In today’s fast-paced IT environments, automation is key to managing resources efficiently.
PowerShell, Microsoft’s task automation and configuration management framework, is a powerful tool for system administrators.
We have got a new requirement:
- Get all logon scripts assigned to users in AD
- Create AD group based on each logon script.(particular naming convention)
- Populate the AD group and add membership base don particular logon script.
- Alert for malformed Logon scripts.
- Alert if there are AD groups but no logon script associated.
Download the script from Git or PowerShell gallery from below links:
Git:
https://github.com/VikasSukhija/Downloads
logonscript2aadgroups.ps1
PowerShell Gallery:
https://www.powershellgallery.com/packages/logonscript2aadgroups
Install-Script -Name logonscript2aadgroups
Update the below variables as per your environment:
$getalllogonscriptusers = Get-ADUser -Filter {scriptPath -like “*” -and Enabled -eq $true} -Properties scriptPath | Select scriptPath,samaccountname
$getalllogonscripts = $getalllogonscriptusers | group-object scriptPath -AsHashTable
After that It will go ahead and create the AD groups based on prefix you have defined in the variables. (it will create only if AD group does not exist already)
Third part of the script will populate these groups with members associated with logon scripts.
Final part of the script generates the alert for orphaned groups that are there but now there are no members in logon script.
I hope this script will assist anyone who is in the same situation and want AD groupings based on user logon script.
Thanks for reading and downloading…
Tech Wizard
https://techwizard.cloud
Tech Wizard 