Run process on OU but include an exclusion group?

PowerShell Help
1

Hi All,

I have a Powershell script that queries a specified OU for computer names and then runs a batch script on each computer (the script kicks off a reboot but prompts the user to cancel if they’d like). I would like to know how I can specify an exclusion group in this script. Say I have a group in Active Directory called WeekendRebootExclusion with some computers as members. How would I exclude these machines from the process in the script?

Import-Module ActiveDirectory

Get-ADComputer -SearchBase 'OU=Reboot Test,OU=Workstations,OU=Test,DC=abc,DC=xyz,DC=com' -Filter '*' | Select -Exp Name |
 ForEach-Object{
        Start-Process "WeekendReboot.bat" $_
    }
2

There’s no easy way to do that, because AD doesn’t track information quite that way.

Inside your ForEach loop, before your Start-Process command, you’ll need to check and see if the computer is a MemberOf that group. If it is, then don’t run your Start-Process (an If{} construct).

3

Hi,

if you take memberof property and then use where to filter out those accounts.

Import-Module ActiveDirectory

Get-ADComputer -SearchBase 'OU=Reboot Test,OU=Workstations,OU=Test,DC=abc,DC=xyz,DC=com' -Filter * -Properties memberof | where {$_.memberof -notmatch 'WeekendRebootExclusion'} |
 ForEach-Object{
        Start-Process "WeekendReboot.bat" $_.name
    }
4

Thanks guys, I ended up going this route:

Import-Module ActiveDirectory

$Exclude = Get-ADGroupMember RES_RebootExclusionTest | Select -Exp Name

Get-ADComputer -SearchBase 'OU=Reboot Test,OU=Workstations,OU=Test,DC=abc,DC=xyz,DC=com' -Filter '*' | Select -Exp Name |
 ForEach-Object{
 	if($Exclude -notcontains $_){
        	Start-Process "WeekendReboot.bat" $_
        }
    }