hello, can someone provide a powershell or quest AD Cmdlets script we can run that will update a security group based on the following attributes:
Custom Attribute 13 = 311,387,383 or 335 and Custom attribute 7 does not eq "Employee"
goal is the script would run against a specific AD container recursively, and look for all accounts that match this criteria and add to a group.
[code]
$users = Get-ADUser -SearchBase "ou=IT Staff,ou=IT,ou=Employees,ou=People,dc=difc,dc=root01,dc=org" -LdapFilter '(extensionattribute1=employee)'
foreach ($user in $users) {
Add-ADGroupMember -Identity "it_test" -Members $users
[/code]
But his attributes names ha spaces so I do not know if my script would help much.. what I determined was this:
[code]
}
$users = Get-ADUser -SearchBase "ou=IT Staff,ou=IT,ou=Employees,ou=People,dc=difc,dc=root01,dc=org" -Filter {(extensionattribute13 -eq 311) -Or (extensionattribute13 -eq 387) -Or (extensionattribute13 -eq 383) -and (extensionattribute7 -notlike "employee")}
foreach ($user in $users) {
Add-ADGroupMember -Identity "it_test" -Members $users
}
$users = Get-ADUser -SearchBase "ou=IT Staff,ou=IT,ou=Employees,ou=People,dc=difc,dc=root01,dc=org" -Filter {(extensionattribute13 -eq 311) -Or (extensionattribute13 -eq 387) -Or (extensionattribute13 -eq 383) -and (extensionattribute7 -notlike "employee")}
foreach ($user in $users) {
Add-ADGroupMember -Identity "it_test" -Members $users
}
[/code]
Updated code script above.. this one worked for me. Pulled the test users and placed then into the test security group.
Updated code script above.. this one worked for me. Pulled the test users and placed then into the test security group.
No comments:
Post a Comment