-
Notifications
You must be signed in to change notification settings - Fork 0
Expand file tree
/
Copy pathRemove-TempSecurityGroupMembership.ps1
More file actions
62 lines (52 loc) · 2.01 KB
/
Remove-TempSecurityGroupMembership.ps1
File metadata and controls
62 lines (52 loc) · 2.01 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
###This script requires Quest ActiveRoles##
###Author: Dean Pollaro###
##Loads Quest ActiveRoles snapin##
Add-PSSnapin Quest.ActiveRoles.ADManagement -ErrorAction SilentlyContinue
#Variables#
#Get's todays date##
$date = Get-Date -f "dd-MMM-yyyy"
#Enter Root Directory for CSV File#
$root = 'Enter Folder Path'
#Enter CSV Filename#
$csvfile = $($root + '\EnterFileName.csv')
#Enter Group to monitor#
$groupname = "GroupName"
#Checks if CSV file exists and imports the data, if not sets empty array##
if (Test-Path $csvfile) {
$DataIN = Import-Csv $csvfile
} else {
$DataIN = @()
}
#Enter group name that you want to monitor/remove from. The below line gets the list#
#of members in the group and selects their name, user guid, and the date it found it in the group#
$members = Get-QADGroupMember $groupname | select name, guid, @{n='date'; e={$date}}
##sets empty array##
$DataOut = @()
##iterates through each member in the group that it found##
foreach ($member in $members) {
##sets a new variable to false##
$found = $false
##iterates through each line in the csv file and checks if the member guid matches any line in the csv##
foreach ($RecordIn in $DataIN) {
if ($member.guid -eq $RecordIn.guid) {
##checks the date for the user it matched and removes it from group if in there for 7 days##
if ($(Get-Date $RecordIn.date) -lt $(Get-Date).AddDays(-7)) {
##removes user from group##
Remove-QADGroupMember $groupname -member $($member.guid)
##if less than 7 days it adds to the $DataOut array##
} else {
$DataOut += $RecordIn
}
##sets found variable to true for users it found regardless if 7 days or not##
$found = $true
Break
}
}
##if the user is not found, it adds it to the $DataOut array##
if ($found -eq $false) {
$DataOut += $member
}
}
##Exports the $DataOut array to the csv file. The array will contain##
##existing users found but haven't been removed as well as new users##
$DataOut | Export-Csv -Path $csvfile -NoTypeInformation