Add/Remove computers to/from AD Group based on OU changes

Device management

This has nothing to do with SCCM. For a special reason, I just needed to have a way to add computers to AD group based on their OU.

Example you have created different OU name based on which city your computers are, and you also want to add those computers to AD group based on the city, and remove those computers from the AD group when computers are moved to another city OU.

So here is the shorter version of script I came up with:

$OU = "OU=Helsinki,OU=Computers,DC=Z-IT,DC=com"
$Group = "CN=Helsinki Computers,OU=Groups,DC=Z-IT,DC=com"

#Example City Helsinki
#remove from group
Get-ADGroupMember –Identity $Group | Where-Object { $_.distinguishedName –NotMatch $OU } | ForEach-Object {
         Remove-ADGroupMember $Group -Members $_.DistinguishedName -Confirm:$false
}

#Add to group
Get-ADComputer –SearchBase $OU –SearchScope OneLevel –LDAPFilter "(!memberOf=$Group)" | ForEach-Object {
         Add-ADGroupMember $group -Members $_.DistinguishedName
}

Here is the longer version, which writes log file, and send log file to you email.
Download Link: Click here

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.