Replacing .kix with GPO, need help scripting

Antkowiak_Scott · May 17, 2023, 1:46pm

My school district uses a xxx.kix file in the netlogon of our DCs to proide a run a couple of .vbs files every time someone logs in, as well as map drives according to something in each user’s description. (don’t blame me, it’s been in place since 1999) For example, if a user has a description field of [5th grade art teacher (teacher)] they will get mapped drives based on the (teacher) portion of their description. Also for students the description would be [student (2023)] where the (year) is their graduation year.
I can build the GPOs to map the proper drives and run the .vbs scripts, but regretfully I’m useless when it comes to scripting! I need help coming up with a script that will do the following:

scan AD for what’s in the description field
add users to group that matches what’s in the parenthasis
a. so (teacher) would be moved to the Teachers group and get the same/appropriate mapped
drives
edit the description of the user and remove the (teacher) from the description field

I don’t even care if I have to edit the script each time and manually change the search from (teachers) to (2023), (2024), (custodians) etc. each time… in fact that might even be better so it slows things down and I can make sure that I have all of my GPOs built correctly before mass moving all of the users in AD all at once…

Thank you in advance for any and all help with this!!!

Scott

neemobeer · May 17, 2023, 2:02pm

Welcome to the forum. First off we do not write scripts for people. If you have some code you’re working with post that using the code format button ‘</>’ and we can help with specific questions about code.

neemobeer · May 17, 2023, 2:06pm

I would also comment group policy can drive map without scripts and really something like a security group should be used to determine their drive mappings minus the home drive which can be mapped directly to the user AD object (there’s an attribute for that)

Antkowiak_Scott · May 17, 2023, 4:49pm

yes, mapping drives via gpo / security group is what I’m aiming for, but I was looking for a way to read AD and move anyone with a particular item in the description field into a particular security group. If that’s not a posibility, then I’ll just have to filter by that key and do it manually. thank you for your time.

neemobeer · May 17, 2023, 5:05pm

It’s definitely possible to do that with Powershell

neemobeer · May 17, 2023, 5:07pm

Other than some logic, data and probably some logging it’s basically two commands
Get-ADUser and Add-ADGroupMember

krzydoug · May 17, 2023, 8:21pm

You can also do the same custom query in a gpo via item level targeting