Untitled

function AskJoinGroups { #Joins user to AD groups.
    $CanUseGPO = $true
    try {
        Import-Module GroupPolicy -ErrorAction Stop
        $GPO = Get-GPO -All
    }
    catch {
        Write-Host "Module GroupPolicy not Installed. Cannot match by drive letter." -ForegroundColor Yellow
        $CanUseGPO = $false
    }
    $GroupName = Read-Host "`nIf your user needs to be joined or removed from any additional groups, please name them one at a time.`nIf you know the drive letter the user needs access to, enter that instead (no colon).`nIf neither, press enter to proceed, or enter `'?`' for a list of all groups"
    if ($GroupName -eq "") {
        return
    }
    elseif ($GroupName -eq '?') {
        Get-ADGroup -Filter {Name -like "*"} | select -ExpandProperty Name | Out-Host
    }
    elseif (($GroupName.length -eq 1) -and ($GroupName -match "^[A-Za-z]+$") -and ($CanUseGPO -eq $true)) {
        $GPOResults = @{}
        $GPOPerm = @{}
        ForEach ($Policy in $GPO){
            $GPOID = $Policy.Id
            $GPODom = $Policy.DomainName
            $GPODisp = $Policy.DisplayName
            if ((Test-Path "\\$($GPODom)\SYSVOL\$($GPODom)\Policies\{$($GPOID)}\User\Preferences\Drives\Drives.xml") -and ($Policy.GpoStatus -eq "AllSettingsEnabled")) {
                [xml]$DriveXML = Get-Content "\\$($GPODom)\SYSVOL\$($GPODom)\Policies\{$($GPOID)}\User\Preferences\Drives\Drives.xml"
                ForEach ($drivemap in $DriveXML.Drives.Drive ) {
                    if ($drivemap.Properties.Letter -eq $GroupName) {
                        if ($drivemap.Filters.FilterGroup.Name -eq $null) {
                            $PermArray = (Get-GPPermissions -Name $GPODisp -All | ?{$_.Permission -eq "GpoApply"}).Trustee.Name
                            ForEach ($Perm in $PermArray) {
                                $GPOPerm.$GPODisp += @("$Perm")
                            }
                            continue
                        }
                        else {
                            $garbage, $GPOName = ($drivemap.Filters.FilterGroup.Name.split("`\"))
                            $GPOResults.$GPODisp += @("$GPOName")
                        }
                    }
                }
            }
        }
        if ($GPOResults.Count -ne 0) {
            $ItemTargetResults = @($GPOResults.Values)
        }
        if (($GPOResults.Count -eq 0) -and ($GPOPerm.Count -ne 0)) {
            Write-Host "`nItem level targetting is not applied for this drive.`nThe user must be a member of any of the following groups/OU's for this drive to be mapped:"
            $GPOPerm.Keys | Select @{l='GPO Object';e={$_}},@{l='Scope OU/Group';e={$GPOPerm.$_}} | Out-Host
        }
        elseif ($GPOResults.Keys -contains "Domain Users") {
            Write-Host "`nThis drive is mapped to Domain Users and does not require explicit mapping." -ForegroundColor Yellow
        }
        elseif (($GPOResults.Count -ne 0) -and ($GPOPerm.Count -ne 0)) {
            Write-Host "`nMultiple item-level targetting and scope-targetting mappings found for the specified drive letter. Add one of the following if you dare. God help you."
            $GPOPerm.Keys | Select @{l='GPO Object';e={$_}},@{l='Scope OU/Group';e={$GPOPerm.$_}} | Out-Host
            $GPOResults.Keys | Select @{l='GPO Object';e={$_}},@{l='Group Name';e={$GPOResults.$_}} | Out-Host
        }
        elseif ($ItemTargetResults.Length -eq 1) {
            $SingleGPO = $ItemTargetResults[0]
            $Match = ProcessGroup ($SingleGPO)
        }
        elseif (($ItemTargetResults.Length -ge 2) -and ($GPOPerm.Count -eq 0)) {
            $GPOResults.Keys | Select @{l='GPO Object';e={$_}},@{l='Group Name';e={$GPOResults.$_}} | Out-Host
            $Match = $False
            $Choice = Read-Host -Prompt "`nMultiple Groups map to the specified drive letter. Please enter the appropriate group name"
            ForEach ($Listing in $GPOResults.Values) {
                if ($Choice -eq $Listing) {
                    $Match = ProcessGroup ($Listing)
                }
            }
            if ($Match -eq $False) {
                Write-Host "`nInvalid selection. Please try again." -ForegroundColor Yellow
            }
        }
        else {
            $GroupName = $GroupName.ToUpper() + ":"
            Write-Host "`nNo groups found mapped to drive letter $GroupName.`nPlease try again, or enter the specific group name." -ForegroundColor Yellow
        }
    }
    elseif ((Get-ADGroup -Filter {Name -eq $GroupName}) -eq $null) {
        Write-Host "`nThat group does not exist. Please try again." -ForegroundColor Yellow
    }
    else {
        $Match = ProcessGroup ($GroupName)
    }
    AskJoinGroups
}

function ProcessGroup ($SingleGPO) {
    $GroupDN = (Get-ADGroup -Filter {Name -eq $SingleGPO}).DistinguishedName
    $RealGroupName = (Get-ADGroup -Filter {Name -eq $SingleGPO}).Name
    if ((Get-ADGroupMember -Identity $GroupDN).Name -contains $FullName) {
        $choose = Read-Host -Prompt "`n$Firstname already belongs to this group. Would you like to remove them from this group? y/n"
        if ($choose -eq 'y') {
            Remove-ADGroupMember -Identity $GroupDN -Members $Sam -Confirm:$false
            $script:Properties['Groups'] = @($script:Properties['Groups'] | ?{$_ -ne "$RealGroupName"})
            Write-Host "`n$Firstname has been removed from $RealGroupName"
        }
        else {
            Write-Host "`nMembership has not been changed."
        }
    }
    else {
        Add-ADGroupMember -Identity $GroupDN -Members $Sam
        Write-Host "`nSuccess! $Sam was joined to $RealGroupName."
        $script:Properties.Groups += @($RealGroupName)
    }
    return $True
}