personal-scripts/Update-ADGroupWithManagers.ps1 at main · James-W-Draper/personal-scripts · GitHub

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
<#
.SYNOPSIS
    Updates an AD group to contain only users who are currently listed as managers in specified OUs.

.DESCRIPTION
    This PowerShell script retrieves all users from specified Organizational Units (OUs) in Active Directory,
    identifies their managers, adds the managers to a specific AD group, and removes any users from the group
    who are no longer managers. Supports verbose output for detailed execution logs.

.EXAMPLE
    .\Update-ADGroupWithManagers.ps1

.EXAMPLE
    .\Update-ADGroupWithManagers.ps1 -Verbose
#>

Import-Module ActiveDirectory

param (
    [switch]$Verbose
)

if ($Verbose) {
    $VerbosePreference = "Continue"
} else {
    $VerbosePreference = "SilentlyContinue"
}

# Define target AD group and OUs
$Group = "CN=ManagersGroup,OU=Groups,DC=yourdomain,DC=com"
$OUs = @(
    "OU=Sales,DC=yourdomain,DC=com",
    "OU=Marketing,DC=yourdomain,DC=com"
)

$Users = [System.Collections.ArrayList]@()

foreach ($OU in $OUs) {
    Write-Verbose "Collecting users from $OU..."
    $OUUsers = Get-ADUser -Filter * -SearchBase $OU -Properties Manager
    $Users.AddRange($OUUsers)
    Write-Verbose "Found $($OUUsers.Count) users in $OU."
}

if ($Users.Count -eq 0) {
    Write-Warning "No users were found in the specified OUs."
    return
}

$Managers = New-Object System.Collections.Generic.HashSet[Object]

foreach ($User in $Users) {
    if ($null -ne $User.Manager) {
        try {
            $Manager = Get-ADUser -Identity $User.Manager
            $Managers.Add($Manager) | Out-Null
            Write-Verbose "Manager $($Manager.SamAccountName) found for user $($User.SamAccountName)."
        } catch {
            Write-Warning "Failed to retrieve manager for user $($User.SamAccountName). Error: $_"
        }
    } else {
        Write-Verbose "No manager found for user $($User.SamAccountName)."
    }
}

if ($Managers.Count -eq 0) {
    Write-Warning "No managers were found, exiting script."
    return
}

$Managers = $Managers.ToArray()
$GroupMembers = Get-ADGroupMember -Identity $Group | Select-Object -ExpandProperty SamAccountName

$MembersToRemove = $GroupMembers | Where-Object { $Managers.SamAccountName -notcontains $_ }
if ($MembersToRemove.Count -gt 0) {
    Write-Verbose "Removing users no longer valid managers from group $Group..."
    try {
        Remove-ADGroupMember -Identity $Group -Members $MembersToRemove -Confirm:$false
        Write-Verbose "Users removed successfully."
    } catch {
        Write-Warning "Failed to remove users from group $Group. Error: $_"
    }
}

$ManagersToAdd = $Managers | Where-Object { $GroupMembers -notcontains $_.SamAccountName }
if ($ManagersToAdd.Count -gt 0) {
    Write-Verbose "Adding new managers to group $Group..."
    try {
        Add-ADGroupMember -Identity $Group -Members $ManagersToAdd.SamAccountName
        Write-Verbose "Managers added successfully."
    } catch {
        Write-Warning "Failed to add managers to group $Group. Error: $_"
    }
}

Write-Verbose "Script execution completed."