janikvonrotz
8/27/2013 - 10:42 AM

PowerShell: Update ActiveDirectory Distribution Groups #Exchange #PowerShell #EmbededPost #ActiveDirectory

PowerShell: Update ActiveDirectory Distribution Groups #Exchange #PowerShell #EmbededPost #ActiveDirectory

<?xml version="1.0" encoding="UTF-16"?>
<Task version="1.2" xmlns="http://schemas.microsoft.com/windows/2004/02/mit/task">
  <RegistrationInfo>
    <Date>2013-03-20T14:18:21.6393172</Date>
    <Author>Janik von Rotz (http://janikvonrotz.ch)</Author>
	<Description>Update Distribution Groups</Description>
  </RegistrationInfo>
  <Triggers>
    <CalendarTrigger>
      <StartBoundary>2013-01-01T03:00:00</StartBoundary>
      <Enabled>true</Enabled>
      <ScheduleByDay>
        <DaysInterval>1</DaysInterval>
      </ScheduleByDay>
    </CalendarTrigger>
  </Triggers>
  <Settings>
    <MultipleInstancesPolicy>IgnoreNew</MultipleInstancesPolicy>
    <DisallowStartIfOnBatteries>true</DisallowStartIfOnBatteries>
    <StopIfGoingOnBatteries>true</StopIfGoingOnBatteries>
    <AllowHardTerminate>true</AllowHardTerminate>
    <StartWhenAvailable>false</StartWhenAvailable>
    <RunOnlyIfNetworkAvailable>false</RunOnlyIfNetworkAvailable>
    <IdleSettings>
      <StopOnIdleEnd>true</StopOnIdleEnd>
      <RestartOnIdle>false</RestartOnIdle>
    </IdleSettings>
    <AllowStartOnDemand>true</AllowStartOnDemand>
    <Enabled>true</Enabled>
    <Hidden>false</Hidden>
    <RunOnlyIfIdle>false</RunOnlyIfIdle>
    <WakeToRun>false</WakeToRun>
    <ExecutionTimeLimit>P3D</ExecutionTimeLimit>
    <Priority>7</Priority>
  </Settings>
  <Actions Context="Author">
    <Exec>
      <Command>$PSapps.PowerShell</Command>
      <Arguments>$(Get-ChildItem -Path $PSscripts.Path -Filter "Update-ADDistributionGroups.ps1" -Recurse).Fullname</Arguments>
      <WorkingDirectory>$PSProfile.Path</WorkingDirectory>
    </Exec>
  </Actions>
</Task>

<#
$Metadata = @{
    Title = "Update ActiveDirectory Distribution Groups"
    Filename = "Update-ADDistributionGroups.ps1"
    Description = "Create or update ActiveDirectory distribution groups"
    Tags = "powershell, activedirectory, distribution, groups, create, update"
    Project = ""
    Author = "Janik von Rotz"
    AuthorContact = "http://janikvonrotz.ch"
    CreateDate = "2013-08-27"
    LastEditDate = "2013-11-11"
    Url = "https://gist.github.com/6352037"
    Version = "2.0.0"
    License = @'
This work is licensed under the Creative Commons Attribution-ShareAlike 3.0 Switzerland License.
To view a copy of this license, visit http://creativecommons.org/licenses/by-sa/3.0/ch/ or
send a letter to Creative Commons, 444 Castro Street, Suite 900, Mountain View, California, 94041, USA.
'@
}
#>

#--------------------------------------------------#
# modules
#--------------------------------------------------#    
Import-Module ActiveDirectory

#--------------------------------------------------#
# settings
#--------------------------------------------------# 

# run the script in these OUs
$OUs = @(    
    @{Name = "OU=Betrieb,OU=vblusers2,DC=vbl,DC=ch"},
    @{Name = "OU=Direktion,OU=vblusers2,DC=vbl,DC=ch"},
    @{Name = "OU=Finanzen,OU=vblusers2,DC=vbl,DC=ch"},
    @{Name = "OU=Personal,OU=vblusers2,DC=vbl,DC=ch"},         
    @{Name = "OU=Technik,OU=vblusers2,DC=vbl,DC=ch"}
)

# list of distribution groups to exclude
$ExcludeOUs = "Extern",""

# list of users to exclude in distribution groups
$ExcludeADUsers = ""
$ExcludeADGroups = "F_Service Benutzer"

# groupmembers and users to include on specific lists
$IncludeADUserAndGroup = @(
    @{
        DistributionGroupName = "Betriebszentrale"
        UsersAndGroups = "Leitst"
    },
    @{
        DistributionGroupName = "Fahrdienst"
        UsersAndGroups = "Betriebszentrale"
    }
)

# config task to create advanced distribution lists
$Configs = @(
    @{
        Name = "KST-Verantwortlichen"
        Options = @("UpdateFromGroups")
        AddGroups = @("F_Verantwortlicher Kostenstelle")
    },
    @{
        Name = "GL"
        Options = @("UpdateFromGroups")
        AddGroups = @("Geschäftsleitung Gruppe")
    }, 
    @{
        Name = "GL erw"
        Options = @("UpdateFromGroups")
        AddGroups = @("Erweiterte Geschäftsleitung Gruppe")
    },       
    @{
        Name = "Alle"
        Options = @("UpdateFromGroups")
        AddGroups = @("vblusers2 Abteilungen")
    },      
    @{
        Name = "Alle mit Arbeitsplatz"
        Options = @("UpdateFromGroups")
        AddGroups = @("F_Mitarbeiter mit Arbeitsplatz")
    },        
    @{
        Name = "Alle ohne Arbeitsplatz"
        Options = @("UpdateFromGroups")
        AddGroups = @("F_Mitarbeiter ohne Arbeitsplatz")
    },
    @{
        Name = "Personalkommission"
        Options = @("UpdateFromGroups")
        AddGroups = @("Personalkommission Abteilung")
    },
	@{
        Name = "Adressmutationen"
        Options = @("UpdateFromGroups")
        AddGroups = @("Teamleitung Abteilung","F_Kaufm. Mitarbeiter Empfang","F_Betriebsdisponent","F_Personalassistentin","F_Leiter Einkauf")
    }
)

#--------------------------------------------------#
# functions
#--------------------------------------------------# 
function Validate-ADUserForDistributionGroups{

    param(
        $Identity,
        $DistributionGroupName
    )
        
    $Identity | %{        
        $User =$_        
        $_ | where{
            ($_.enabled -eq $true) -and 
            (($ExcludeADUsers -notcontains $_.UserPrincipalName) -or 
            ($IncludeADUserAndGroup | where{
                ($_.DistributionGroupName -eq $DistributionGroupName) -and
                ($IncludeADUser -contains $User.UserPrincipalName)
            }
            ))
        }
    } | select -Unique
}

# extend exclude users
$ExcludeADUsers = ($ExcludeADUsers | where{$_ -ne ""} | %{(Get-ADUser $_).UserPrincipalName}) + ($ExcludeADGroups | %{Get-ADGroupMember $_ | Get-ADUser | %{$_.UserPrincipalName}})

# extend include users
$IncludeADUser = @()
$IncludeADUserAndGroup = $IncludeADUserAndGroup | %{

    $_.UsersAndGroups = $_.UsersAndGroups | %{
        Get-ADObject -Filter {Name -eq $_} | %{
            
            if($_.ObjectClass -eq "user"){
                
                Get-ADUser $_.DistinguishedName
                
            }elseif($_.ObjectClass -eq "group"){
            
                Get-ADGroupMember $_.DistinguishedName -Recursive | Get-ADUser 
            }
        } | %{
            
            $_
            
            $IncludeADUser += "$($_.UserPrincipalName)"
        }
    }
    
    $_
}

# get all OUs recursive
$OUs = $OUs | %{Get-ADOrganizationalUnit -Filter "*" -SearchBase $_.Name} | where {-not ($ExcludeOUs -contains $_.Name)}

# check in every OU if a distribution group with the same name as the OU exist
$OUs | %{$OU = $_.DistinguishedName;
    if(Get-ADGroup -Filter {SamAccountName -eq $_.Name -and GroupCategory -eq "Distribution"} | Where-Object{$_.DistinguishedName -like "*$OU"}){
                   
        Write-Host "Update users in distribution group $($_.Name)."
        $ADGroup = Get-ADGroup -Filter {SamAccountName -eq $_.Name -and GroupCategory -eq "Distribution"}
        $Name = $_.Name
        $Member = $(Get-ADUser -Filter {EmailAddress -like "*"} -SearchBase $OU)
        $($IncludeADUserAndGroup | where{$_.DistributionGroupName -eq $Name} | %{$Member += $_.UsersAndGroups})
        $Member = Validate-ADUserForDistributionGroups $Member -DistributionGroupName $_.Name        
        if($Member){Sync-ADGroupMember -ADGroup $ADGroup -Member $Member -LogScriptBlock{Write-PPEventLog $Message -Source "Update Distribution Groups"  -WriteMessage}}
        
    }else{
    
        Write-PPEventLog -Message "Create distribution group $($_.Name)." -Source "Update Distribution Groups" -WriteMessage
        New-ADGroup -Name $_.Name -SamAccountName $_.Name -GroupCategory Distribution -GroupScope Universal -DisplayName $_.Name -Path $($_.DistinguishedName) -Description "Distribution group for $($_.Name)."
        $ADGroup = Get-ADGroup $_.Name
        Get-ADUser -Filter {EmailAddress -like "*"} -SearchBase $_.DistinguishedName | where{($_.enabled -eq $true) -and ($ExcludeADUsers -notcontains $_.UserPrincipalName)} | where{$_ -ne $null} | %{Add-ADGroupMember -Identity $ADGroup -Members $_}       
    }
}

# custom configuration  
$Configs | %{      
    
    $ADGroup = Get-ADGroup -Identity $_.Name
    $Config = $_
    
    if($_.Options -match "UpdateFromGroups"){
        
        Write-Host "Update users in distribution group $($ADGroup.Name)."       
        $Member = Validate-ADUserForDistributionGroups ($Config.AddGroups | %{Get-ADGroupMember -Identity $_ -Recursive | Get-ADUser}) -DistributionGroupName $ADGroup.Name
        if($Member){Sync-ADGroupMember -ADGroup $ADGroup -Member $Member -LogScriptBlock{Write-PPEventLog $Message -Source "Update Distribution Groups" -WriteMessage}}
    }         
    
    if($_.Options -match "AddFromGroups"){
        
        Write-Host "Add users in distribution group $($ADGroup.Name)."       
        $Member = Validate-ADUserForDistributionGroups ($Config.AddGroups | %{Get-ADGroupMember -Identity $_ -Recursive | Get-ADUser}) -DistributionGroupName $ADGroup.Name
        if($Member){Sync-ADGroupMember -OnlyAdd -ADGroup $ADGroup -Member $Member -LogScriptBlock{Write-PPEventLog $Message -Source "Update Distribution Groups" -WriteMessage}}
    }    
}

Write-PPErrorEventLog -Source "Update Distribution Groups" -ClearErrorVariable