Last active
August 8, 2023 16:03
-
-
Save Fantasillion/46e5030a0bde4ac47fd4ea385c28057d to your computer and use it in GitHub Desktop.
Add Win 10 and Win 11 devices to separate Security Groups
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
# Import the ActiveDirectory module | |
Import-Module ActiveDirectory | |
# Define the names of your groups | |
$win10Group = "Windows 10 Computers" | |
$win11Group = "Windows 11 Computers" | |
# Define the OU from where you want to get computer objects. Replace OU=Computers,DC=YourDomain,DC=com with your OU | |
$ou = "OU=Computers,DC=YourDomain,DC=com" | |
# Create the Windows 10 group in a specific OU. Replace OU=Groups,DC=YourDomain,DC=com | |
New-ADGroup -Name $win10Group -GroupScope Global -GroupCategory Security -Path "OU=Groups,DC=YourDomain,DC=com" -PassThru | |
# Create the Windows 11 group in a specific OU. Replace OU=Groups,DC=YourDomain,DC=com | |
New-ADGroup -Name $win11Group -GroupScope Global -GroupCategory Security -Path "OU=Groups,DC=YourDomain,DC=com" -PassThru | |
# Get all computer objects from the specified OU | |
$computers = Get-ADComputer -Filter * -SearchBase $ou | |
# For each computer | |
foreach ($computer in $computers) { | |
# Get the operating system | |
$os = (Get-ADComputer $computer -Property OperatingSystem).OperatingSystem | |
# Check if it's Windows 10 | |
if ($os -like "*Windows 10*") { | |
# Add to Windows 10 group | |
Add-ADGroupMember -Identity $win10Group -Members $computer | |
# Ensure it's not in the Windows 11 group | |
Remove-ADGroupMember -Identity $win11Group -Members $computer -Confirm:$false | |
} | |
# Check if it's Windows 11 | |
elseif ($os -like "*Windows 11*") { | |
# Add to Windows 11 group | |
Add-ADGroupMember -Identity $win11Group -Members $computer | |
# Ensure it's not in the Windows 10 group | |
Remove-ADGroupMember -Identity $win10Group -Members $computer -Confirm:$false | |
} | |
} |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment