AD Tool/Script Populate Security Groups Automatically

Looking for a simplistic tool/script to auto populate Security Group(s) in AD.

So the tool/script scans each User and if a particular Security Group(s) isn't in their Member of List, it gets populated.
Obviously need this run automatically every few days
Darrin CrawfordAsked:
Who is Participating?

[Product update] Infrastructure Analysis Tool is now available with Business Accounts.Learn More

x
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

Chris DentPowerShell DeveloperCommented:
There are a few variations on this theme you might use. It uses the MS ActiveDirectory PowerShell module. Searches for everyone who isn't in the group, and adds them.
Get-ADUser -Filter { memberOf -ne 'CN=yourgroup,OU=somewhere,DC=domain,DC=local } | ForEach-Object {
    Add-ADGroupMember -Identity yourgroup -Member $_.DistinguishedName
}

Open in new window

The search might be a bit more constrained than that of course.
1
Rajul RajInformation Security OfficerCommented:
Use the below script

# PowerShell script to ensure that all users in a specified OU
# are members of a specified group. Also ensure that there are
# no members of the group that are not user objects in the OU.

# Specify the OU.
$OU = [ADSI]"LDAP://ou=West,dc=MyDomain,dc=com"

# Specify the group.
$Group = [ADSI]"LDAP://cn=MyGroup,ou=West,dc=MyDomain,dc=com"

# Hash table of users in the OU.
$List = @{}

# Enumerate all objects in the OU.
$arrChildren = $OU.Get_Children()
ForEach ($Child In $arrChildren)
{
  # Only consider user objects.
  If ($Child.Class -eq "user")
  {
    # Add all users in the OU to the hash table.
    $List.Add($Child.distinguishedName, $True)
    # Check if user a member of the group.
    If ($Group.IsMember($Child.ADsPath) -eq $False)
    {
      # Add the user to the group.
      $Group.Add($Child.ADsPath)
      "Added " + $Child.distinguishedName
    }
  }
}

# Enumerate all members of the group.
ForEach ($Member in $Group.member)
{
  # Check if this member object is a user object in the OU.
  If ($List.ContainsKey($Member)-eq $False)
  {
    # Remove this member from the group.
    $Group.Remove("LDAP://$Member")
    "Removed " + $Member
  }
}

Open in new window

1

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
Darrin CrawfordAuthor Commented:
getting multiple errors from line 16
ForEach ($Child In $arrChildren)
  # Only consider user objects.
  If ($Child.Class -eq "user")  
    # Add all users in the OU to the hash table.
    $List.Add($Child.distinguishedName, $True)
    # Check if user a member of the group.
    If ($Group.IsMember($Child.ADsPath) -eq $False)
    {
      # Add the user to the group.
      $Group.Add($Child.ADsPath)
      "Added " + $Child.distinguishedName



PS C:\Windows\system32> C:\Users\darrin.crawford\Documents\Powershell_AD_Confluence Check.ps1
At C:\Users\darrin.crawford\Documents\Powershell_AD_Confluence Check.ps1:16 char:33
+ ForEach ($Child In $arrChildren)
+                                 ~
Missing statement body in foreach loop.
At C:\Users\darrin.crawford\Documents\Powershell_AD_Confluence Check.ps1:18 char:30
+   If ($Child.Class -eq "user")
+                              ~
Missing statement block after If ( condition ).
    + CategoryInfo          : ParserError: (:) [], ParentContainsErrorRecordException
    + FullyQualifiedErrorId : MissingForeachStatement
0
Acronis True Image 2019 just released!

Create a reliable backup. Make sure you always have dependable copies of your data so you can restore your entire system or individual files.

Chris DentPowerShell DeveloperCommented:
You've stripped out "{" characters all over the place. They're not there as decoration.
1
Darrin CrawfordAuthor Commented:
Apologies, I didn't see the full script.

It is now working but has removed all users from this particular Security Group!!
0
Chris DentPowerShell DeveloperCommented:
The script you're using bases modification on presence in an OU. I can only assume the OU you've supplied contains none of the members.

You haven't stated the basis for auto-populating, so all you have so far are a few wide punts which may or may not apply to your own situation.
0
Darrin CrawfordAuthor Commented:
ok, got it, I needed to dig down into my OUs.

Thanks for your help
0
Darrin CrawfordAuthor Commented:
Thanks for the prompt reponses
0
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
VB Script

From novice to tech pro — start learning today.