Replacing .kix with GPO, need help scripting

My school district uses a xxx.kix file in the netlogon of our DCs to proide a run a couple of .vbs files every time someone logs in, as well as map drives according to something in each user’s description. (don’t blame me, it’s been in place since 1999) For example, if a user has a description field of [5th grade art teacher (teacher)] they will get mapped drives based on the (teacher) portion of their description. Also for students the description would be [student (2023)] where the (year) is their graduation year.
I can build the GPOs to map the proper drives and run the .vbs scripts, but regretfully I’m useless when it comes to scripting! I need help coming up with a script that will do the following:

  1. scan AD for what’s in the description field
  2. add users to group that matches what’s in the parenthasis
    a. so (teacher) would be moved to the Teachers group and get the same/appropriate mapped
  3. edit the description of the user and remove the (teacher) from the description field

I don’t even care if I have to edit the script each time and manually change the search from (teachers) to (2023), (2024), (custodians) etc. each time… in fact that might even be better so it slows things down and I can make sure that I have all of my GPOs built correctly before mass moving all of the users in AD all at once…

Thank you in advance for any and all help with this!!!

  • Scott

Welcome to the forum. First off we do not write scripts for people. If you have some code you’re working with post that using the code format button ‘</>’ and we can help with specific questions about code.

I would also comment group policy can drive map without scripts and really something like a security group should be used to determine their drive mappings minus the home drive which can be mapped directly to the user AD object (there’s an attribute for that)

yes, mapping drives via gpo / security group is what I’m aiming for, but I was looking for a way to read AD and move anyone with a particular item in the description field into a particular security group. If that’s not a posibility, then I’ll just have to filter by that key and do it manually. thank you for your time.

It’s definitely possible to do that with Powershell

Other than some logic, data and probably some logging it’s basically two commands
Get-ADUser and Add-ADGroupMember

You can also do the same custom query in a gpo via item level targeting