Abstract: I recently need a way to add all users to a AD group and keep the group up to date on a scheduled basis. I accomplished that task with the Quest ActiveRoles Management Shell.
Note: This script required the “Quest ActiveRoles Mangement Shell Version 1.5.1” which is the latest known free version. It can be found in the internet if needed.
HowToUse:
You need to specify the AD OUs (Example: DE1, DE2, DE3,…) inside the script and create the needed groups (Example: DE1-Sharepoint-Users, DE2-Sharepoint-Users, DE3-Sharepoint-Users, …). If you then run the script it checks the members inside the given OU and added them to the given AD group for that OU (if the user is still missing in that group).
if ( (Get-PSSnapin -Name Quest.ActiveRoles.ADManagement) -eq $null )
{
Add-PSSnapin Quest.ActiveRoles.ADManagement
}
#—————————————————
# LOG
$dt = Get-Date -format “yyyyMMdd_hhmm”
$log = ($MyInvocation.MyCommand.Name).Replace(“.ps1″,”_$dt.log”)
$file = “C:\Scripts\logs\” + $log
start-transcript $file
# we will clean our error logfile now
$error.clear()
Write-Host “Logging to:”$file -foregroundcolor Black -backgroundcolor White
#—————————————————
# FUNCTIONS
# Function that enables ActiveSynce for members of each group function
function GrandOUUserAccessToPublicSharepointSection {
param([string]$OrgUnit)
Write-Host “————————————–” -foregroundcolor green
Write-Host “Working in: “$OrgUnit -foregroundcolor green
#reset variables
$NonAgentGroupMembers = “”
$NonUserGroupMembers = “”
try {
# Assign all non existing members of the group to a dynamic array
Write-Host “Build array with agents which are missing in the group” -foregroundcolor Black -backgroundcolor Green
$NonAgentGroupMembers = Get-QADUser -searchroot “emea.contoso.com/$OrgUnit/Agents” -NotMemberOf “$OrgUnit-Sharepoint-Users”
if ($NonAgentGroupMembers)
{
# Add missing users to the security group
Write-Host “Add missing agents to security group” -foregroundcolor Black -backgroundcolor Green
Add-qadgroupmember -identity “$OrgUnit-Sharepoint-Users” -member $NonAgentGroupMembers
}
else
{
Write-Host “No missing agents found” -foregroundcolor Black -backgroundcolor Green
}
# Assign all non existing members of the group to a dynamic array
Write-Host “Build array with staff user which are missing in the group” -foregroundcolor Black -backgroundcolor Green
$NonUserGroupMembers = Get-QADUser -searchroot “emea.contoso.com/$OrgUnit/Staff” -NotMemberOf “$OrgUnit-Sharepoint-Users”
if ($NonUserGroupMembers)
{
# Add missing users to the security group
Write-Host “Add missing staff users to security group” -foregroundcolor Black -backgroundcolor Green
Add-qadgroupmember -identity “$OrgUnit-Sharepoint-Users” -member $NonUserGroupMembers
}
else
{
Write-Host “No missing staff user found” -foregroundcolor Black -backgroundcolor Green
}
}
catch {
# Email Failure Report to Perinet
$ErrorMessage = $_.Exception.Message
$ErrorMailText_Body = “Error during ganting public sharepoint rights:`n$ErrorMessage”
Send-MailMessage -From “AutoTask@emea.contoso.com” -To “bastian@emea.contoso.com” -Subject “SharepaintAutoTask: Error during ganting public sharepoint rights” –Body $ErrorMailText_Body –SmtpServer smtpsrv.emea.contoso.com
# Con-Out “Exception im Backupscript: ” + $ErrorMessage
}
Write-Host “————————————–” -foregroundcolor green
}
#Manage ActiveSync for the given group(s)
GrandOUUserAccessToPublicSharepointSection “DE1”
GrandOUUserAccessToPublicSharepointSection “DE2”
GrandOUUserAccessToPublicSharepointSection “DE3”
GrandOUUserAccessToPublicSharepointSection “DE4”
GrandOUUserAccessToPublicSharepointSection “DE5”
if ($error) {
$ErrorMailText_Body = “Error during ganting public sharepoint rights:`n”
$ErrorMailText_Body = $ErrorMailText_Body += “————————————–`n”
foreach($SingleError in $error) {
# $Error[0] | Format-List -Force
$ErrorMailText_Body = $ErrorMailText_Body += “Exception: “+$SingleError.Exception+”`n”
$ErrorMailText_Body = $ErrorMailText_Body += “TargetObject: “+$SingleError.TargetObject+”`n”
$ErrorMailText_Body = $ErrorMailText_Body += “CategoryInfo: “+$SingleError.CategoryInfo+”`n”
$ErrorMailText_Body = $ErrorMailText_Body += “InvocationInfo: “+$SingleError.InvocationInfo+”`n”
$ErrorMailText_Body = $ErrorMailText_Body += “FullyQualifiedErrorId: “+$SingleError.FullyQualifiedErrorId+”`n”
$ErrorMailText_Body = $ErrorMailText_Body += “OriginInfo: “+$SingleError.OriginInfo+”`n”
$ErrorMailText_Body = $ErrorMailText_Body += “————————————–`n”
$ErrorMailText_Body = $ErrorMailText_Body += “`n”
}
Send-MailMessage -From “AutoTask@emea.contoso.com” -To “bastian@emea.contoso.com” -Subject “SharepaintAutoTask: Error during ganting public sharepoint rights” –Body $ErrorMailText_Body –SmtpServer smtpsrv.emea.contoso.com
}
stop-transcript
Exit 0