|
5 | 5 | # Author: Sam Erde |
6 | 6 | # |
7 | 7 | # Created: 11/04/2014 |
8 | | -# Description: Read a list of obsolete groups from a text file, export the members to a separate text file for each group, |
| 8 | +# Description: Read a list of obsolete groups from a text file, export the members to a separate text file for each group, |
9 | 9 | # and then empty the obsolete groups. They can be deleted after a week or two to prove they are no longer used. |
10 | 10 | # The empty groups are also moved to the "Obsolete Groups" OU. |
11 | 11 | # |
12 | 12 | # DO NOT RUN TWICE ON THE SAME FILE OR THE ARCHIVE WILL BE OVERWRITTEN! |
13 | 13 | # |
14 | | -# To Do: |
| 14 | +# To Do: |
15 | 15 | # Add error handling |
16 | 16 | # Prompt for a job name at each run so their is a separate archive folder for each job to help prevent an archive from being overwritten. |
17 | 17 | # Add handling of group names to it can discover DNs if needed. This may require a specific format within the input file, such as group DNs there. |
|
22 | 22 | Import-Module ActiveDirectory |
23 | 23 |
|
24 | 24 | #Set the Active Directory server name that will be used. Using a serverless domain name here may also work. |
25 | | -$Domain = "" |
| 25 | +$Domain = '' |
26 | 26 |
|
27 | 27 | #Read in the CSV or text file of group names. |
28 | 28 | $File = Get-Content -Path C:\Scripts\ObsoleteGroups\ObsoleteGroups.csv |
29 | 29 |
|
30 | 30 | #Loop through each line of the text file and run the following commands for each line: |
31 | | -Foreach ($Group in $File) |
32 | | -{ |
| 31 | +Foreach ($Group in $File) { |
33 | 32 | #Get the members of each group (recursively in case groups are nested) in the specified domain or domain controller. |
34 | 33 | #Select the name of each member within the group and then write each name to a CSV file. Each CSV file is named with the name of each security group. |
35 | 34 | Get-ADGroupMember -Server $Domain -Identity $Group -Recursive | Export-Csv -Path "C:\Scripts\ObsoleteGroups\Archive\$group.csv" -NoTypeInformation |
36 | 35 |
|
37 | 36 | <# * * * * * * * * * * |
38 | | - This section will require special customization until we further develop the script to pull the full group DN. |
| 37 | + This section will require special customization until we further develop the script to pull the full group DN. |
39 | 38 | In the interest of time today, I have hard coded some of the information. |
40 | 39 | * * * * * * * * * * |
41 | 40 | /#> |
42 | | - .\Remove-AllGroupMembers.ps1 -group "CN=$Group" -ou "OU=" -domain "DC=" |
43 | | - Move-ADObject -Server $Domain -Identity "CN=ps,DC=" -TargetPath "" |
| 41 | + .\Remove-AllGroupMembers.ps1 -group "CN=$Group" -ou 'OU=' -domain 'DC=' |
| 42 | + Move-ADObject -Server $Domain -Identity 'CN=ps,DC=' -TargetPath '' |
44 | 43 | } |
45 | 44 |
|
46 | 45 | #Copy and rename the CSV file with a timestamp to keep as a record of run history. |
|
0 commit comments