Time to add some members to our groups. Following the steps in the previous posts, we should now have a couple of Users, groups and computers in our test environment. Group Names are based on the Character position in the Star Trek Csv file so now, all we have to do is match up the Characters with their Positions.
Starting of, Let’s collect the information we need from the Csv File. There are 68 Characters in the file so I’m only going to select the first one in the eample below.PS > $CsvFile = Import-Csv StarTrek.csv PS > ($CsvFile | Select Character, Position, Series)[0] | fl Character : Jean-Luc Picard Position : Commanding Officer Series : Star Trek: The Next GenerationWhat we want to do now is add each member to the correct group. Let’s take the first User, Captain Picard, as an example and see how this is done. Since there are 4 different Commanding Officer groups, we want to make sure that we connect to the correct one. We know which Starship (OU) the Captain is in since and we have that information in the Csv file so we can use this in combination with the Get-AD.ps1 script. First we have get the OU:s distinguishedName.
PS > $Domain = "powershell.nu" PS > $Series = "Star Trek: The Next Generation" PS > $OU = ./Get-AD.ps1 -Domain $Domain -OU $Series -property distinguishedName PS > $OU distinguishedName ----------------- OU=Star Trek: The Next Generation,DC=powershell,DC=nu PS > $DomainConnection = "LDAP://" + [string]$OU.distinguishedName PS > $DomainConnection LDAP://OU=Star Trek: The Next Generation,DC=powershell,DC=nuNow that we have the connectionstring, we can use this to narrow down the search in the Get-AD.ps1 script. By typing -Domain followed by an OU:s distinguishedName forces the script to only search within the OU structure.
PS > $Character = "Jean-Luc Picard" PS > $User = ./Get-AD.ps1 -Domain $DomainConnection -User $Character -property distinguishedName, Name PS > $UserConnection = "LDAP://" + [string]$User.distinguishedName PS > $UserConnection LDAP://CN=Jean-Luc Picard,OU=Users,OU=Star Trek: The Next Generation,DC=powershell,DC=nu PS > $UserdistinguishedName = [string]$User.distinguishedName PS > $UserdistinguishedName CN=Jean-Luc Picard,OU=Users,OU=Star Trek: The Next Generation,DC=powershell,DC=nuSo why bother to create one variable holding the distinguishedName and one holding the LDAP connection string ?? well, we’ll get to that in a while but first we need a connection to the group as well.
PS > $Position = "Commanding Officer"
PS > $Group = ./Get-AD.ps1 -Domain $DomainConnection -Group $Position -ToObject
PS > $Group | Format-List *
objectClass : {top, group}
cn : {Commanding Officer}
description : {Commanding Officer}
distinguishedName : {CN=Commanding Officer,OU=Groups,OU...
instanceType : {4}
whenCreated : {4/15/2009 5:09:08 PM}
whenChanged : {4/15/2009 5:09:08 PM}
uSNCreated : {System.__ComObject}
uSNChanged : {System.__ComObject}
name : {Commanding Officer}
objectGUID : {74 231 168 162 107 193 157 74 161
objectSid : {1 5 0 0 0 0 0 5 21 0 0 0 50 71 101...
sAMAccountName : {COMMANDIN}
sAMAccountType : {268435456}
groupType : {-2147483646}
objectCategory : {CN=Group,CN=Schema,CN=Configuratio...
nTSecurityDescriptor : {System.__ComObject}
Now that we got the correct group, all we have to do is make a simple check so that the Captain isn’t already member of the group and if not, add him to it. Here’s where the distinguishedName and LDAP string come in handy.
PS > if ($Group.member -Contains $UserdistinguishedName) {
Write-Host “The Captain is already member”
} else {
$Group.Add($UserConnection)
}
Now let's how the complete script would handle this.
Repeating the script tells us that the Characters are already members of the groups.
And here's a quick check in the Active-Directory snapin.
Click Here to Download the Complete Script.
The Get-AD.ps1 script is also required.
Click here to download the Csv File
[?]
Is this for PS 2.0 or PS 1.0?
Thats an old ps 1.0 post.