I know there are better ways and even 3rd party software for building AD accounts, but alas, the company for whom I work prefers to pinch pennies, so I'm using PoSh 5.0. I also know that the Quest Cmdlets are a point of contention for some (I still use it because most of the time, there is less typing with these cmdlets), so feel free to post a solution without QAD, if you'd like.
I've already created my 'new-hire' script, but I want to make it cleaner. When my script runs, it will ask me for the user's department code, which I store in the Description field of the AD object. Then, using the code in the Description field, the user will get put into Security Groups that contain the department code.
What I want to do is have PoSh check if an AD group exists, based on the criteria input when the function does its magic. When the task is complete, I want a message to display, something like:
User has been added to Group1 but could not be added to Group2 because it doesn't exist.
Example: If the user's dept code is 111, then the script will add the user to Group111. Here's what I've got so far (shortened for focus on area of concern:)
$Branch = (get-qaduser $Name | select description |ft -hidetableheaders | out-string).trim()
$Groups = ($Branch + "_" + "Users"),"indexers-$Branch", "Branch Users"
Foreach ($group in $groups){
(Get-QADGroup -Filter "Name -eq '$groups'"){
$groups | % {Add-QADGroupMember -identity $_ -member $name}
Else {
Write-Host "User was not added to <groupname> because it doesn't exist"
}
I can't figure out how to get PoSh to filter properly. The difficulty, I think, has something to do with PowerShell's limitation in boolean comparison. Here's what I've tried in ISE for simple testing of logic:
$Branch = "200"
$Group1 = ("$Branch + "_" + "Users")
$Group1exists = Get-ADGroup -filter "name -like '$group1'"
Querying $Group1 result in the expected result:
$Group1 200_Users
However, the filtering with the $Group1exists variable results in $null, so my 'if' statement results in $false/0.
if (Get-ADGroup -filter "name -like '$group1'"){
Write-Host "stuff"
}
else {
Write-warning "those groups do not exist
Put it all together into a function and the result is the 'Else' condition displaying:
Function stuff {
$Desc = Read-Host "Enter desc"
$Group1 = ($desc + "_" + "BrUsers")
$Group2 = ("indexers-" + "BR" + $desc)
$Group3 = "BRANCH USERS"
$GroupExists = Get-ADGroup -filter "name -like '$group1'"
$GroupExists2 = Get-ADGroup -Filter "Name -like '$group2'"
if (Get-ADGroup -filter "name -like '$group1'"){
Write-Host "stuff"
}
else {
Write-warning "those groups do not exist"
}
}
For laughs, I've also tried the following filtering:
Get-ADGroup -filter "Name -like '*$group1*'"
Get-ADGroup -filter "Name -eq '*$group1*'"
Get-ADGroup -filter "Name -like '*$group1'"
Get-ADGroup -filter "Name -eq '*$group1'"
Get-ADGroup -filter "Name -like '$group1'"
Get-ADGroup -filter "Name -eq '$group1'"
Get-ADGroup -filter "Name -like $group1"
Get-ADGroup -filter "Name -eq $group1"
I've also tried the above variations with SamAccountName. All result in $null.