Many Scenario we push GPO, based on Server Group Member Info. The below Scrips will help us to Add Servers into Specific ADGroup.
# Specify list of OU followed by Comma Separator.
$OUs = "OU=DomainServer,OU=DomainObjects,DC=lab,DC=local","OU=DomainAdmin,OU=DomainObjects,DC=lab,DC=local"
# Active Directory Group
$ADGroup = "CN=GroupA,OU=DomainGroup,OU=DomainObjects,DC=lab,DC=local"
# Check each OU One at time
foreach ($OU in $OUs){
# Store All Servers in each OU
$Servers = Get-Adcomputer -Filter * -SearchBase $OU
# Check each Server in Specifiy OU
foreach ($Server in $Servers){
# Collecting Server Group Memberof Information
$ServerGroupInfo = Get-ADComputer -Identity $Server -Properties * | Select-Object MemberOF -ExpandProperty MemberOF
# Check if Server is Memberof AD Group
If($ServerGroupInfo -contains $ADGroup){
# IF Server is MemberOf ADGroup, update Log
$Log = "$Server is MemberOF $ADGroup" |Out-File -Append ".\Report.log"
}else{
# If Server not Memberof ADGroup, Add Server object into ADGroup
Add-ADPrincipalGroupMembership -Identity $Server -MemberOf $ADGroup
# Finally Update log
$Log = "$Server is Added to $ADGroup" | Out-File -Append ".\Report.log"
}
}
}
# Specify list of OU followed by Comma Separator.
$OUs = "OU=DomainServer,OU=DomainObjects,DC=lab,DC=local","OU=DomainAdmin,OU=DomainObjects,DC=lab,DC=local"
# Active Directory Group
$ADGroup = "CN=GroupA,OU=DomainGroup,OU=DomainObjects,DC=lab,DC=local"
# Check each OU One at time
foreach ($OU in $OUs){
# Store All Servers in each OU
$Servers = Get-Adcomputer -Filter * -SearchBase $OU
# Check each Server in Specifiy OU
foreach ($Server in $Servers){
# Collecting Server Group Memberof Information
$ServerGroupInfo = Get-ADComputer -Identity $Server -Properties * | Select-Object MemberOF -ExpandProperty MemberOF
# Check if Server is Memberof AD Group
If($ServerGroupInfo -contains $ADGroup){
# IF Server is MemberOf ADGroup, update Log
$Log = "$Server is MemberOF $ADGroup" |Out-File -Append ".\Report.log"
}else{
# If Server not Memberof ADGroup, Add Server object into ADGroup
Add-ADPrincipalGroupMembership -Identity $Server -MemberOf $ADGroup
# Finally Update log
$Log = "$Server is Added to $ADGroup" | Out-File -Append ".\Report.log"
}
}
}
No comments:
Post a Comment