PowerShell Script to Move ADUser to appropriate group based on its Department ID attribute

powershellwindows-server-2003-r2windows-server-2012-r2

I am new to PowerShell and AD, I have a small task which I am finding difficult to complete. Can someone please help me here ?

The task is as follows:

There are 3 groups defined in AD, namely

"CN=Technology Champion,OU=Exchange Distribution Lists,OU=Groups,DC=dpsnc,DC=local"
"CN=Media Contacts-ES,OU=School Groups,OU=Groups,DC=dpsnc,DC=local"
"CN=Media Contacts-SS,OU=School Groups,OU=Groups,DC=dpsnc,DC=local"

What I need to do is among all the Users that exist in 'Domain Users' , I need to check whether a User belongs to any one of the above mentioned groups. If the ADUser belongs to at least one of the above mentioned group then check his 'Department Id' attribute (which would be department_id = "304-BEE") and based on the department id attribute I have to move the ADObject to appropriate group whose name contain the 'department_id'

"CN=vBrick-ContentApprover.304-BEE.VC - Elementary,OU=Groups,OU=304-BEE,OU=VC - Elementary,DC=dpsnc,DC=local"
"CN=vBrick-ContentApprover.306-BMS.VC - Middle,OU=Groups,OU=306-BMS,OU=VC - Middle,DC=dpsnc,DC=local"
"CN=vBrick-ContentApprover.308-BUR.VC - Elementary,OU=Groups,OU=308-BUR,OU=VC - Elementary,DC=dpsnc,DC=local"

For example:

If a User is a member of the group "CN=Media Contacts-ES,OU=School Groups,OU=Groups,DC=dpsnc,DC=local" then I need to check his dept_id attribute, suppose the dept_id value is "304-BEE", then I need to move that ADObject to be a member of the group "CN=vBrick-ContentApprover.304-BEE.VC - Elementary,OU=Groups,OU=304-BEE,OU=VC - Elementary,DC=dpsnc,DC=local"

NOTE: The Powershell script should be compatible with Windows Server 2003 R2 and Windows Server 2012

To get started, I tried moving the ADUser using the custom attribute by using the following script:

get-qaduser -sizelimit 0 -includedproperties <CustomAttribute> |% {
if ($_.<customattribute> -eq "somevalue"){add-qadgroupmember <somegroup> -member $_}
if ($_.<customattribute> -eq "someothervalue"){add-qadgroupmember <someothergroup> -member $_}
...
...
}

I have not yet come up with the complete solution. I need some help with the complete script

Best Answer

This script will work for a group name Teacher( minor modification to this script can automate it for multiple groups as well) where I am using the 'title' attribute of ADUser and 'description' attribute of ADGroup to find a match, if match is found then the ADUser is added to the ADGroup.

$members = Get-ADGroupMember -Identity 'CN=Teacher,CN=Users,DC=DPSTest,DC=local' | %{Get-ADUser $_ -Properties title} 
$groups = Get-ADGroup -filter 'name -like "*vBrick-ContentApprover*"' -Properties description 

foreach ($member in $members) {
    if($groups.description -contains $member.title)
    {
        Add-ADGroupMember (Get-ADGroup -filter 'description -eq $member.title') -Members $member
    }
}

Any suggestions are welcome. Thank You all!

Related Topic