Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- ## Your AD domain name
- $ADDomain = 'dc=example,dc=com'
- ## Dynamic group name
- $ADGroupname = ' DLGRP_PasswordReset '
- ## OU list to search users
- $ADOUs = @(
- "OU=Users,$ADDomain",
- "OU=Users,$ADDomain"
- )
- $users = @()
- # Searching users in the specified OUs
- foreach($OU in $ADOUs){
- $users += Get-ADUser -SearchBase $OU
- }
- foreach($user in $users)
- {
- Add-ADGroupMember -Identity $ADGroupname -Members $user.samaccountname -ErrorAction SilentlyContinue
- }
- ## Make sure that each user in the group meets the selection criteria. If not (moved to another OU, changed the Department field), they must be removed from the group
- $members = Get-ADGroupMember -Identity $ADGroupname
- foreach($member in $members)
- {
- if($member.distinguishedname -notlike "*OU=Users,$ADDomain*”
- {
- Remove-ADGroupMember -Identity $ADGroupname -Members $member.samaccountname -Confirm:$false
- }
- if ((Get-ADUser -identity $member -properties Title|Select-Object Title).title -notlike "Manager" )
- {
- Remove-ADGroupMember -Identity $ADGroupname -Members $member.samaccountname -Confirm:$false
- }
- }
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement
