Identify excessive bandwidth utilization or unexpected application traffic with SolarWinds Bandwidth Analyzer Pack.
Powershell - Group membership with mapping table
Hi,
I have a list of users that need to be added to a a security group in AD depending on some kind of mapping table.
Mapping table example:
Gender, Department, Security Group
M, HR, Group 1
F, HR, Group2
M, Finance, Group 3
F, Finance, Group 4
etc...
Note: This is just an example
So I have a list of users where I can read the gender en department from the object and I need to add them to a corresponding group according to the mapping table.
If this mapping table is changed, the group membership should changed dinamically.
What would be the easiest approach fir this?
I don't like to have a lot of if statements as the mapping table is very big.
Thanks
I have a list of users that need to be added to a a security group in AD depending on some kind of mapping table.
Mapping table example:
Gender, Department, Security Group
M, HR, Group 1
F, HR, Group2
M, Finance, Group 3
F, Finance, Group 4
etc...
Note: This is just an example
So I have a list of users where I can read the gender en department from the object and I need to add them to a corresponding group according to the mapping table.
If this mapping table is changed, the group membership should changed dinamically.
What would be the easiest approach fir this?
I don't like to have a lot of if statements as the mapping table is very big.
Thanks
Who is Participating?
Experts Exchange Solution brought to you by
Enjoy your complimentary solution view.
Get every solution instantly with Premium.
Start your 7-day free trial.
I wear a lot of hats...
"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.
The way I am reading this it would not be very easy or efficient to accommodate this.
If I am reading this question correctly, you have a list of
Gender, Department, Security Group
M, HR, Group 1
F, HR, Group2
M, Finance, Group 3
F, Finance, Group 4
etc...
and you want to be able to make modifications to that "list" and it dynamically change the attributes for that user/s in Active Directory?
Please confirm this.
If I am reading this question correctly, you have a list of
Gender, Department, Security Group
M, HR, Group 1
F, HR, Group2
M, Finance, Group 3
F, Finance, Group 4
etc...
and you want to be able to make modifications to that "list" and it dynamically change the attributes for that user/s in Active Directory?
Please confirm this.
Ok, it would go like this:
Get all users from AD.
In the user objects I read the gender and department attributes.
If (Gender = F -and Department=HR){
Ad user to AD Group "Group2"
}
and so on...
The mapping table basically defines in which security group the user would be added depending on Gender and Department.
If that mapping table changes in a couple of months (e.g. a new Department is introduced or a condition is changed), the script should add the users to the groups according to the new mapping table
Get all users from AD.
In the user objects I read the gender and department attributes.
If (Gender = F -and Department=HR){
Ad user to AD Group "Group2"
}
and so on...
The mapping table basically defines in which security group the user would be added depending on Gender and Department.
If that mapping table changes in a couple of months (e.g. a new Department is introduced or a condition is changed), the script should add the users to the groups according to the new mapping table
Nah, I already figured it out.
I combined the columns Gender and Department into one so I wold have two columns then converted it to a hashtable and used that for lookup.
I'll post the script when it's finished.
Still have a couple of things to change.
I combined the columns Gender and Department into one so I wold have two columns then converted it to a hashtable and used that for lookup.
I'll post the script when it's finished.
Still have a couple of things to change.
Below is an example that should work. You'll need to do your own testing.
Users retrieved from AD must have a Gender attribute (not standard) for this code to work unmodified. Remove the -WhatIf to run for real.
Users retrieved from AD must have a Gender attribute (not standard) for this code to work unmodified. Remove the -WhatIf to run for real.
$mapping = @"
Gender,Department,SecurityGroup
M,HR,Group 1
F,HR,Group 2
M,Finance,Group 3
F,Finance,Group 4
"@ -split "\r?\n" | ConvertFrom-Csv
Get-ADUser -Filter * -Properties Gender,Department | ForEach `
{
$user = $_
Compare-Object -ReferenceObject $mapping -DifferenceObject $user -Property Gender,Department -IncludeEqual -ExcludeDifferent -PassThru | ForEach `
{
$group = Get-ADGroup $_.SecurityGroup
Get-ADUser $user.samAccountName | Add-ADPrincipalGroupMembership -MemberOf $group -WhatIf
}
}
Experts Exchange Solution brought to you by
Your issues matter to us.
Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.
Start your 7-day free trial
footech,
This works perfectly.
I just tested it and it works perfectly fine!
Never thought of using the compare-object cmdlet
Thank you
This works perfectly.
I just tested it and it works perfectly fine!
Never thought of using the compare-object cmdlet
Thank you
Glad it works.
The method you mentioned of combining the two columns so that you essentially have unique values that you can use as keys in a hashtable is also a good one.
The method you mentioned of combining the two columns so that you essentially have unique values that you can use as keys in a hashtable is also a good one.
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Powershell
From novice to tech pro — start learning today.
Experts Exchange Solution brought to you by
Enjoy your complimentary solution view.
Get every solution instantly with Premium.
Start your 7-day free trial.
So the process would be?
Take the name of the people somewhere and get the mapping table finally do the Add/remove from groups?
I mean that table is for all users? (since they have different genders)... ? the problem is not clear try to reformulate your question.
Jose.