Last active
October 18, 2018 14:20
-
-
Save jschlackman/33a0282aeca9ef16500a57bfdffa10e7 to your computer and use it in GitHub Desktop.
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # Name: Update-WorkstationUsers.ps1 | |
| # Author: James Schlackman | |
| # Last Modified: Oct 17 2018 | |
| # | |
| # Updates a given AD group with a list of users who have been assigned to a workstation via the computer account's managedBy attribute | |
| # Group to update | |
| $userGroup = "CN=Workstation Users,OU=Mail Groups,DC=contoso,DC=com" | |
| # Get all users assigned to an active computer via the computer account's managedBy attribute | |
| $assignedUsers = (Get-ADComputer -LDAPFilter "(!userAccountControl:1.2.840.113556.1.4.803:=2)(managedBy=*)" -Properties managedBy | Select -ExpandProperty managedBy -Unique) | |
| # Enumerate current users in the group and remove any that do not have a computer assigned | |
| Get-ADGroupMember -Identity $userGroup | ForEach-Object { | |
| If ($assignedUsers -notcontains $_) {Remove-ADGroupMember -Identity $userGroup -Members $_ -Confirm:$False} | |
| } | |
| # Add any assigned users missing from the group | |
| Add-ADGroupMember -Identity $userGroup -Members $assignedUsers -Confirm:$False | |
| # Log last sync date | |
| Set-ADGroup -Identity $userGroup -Replace @{adminDescription="Last sync: $((Get-Date).ToShortDateString()) $((Get-Date).ToShortTimeString()), $($env:COMPUTERNAME)"} |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment