Below is the script that I am trying to use, to create and maintain shadow groups for RODC management. I’d like to turn it into a loop.
The issue I can see is that I have to pass 3 new variables every time the loop runs, what’s the easiest way to go about this?
For instance it would be a new user OU, Computer OU, and Group for each of the locations that exist.
Location1, Location2, Location3…etc
Also, I don’t take credit for the code below, I found the basis of it here (Andreas - Talk nerdy to me: Shadow Groups in Active Directory). I just added the computer portion.
Thank you for any help in advance,
-Rob
## Add Active Directory Powershell Module to powershell ## Import-Module ActiveDirectory $UserOU=”OU=Location 1,OU=Users,DC=Company,DC=LOCAL” $CompOU=”OU=Location 1,OU=Workstations,DC=Company,DC=LOCAL” $Group=”CN=ShadowLocation1,OU=Shadow Groups,OU=Groups,DC=Company,DC=LOCAL” ## Check Current OU Membership & Remove Wrong Memebers ## Get-ADGroupMember –Identity $Group | Where-Object {$_.distinguishedName –NotMatch $UserOU -or $_.distinguishedName –NotMatch $CompOU} | ForEach-Object {Remove-ADPrincipalGroupMembership –Identity $_ –MemberOf $Group –Confirm:$false} ## Add Users ## Get-ADUser –SearchBase $UserOU –SearchScope OneLevel –LDAPFilter '(!memberOf=$Group)' | ForEach-Object {Add-ADPrincipalGroupMembership –Identity $_ –MemberOf $Group} ## Add Computers ## Get-ADComputer –SearchBase $CompOU –SearchScope OneLevel –LDAPFilter '(!memberOf=$Group)' | ForEach-Object {Add-ADPrincipalGroupMembership –Identity $_ –MemberOf $Group}