Passing Multiple Variables for each Iteration of a For Loop

This topic contains 4 replies, has 3 voices, and was last updated by Profile photo of Sam Boutros Sam Boutros 1 year, 9 months ago.

  • Author
    Posts
  • #22984
    Profile photo of Robert Martin
    Robert Martin
    Participant

    Below is the script that I am trying to use, to create and maintain shadow groups for RODC management. I'd like to turn it into a loop.
    The issue I can see is that I have to pass 3 new variables every time the loop runs, what's the easiest way to go about this?
    For instance it would be a new user OU, Computer OU, and Group for each of the locations that exist.
    Location1, Location2, Location3...etc
    Also, I don't take credit for the code below, I found the basis of it here (http://ahultgren.blogspot.com/2011/07/shadow-groups-in-active-directory.html). I just added the computer portion.

    Thank you for any help in advance,
    -Rob

    ## Add Active Directory Powershell Module to powershell ##
    Import-Module ActiveDirectory
    
    $UserOU=”OU=Location 1,OU=Users,DC=Company,DC=LOCAL”
    $CompOU=”OU=Location 1,OU=Workstations,DC=Company,DC=LOCAL”
    $Group=”CN=ShadowLocation1,OU=Shadow Groups,OU=Groups,DC=Company,DC=LOCAL”
    
    ## Check Current OU Membership & Remove Wrong Memebers ##
    Get-ADGroupMember –Identity $Group | Where-Object {$_.distinguishedName –NotMatch $UserOU -or $_.distinguishedName –NotMatch $CompOU} | ForEach-Object {Remove-ADPrincipalGroupMembership –Identity $_ –MemberOf $Group –Confirm:$false}
    
    ## Add Users ##
    Get-ADUser –SearchBase $UserOU –SearchScope OneLevel –LDAPFilter '(!memberOf=$Group)' | ForEach-Object {Add-ADPrincipalGroupMembership –Identity $_ –MemberOf $Group}
    
    ## Add Computers ##
    Get-ADComputer –SearchBase $CompOU –SearchScope OneLevel –LDAPFilter '(!memberOf=$Group)' | ForEach-Object {Add-ADPrincipalGroupMembership –Identity $_ –MemberOf $Group}
    
  • #22985
    Profile photo of Fabien Dibot
    Fabien Dibot
    Participant

    Hi,

    You can try with a PSCustomObject to store your variables.

    $prop = @{"UserOU"=”OU=Location 1,OU=Users,DC=Company,DC=LOCAL”;
                        "CompOU"=”OU=Location 1,OU=Workstations,DC=Company,DC=LOCAL”;
                        "Group"=”CN=ShadowLocation1,OU=Shadow Groups,OU=Groups,DC=Company,DC=LOCAL”}
    $a = New-Object PSObject -property $prop
    

    It'll helps you 🙂

  • #22986
    Profile photo of Sam Boutros
    Sam Boutros
    Participant

    Save the User/Comp/Group sets in CSV like:

    "UserOU","CompOU","Group"
    "OU=Location 1,OU=Users,DC=Company,DC=LOCAL","OU=Location 1,OU=Workstations,DC=Company,DC=LOCAL","CN=ShadowLocation1,OU=Shadow Groups,OU=Groups,DC=Company,DC=LOCAL"
    "OU=Location 2,OU=Users,DC=Company,DC=LOCAL","OU=Location 3,OU=Workstations,DC=Company,DC=LOCAL","CN=ShadowLocation3,OU=Shadow Groups,OU=Groups,DC=Company,DC=LOCAL"
    

    and use:

    Import-Csv .\myad1.csv | % {
        $Group  = $_.Group
        $UserOU = $_.UserOU
        $CompOU = $_.CompOU
     
        ## Check Current OU Membership & Remove Wrong Memebers ##
        Get-ADGroupMember –Identity $Group | 
            Where { $_.distinguishedName –NotMatch $UserOU -or $_.distinguishedName –NotMatch $CompOU } | % { 
                Remove-ADPrincipalGroupMembership –Identity $_ –MemberOf $Group –Confirm:$false }
     
        ## Add Users ##
        Get-ADUser –SearchBase $UserOU –SearchScope OneLevel –LDAPFilter "(!memberOf=$Group)" | % { 
            Add-ADPrincipalGroupMembership –Identity $_ –MemberOf $Group }
     
        ## Add Computers ##
        Get-ADComputer –SearchBase $CompOU –SearchScope OneLevel –LDAPFilter "(!memberOf=$Group)" | % { 
            Add-ADPrincipalGroupMembership –Identity $_ –MemberOf $Group }
    }
    
    • #22999
      Profile photo of Robert Martin
      Robert Martin
      Participant

      Sam,
      I just wanted to report back and say that worked like a charm. Thank you.

  • #23013
    Profile photo of Sam Boutros
    Sam Boutros
    Participant

    Cool 🙂

You must be logged in to reply to this topic.