Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- <#
- PowerShell to join computer object to Active Directory Group without AD module being imported
- This finds the computer object anywhere in AD and adds it to a security group in a known location
- #>
- #Get computer name
- $ComputerName = gc env:computername
- If ((Get-WmiObject win32_systemenclosure).ChassisTypes -eq 9)
- {
- $GroupName = "ScGGNotebooks"
- $GroupPath = "CN=$GroupName,OU=ScNotebooksGroups,OU=ScNotebooks,OU=SC,DC=ct,DC=er,DC=lcl"
- $TargetOU = "OU=MBAM,OU=8&10 Notebooks,OU=ScWindows8&10,OU=SC,DC=ct,DC=er,DC=lcl"
- }
- ElseIf ((Get-WmiObject win32_systemenclosure).ChassisTypes -ne 9)
- {
- If (([environment]::OSVersion.Version).Major -eq 10)
- {
- $GroupName = "ScGGWorkstations"
- $GroupPath = "CN=$GroupName,OU=ScWorkstationsGroups,OU=ScWorkstations,OU=SC,DC=ct,DC=er,DC=lcl"
- $TargetOU = "OU=8&10 Workstations,OU=ScWindows8&10,OU=SC,DC=ct,DC=er,DC=lcl"
- }
- ElseIf (([environment]::OSVersion.Version).Major -eq 6)
- {
- $tsenv = New-Object -COMObject Microsoft.SMS.TSEnvironment
- If (($tsenv.Value("TSFTR") -eq "Y") -OR ($tsenv.Value("TSFTR") -eq "y"))
- {
- $GroupName = "ScGGFTR"
- $TargetOU = "OU=Windows7 FTR Computers,OU=ScFTRComputers,OU=SC,DC=ct,DC=er,DC=lcl"
- $GroupPath = "CN=ScggFTR,OU=ScFTRGroups,OU=ScFTRComputers,OU=SC,DC=ct,DC=er,DC=lcl"
- }
- Else
- {
- $GroupName = "ScGGWorkstations"
- $TargetOU = "OU=7Workstations-PU,OU=ScWindows7,OU=SC,DC=ct,DC=er,DC=lcl"
- $GroupPath = "CN=ScGGWorkstations,OU=ScWorkstationsGroups,OU=ScWorkstations,OU=SC,DC=ct,DC=er,DC=lcl"
- }
- }
- }
- #Check to see if computer is already a member of the group
- $isMember = new-object DirectoryServices.DirectorySearcher([ADSI]"")
- $ismember.filter = “(&(objectClass=computer)(sAMAccountName= $Computername$)(memberof=$GroupPath))”
- $isMemberResult = $isMember.FindOne()
- #If the computer is already a member of the group, just exit.
- If ($isMemberResult) {exit}
- #else
- #If the computer is NOT a member of the group, add it.
- $searcher = new-object DirectoryServices.DirectorySearcher([ADSI]"")
- $searcher.filter = “(&(objectClass=computer)(sAMAccountName= $Computername$))”
- $FoundComputer = $searcher.FindOne()
- $P = $FoundComputer | select Path
- $ComputerPath = $P.Path
- $GroupPath = "LDAP://$GroupPath"
- #$Group = [ADSI]"$GroupPath"
- $username = "ct\scit-o"
- $key = (3,4,2,3,56,34,254,222,1,1,2,23,42,54,33,233,1,34,2,7,6,5,35,43)
- $encrypted = Get-Content .\encrypted.txt | ConvertTo-SecureString -Key $key
- $credential = New-Object System.Management.Automation.PsCredential($username, $encrypted)
- $Password = $Credential.GetNetworkCredential().Password
- $Group = New-Object System.DirectoryServices.DirectoryEntry($GroupPath, $username, $Password)
- $Group.Add($ComputerPath)
- $Group.SetInfo()
- #Add-ADGroupMember $GroupName -Members $ComputerName$ -Confirm:$false
- #Make this group the primary group and then remove the Domain Computers group from this machine.
- # The current Domain
- #$DomainNC = ([ADSI]"LDAP://RootDSE").DefaultNamingContext
- # The Primary Group Token for Domain Users and Guests will always be
- # the same value (no matter the forest). Used as a demonstration of
- # how the value can be retrieved
- $OldGroupPath = "LDAP://CN=Domain Computers,CN=Users,DC=ct,DC=er,DC=lcl"
- $OldGroup = New-Object System.DirectoryServices.DirectoryEntry($OldGroupPath, $username, $Password)
- $OldGroup.GetInfoEx(@("primaryGroupToken"), 0)
- $OldGroupToken = $OldGroup.Get("primaryGroupToken")
- $NewGroupPath = $GroupPath
- $NewGroup = New-Object System.DirectoryServices.DirectoryEntry($NewGroupPath, $username, $Password)
- $NewGroup.GetInfoEx(@("primaryGroupToken"), 0)
- $NewGroupToken = $NewGroup.Get("primaryGroupToken")
- # Determine which accounts will be effected by the change
- #$BaseOU = [ADSI]"LDAP://OU=SomeWhere,$DomainNC"
- #$LdapFilter = "(&(objectClass=user)(objectCategory=person)(primaryGroupId=$OldGroupToken))"
- # Find the users
- #$Searcher = New-Object DirectoryServices.DirectorySearcher($BaseOU, $LdapFilter)
- #$Searcher.PageSize = 1000
- #$Searcher.FindAll() | ForEach-Object {
- #$User = $_.GetDirectoryEntry()
- # The user must be a member of the group first
- #$NewGroup.Add($User.AdsPath)
- # Change the Primary Group
- #$ComputerPath = [adsi]$ComputerPath
- $NewComputerPath = New-Object System.DirectoryServices.DirectoryEntry($ComputerPath, $username, $Password)
- $NewComputerPath.Put("primaryGroupID", $NewGroupToken)
- $NewComputerPath.SetInfo()
- # Then the old group can be removed
- $OldGroup.Remove($NewComputerPath.AdsPath)
- #}
- # Specify the target OU
- $targetOU="LDAP://$targetOU"
- $targetOU = New-Object System.DirectoryServices.DirectoryEntry($targetOU, $username, $Password)
- # Write-Host Moving to $targetOU
- # Move the object to the target OU
- $NewComputerPath.psbase.MoveTo($targetOU)
Add Comment
Please, Sign In to add comment