# encoding: ascii # api: powershell # title: Update AD Security Group # description: Update AD Security Group with users that have attribut X set. This script does all updates on the PDC emulator. # version: 0.1 # type: module # author: St3v3o # license: CC0 # function: Get-FSMORoles # x-poshcode-id: 2071 # x-archived: 2016-06-15T06:47:54 # x-published: 2011-08-16T08:19:00 # # #Active Directory Group Name To Be Edited #Load Active Directory Module if(@(get-module | where-object {$_.Name -eq "ActiveDirectory"} ).count -eq 0) {import-module ActiveDirectory} ###Functions function Get-FSMORoles { Param ( $Domain ) $DomainDN = $Domain.defaultNamingContext $FSMO = @{} # PDC Emulator $PDC = [adsi]("LDAP://"+ $DomainDN) $FSMO = $FSMO + @{"PDC" = $PDC.fsmoroleowner} return $FSMO } $Role = (Get-FSMORoles ([adsi]("LDAP://RootDSE"))) $PDC = $Role.PDC.ToString().split(",")[1] $PDC = $PDC.ToString().split("=")[1] #Active Directory Group Name $group="Test" #Search Active Directory for Users with Department X (Searches "PDC") $Users = Get-ADUser -Server $PDC -Filter {(department -eq "test") -and (objectclass -eq "user")} #Check to make sure Active Directory group exists $checkGroup=Get-ADGroup -Server $PDC -Filter {(name -eq $group)} if($checkGroup -eq $null) {echo "Group Doesn't Exist"; exit} #Get Members of the $group including child groups $groupmembers = Get-ADGroupMember "$group" -recursive -Server $PDC #Prep new array $gmembers = @() #Muck with groupmembers arrary data Foreach ($member in $groupmembers) { $gmembers += $member.SamAccountName } #Check to see if User is already a member of the group Foreach ($User in $Users) { If ($gmembers -notcontains $User.SamAccountName){Add-ADGroupMember -Server $PDC $group $User.SamAccountName } }