Sep 06 2023 02:51 AM
Newbie to PowerShell. Apologies for any Mistake in writing my requirements.
Requirement is to add user to multiple On-prem AD-Group, With user prompts and after adding to single ad groups check for few software request which need conditional for example if a user is admin/contractor/external . Then check in ad group if the user is admin then remove from admin and add into external vice -versa. and if a user is contractor and not in external and admin, Then add user into admin. So that user should be populate in contractor and admin ad group. If the request type is null then it will just add the single ad groups where there is no need of apply conditions.
I have tried multiple research and not able to get the requirements as per my need.
And the software request will prompt as dictionary $requesttype = (@{"somevalue="admin"})
NOTE:- We are using PowerShell session which is connected with exchange server.
This is how i am trying and it returns nothing just ask for user id and groups and after that it is stopped.
$Session = .\Documents\testConnc.ps1
# for user email addresses
$UserEmails = Read-Host "Enter user email addresses separated by commas (e.g., email address removed for privacy reasons,email address removed for privacy reasons)"
# for distribution group names
$GroupNames = Read-Host "Enter distribution group names separated by commas (e.g., Group1,Group2)"
# for the request type
$RequestType = @{
"basware" ="requester";
}
# Split the user email addresses and group names into arrays
$Groups = $GroupNames -split ','
# Loop through each user and each group and add the user to each group
# Check if the request type is "basware"
if ($RequestType -eq "basware") {
# Check the user's AD group memberships
$UserGroups = Get-ADPrincipalGroupMembership -Identity $UserEmail | Select-Object -ExpandProperty Name
if ($UserGroups -contains "buyer") {
# If the user is in the "buyer" group, remove them from "buyer"
Remove-DistributionGroupMember -Identity "Basware_AD_GRoup" -Member $UserEmail -ErrorAction Stop
Add-DistributionGroupMember -Identity "Basware_AD_GRoup" -Member $UserEmail -ErrorAction Stop
Write-Host "User $UserEmail added to group successfully."
} elseif ($UserGroups -contains "requester") {
# If the user is in the "buyer" group, add them to "approver"
Remove-DistributionGroupMember -Identity "Basware_AD_GRoup" -Member $UserEmail -ErrorAction Stop
Add-DistributionGroupMember -Identity "Basware_AD_GRoup" -Member $UserEmail -ErrorAction Stop
Write-Host "User $UserEmail added to group successfully."
}
}
foreach ($GroupName in $Groups) {
try{
# Add the user to the specified group
Add-DistributionGroupMember -Identity $GroupName -Member $UserEmails -ErrorAction Stop
Write-Host "User $UserEmail added to group $GroupName successfully."
} catch {
Write-Host "Error adding user $UserEmail to group $GroupName $_"
}
}
#Remove-PSSession -Session $Session
Sep 06 2023 07:02 AM
I'm not familiar with 'Add-DistributionGroupMember', but I certainly can help with your scripting.
Instead of using 'Read-Host' for getting input, let's use parameters, this way we start with a nice list of e-mails and groups.
Following the same line, we can ditch that dictionary, and create an extra parameter. With the 'ValidateSet' attribute we make sure only the options we want are used.
[CmdletBinding()]
param (
[Parameter()]
[string[]]$EmailList,
[Parameter()]
[string[]]$GroupNames,
[Parameter()]
[ValidateSet('Basware')]
[string]$RequestType
)
On the next part I wasn't 100% sure, but I think you wanted to iterate through the e-mails, and remove them from a group and add to another right? If so, we can use a 'foreach' loop.
# For each e-mail in the e-mail list.
foreach ($user in $EmailList) {
# If the input request is equal to 'Bsware'.
if ($RequestType -eq 'Basware') {
# Instead of using 'Select-Object -ExpandProperty Name' we can use this notation.
# This avoids using the pipeline, and reduces complexity.
$user_groups = (Get-ADPrincipalGroupMembership -Identity $user).Name
if ($user_groups -contains 'buyer') {
Remove-DistributionGroupMember -Identity "Basware_AD_GRoup" -Member $user -ErrorAction Stop
Add-DistributionGroupMember -Identity "Basware_AD_GRoup" -Member $user -ErrorAction Stop
Write-Host "User $user added to group successfully."
}
# Is this necessary? It's doing the same as above.
elseif ($user_groups -contains 'requester') {
Remove-DistributionGroupMember -Identity "Basware_AD_GRoup" -Member $user -ErrorAction Stop
Add-DistributionGroupMember -Identity "Basware_AD_GRoup" -Member $user -ErrorAction Stop
Write-Host "User $user added to group successfully."
}
}
}
Following the same vibe, we go through the groups.
foreach ($group in $GroupNames) {
try {
# Do you mean to add them all at once, or one at the time? if one at the time, it's better to use the upper loop.
Add-DistributionGroupMember -Identity $group -Member $UserEmails -ErrorAction Stop
Write-Host "User $UserEmail added to group $GroupName successfully."
}
catch {
Write-Host "Error adding user $UserEmail to group $GroupName $_"
}
}
And this is how you use it. Suppose you save this file as 'C:\SuperScript.ps1'.
You would use it like this:
# A list of e-mails, one at each line.
$mailList = Get-Content -Path C:\emailList.txt
# Same with groups.
$groupList = Get-Content -Path C:\groupList.txt
& C:\SuperScript.ps1 -EmailList $emailList -GroupNames $groupList -RequestType Basware
Hope it helps.
Happy scripting!
Sep 11 2023 02:39 AM