API tools faq
paste
Guest User

Untitled

a guest
Mar 5th, 2018
121
0
Never
Add comment
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
text 4.72 KB | None | 0 0
raw download clone embed print report
  1. <#
  2. PowerShell to join computer object to Active Directory Group without AD module being imported
  3. This finds the computer object anywhere in AD and adds it to a security group in a known location
  4. #>
  5.  
  6. #Get computer name
  7. $ComputerName = gc env:computername
  8. If ((Get-WmiObject win32_systemenclosure).ChassisTypes -eq 9)
  9. {
  10. $GroupName = "ScGGNotebooks"
  11. $GroupPath = "CN=$GroupName,OU=ScNotebooksGroups,OU=ScNotebooks,OU=SC,DC=ct,DC=er,DC=lcl"
  12. $TargetOU = "OU=MBAM,OU=8&10 Notebooks,OU=ScWindows8&10,OU=SC,DC=ct,DC=er,DC=lcl"
  13. }
  14. ElseIf ((Get-WmiObject win32_systemenclosure).ChassisTypes -ne 9)
  15. {
  16. If (([environment]::OSVersion.Version).Major -eq 10)
  17. {
  18. $GroupName = "ScGGWorkstations"
  19. $GroupPath = "CN=$GroupName,OU=ScWorkstationsGroups,OU=ScWorkstations,OU=SC,DC=ct,DC=er,DC=lcl"
  20. $TargetOU = "OU=8&10 Workstations,OU=ScWindows8&10,OU=SC,DC=ct,DC=er,DC=lcl"
  21. }
  22. ElseIf (([environment]::OSVersion.Version).Major -eq 6)
  23. {
  24. $tsenv = New-Object -COMObject Microsoft.SMS.TSEnvironment
  25. If (($tsenv.Value("TSFTR") -eq "Y") -OR ($tsenv.Value("TSFTR") -eq "y"))
  26. {
  27. $GroupName = "ScGGFTR"
  28. $TargetOU = "OU=Windows7 FTR Computers,OU=ScFTRComputers,OU=SC,DC=ct,DC=er,DC=lcl"
  29. $GroupPath = "CN=ScggFTR,OU=ScFTRGroups,OU=ScFTRComputers,OU=SC,DC=ct,DC=er,DC=lcl"
  30. }
  31. Else
  32. {
  33. $GroupName = "ScGGWorkstations"
  34. $TargetOU = "OU=7Workstations-PU,OU=ScWindows7,OU=SC,DC=ct,DC=er,DC=lcl"
  35. $GroupPath = "CN=ScGGWorkstations,OU=ScWorkstationsGroups,OU=ScWorkstations,OU=SC,DC=ct,DC=er,DC=lcl"
  36. }
  37. }
  38. }
  39.  
  40. #Check to see if computer is already a member of the group
  41. $isMember = new-object DirectoryServices.DirectorySearcher([ADSI]"")
  42. $ismember.filter = “(&(objectClass=computer)(sAMAccountName= $Computername$)(memberof=$GroupPath))”
  43. $isMemberResult = $isMember.FindOne()
  44.  
  45. #If the computer is already a member of the group, just exit.
  46. If ($isMemberResult) {exit}
  47.  
  48. #else
  49. #If the computer is NOT a member of the group, add it.
  50.  
  51. $searcher = new-object DirectoryServices.DirectorySearcher([ADSI]"")
  52. $searcher.filter = “(&(objectClass=computer)(sAMAccountName= $Computername$))”
  53. $FoundComputer = $searcher.FindOne()
  54. $P = $FoundComputer | select Path
  55. $ComputerPath = $P.Path
  56. $GroupPath = "LDAP://$GroupPath"
  57. #$Group = [ADSI]"$GroupPath"
  58.  
  59. $username = "ct\scit-o"
  60. $key = (3,4,2,3,56,34,254,222,1,1,2,23,42,54,33,233,1,34,2,7,6,5,35,43)
  61. $encrypted = Get-Content .\encrypted.txt | ConvertTo-SecureString -Key $key
  62. $credential = New-Object System.Management.Automation.PsCredential($username, $encrypted)
  63. $Password = $Credential.GetNetworkCredential().Password
  64. $Group = New-Object System.DirectoryServices.DirectoryEntry($GroupPath, $username, $Password)
  65. $Group.Add($ComputerPath)
  66. $Group.SetInfo()
  67.  
  68. #Add-ADGroupMember $GroupName -Members $ComputerName$ -Confirm:$false
  69. #Make this group the primary group and then remove the Domain Computers group from this machine.
  70.  
  71. # The current Domain
  72. #$DomainNC = ([ADSI]"LDAP://RootDSE").DefaultNamingContext
  73.  
  74. # The Primary Group Token for Domain Users and Guests will always be
  75. # the same value (no matter the forest). Used as a demonstration of
  76. # how the value can be retrieved
  77. $OldGroupPath = "LDAP://CN=Domain Computers,CN=Users,DC=ct,DC=er,DC=lcl"
  78. $OldGroup = New-Object System.DirectoryServices.DirectoryEntry($OldGroupPath, $username, $Password)
  79. $OldGroup.GetInfoEx(@("primaryGroupToken"), 0)
  80. $OldGroupToken = $OldGroup.Get("primaryGroupToken")
  81.  
  82. $NewGroupPath = $GroupPath
  83. $NewGroup = New-Object System.DirectoryServices.DirectoryEntry($NewGroupPath, $username, $Password)
  84.  
  85. $NewGroup.GetInfoEx(@("primaryGroupToken"), 0)
  86. $NewGroupToken = $NewGroup.Get("primaryGroupToken")
  87.  
  88. # Determine which accounts will be effected by the change
  89. #$BaseOU = [ADSI]"LDAP://OU=SomeWhere,$DomainNC"
  90. #$LdapFilter = "(&(objectClass=user)(objectCategory=person)(primaryGroupId=$OldGroupToken))"
  91.  
  92. # Find the users
  93. #$Searcher = New-Object DirectoryServices.DirectorySearcher($BaseOU, $LdapFilter)
  94. #$Searcher.PageSize = 1000
  95.  
  96. #$Searcher.FindAll() | ForEach-Object {
  97. #$User = $_.GetDirectoryEntry()
  98.  
  99. # The user must be a member of the group first
  100. #$NewGroup.Add($User.AdsPath)
  101.  
  102. # Change the Primary Group
  103. #$ComputerPath = [adsi]$ComputerPath
  104.  
  105. $NewComputerPath = New-Object System.DirectoryServices.DirectoryEntry($ComputerPath, $username, $Password)
  106. $NewComputerPath.Put("primaryGroupID", $NewGroupToken)
  107. $NewComputerPath.SetInfo()
  108.  
  109. # Then the old group can be removed
  110. $OldGroup.Remove($NewComputerPath.AdsPath)
  111. #}
  112.  
  113. # Specify the target OU
  114. $targetOU="LDAP://$targetOU"
  115. $targetOU = New-Object System.DirectoryServices.DirectoryEntry($targetOU, $username, $Password)
  116. # Write-Host Moving to $targetOU
  117. # Move the object to the target OU
  118. $NewComputerPath.psbase.MoveTo($targetOU)
Add Comment
Please, Sign In to add comment
Public Pastes
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy.  OK, I Understand
Not a member of Pastebin yet?
Sign Up, it unlocks many cool features!