OU preparation of AD domain scripts automatically synchronized with the user group

In the management of AD domain, OU is a container enterprise sector generally members of the group are authorized within the enterprise for which two different types of concepts are often the same as for many IT administrators and members of distress, such as a the entry of new colleagues, his AD account is often created by a colleague and added personnel to the appropriate OU, and add it to the corresponding variety rights group, has become the iT administrator a very complicated matter, we will demonstrate below how to use Powershell script to eliminating the job of IT administrators.

First,       create a user group

To achieve automatic synchronization must let the program know the relationship between source and target data, and use this script annotation attributes corresponding to the user group are, you can use other attributes operate according to their own circumstances. We need to fill the DN path synchronization OU in the comment column of the user group.

 

 

Second,       scripting

OuSync.ps1 reads as follows:

# Automatically synchronized to the corresponding member of the AD group OU

$LogName = "C:\users\AddNewUsers_Log.csv"

# Get the group name

$VDIGroups = Get-ADGroup -Filter {info -Like "OU=*"} -SearchBase ",OU=sale,OU=users,DC=chery,DC=com" -Properties info

# Ready to add members

Foreach ($VDIGroup in $VDIGroups) {

    Where members get OU #

    $SearchBase = Get-ADOrganizationalUnit $VDIGroup.info

    # Get members OU

    $Members = Get-aduser -Filter {Enabled -eq "true"} -SearchBase $SearchBase

    # Get members VDIGroup that already exist

    $ExistMembers = Get-ADGroupMember -Identity $VDIGroup

    # Than whether members of the group already exists

    Foreach ($Member in $Members){       

         $ExistStatus=0

    Foreach($ExistMember in $ExistMembers){

                   # Than whether members of the group already exists         

                   if( $ExistMember.ObjectGUID -eq $Member.ObjectGUID ){

                           $ExistStatus=1

                   }

         } 

        if ($ExistStatus -eq "0"){

            # Log is generated not in the group

            (Get-Date).ToString('yyyy-MM-dd HH:mm:ss') + ',' + $VDIGroup.Name + ',' + $Member.Name |Out-File -FilePath $LogName -Append -Encoding utf8

            # Add Member

            Add-ADGroupMember -Identity $VDIGroup.ObjectGUID -Members $Member

        }

    }

}

 

　　

Third,       create a scheduled task

The timing of the scheduled task to run the script Note that using a user account that has rights;