  $FSMO = @{}
#  PDC Emulator
  $PDC  = [adsi]("LDAP://"+ $DomainDN)
  $FSMO  = $FSMO + @{"PDC" = $PDC.fsmoroleowner}
  return $FSMO
}
$Role = (Get-FSMORoles ([adsi]("LDAP://RootDSE")))

$PDC = $Role.PDC.ToString().split(",")[1]
$PDC = $PDC.ToString().split("=")[1]

#Active Directory Group Name
$group="Test"

#Search Active Directory for Users with Department X (Searches "PDC")
$Users = Get-ADUser -Server $PDC -Filter {(department -eq "test") -and (objectclass -eq "user")}

#Check to make sure Active Directory group exists
$checkGroup=Get-ADGroup -Server $PDC -Filter {(name -eq $group)}

if($checkGroup -eq $null)
	{echo "Group Doesn't Exist"; exit}

#Get Members of the $group including child groups
$groupmembers = Get-ADGroupMember  "$group" -recursive -Server $PDC
#Prep new array
$gmembers = @()
#Muck with groupmembers arrary data
Foreach ($member in $groupmembers) {
	$gmembers += $member.SamAccountName
	}
	
#Check to see if User is already a member of the group
Foreach ($User in $Users) {
	If ($gmembers -notcontains $User.SamAccountName){Add-ADGroupMember -Server $PDC $group $User.SamAccountName }
	}