Add Win 10 and Win 11 devices to separate Security Groups

Add Win 10 and Win 11 devices to separate Security Groups.ps1

# Import the ActiveDirectory module
Import-Module ActiveDirectory

# Define the names of your groups
$win10Group = "Windows 10 Computers"
$win11Group = "Windows 11 Computers"

# Define the OU from where you want to get computer objects. Replace OU=Computers,DC=YourDomain,DC=com with your OU
$ou = "OU=Computers,DC=YourDomain,DC=com"

# Create the Windows 10 group in a specific OU. Replace OU=Groups,DC=YourDomain,DC=com
New-ADGroup -Name $win10Group -GroupScope Global -GroupCategory Security -Path "OU=Groups,DC=YourDomain,DC=com" -PassThru

# Create the Windows 11 group in a specific OU. Replace OU=Groups,DC=YourDomain,DC=com
New-ADGroup -Name $win11Group -GroupScope Global -GroupCategory Security -Path "OU=Groups,DC=YourDomain,DC=com" -PassThru

# Get all computer objects from the specified OU
$computers = Get-ADComputer -Filter * -SearchBase $ou

# For each computer
foreach ($computer in $computers) {
    # Get the operating system
    $os = (Get-ADComputer $computer -Property OperatingSystem).OperatingSystem

    # Check if it's Windows 10
    if ($os -like "*Windows 10*") {
        # Add to Windows 10 group
        Add-ADGroupMember -Identity $win10Group -Members $computer
        # Ensure it's not in the Windows 11 group
        Remove-ADGroupMember -Identity $win11Group -Members $computer -Confirm:$false
    }
    # Check if it's Windows 11
    elseif ($os -like "*Windows 11*") {
        # Add to Windows 11 group
        Add-ADGroupMember -Identity $win11Group -Members $computer
        # Ensure it's not in the Windows 10 group
        Remove-ADGroupMember -Identity $win10Group -Members $computer -Confirm:$false
    }
}