jacksoneyton · November 11, 2016 00:37
diff --git a/ARRC_Chartec_GroupManagement.ps1 b/ARRC_Chartec_GroupManagement.ps1
 #Import Necessary modules
 Import-Module ActiveDirectory
 Import-Module PSSQLite

 #Set Database information
 $Database = "E:\ARRC\ADChangeHistory.sqlite"
 $dbBackup = "E:\ARRC\ADChangeHistory.bak"
 $tableslistquery = "SELECT * FROM sqlite_master WHERE type='table'"
 $LogActionQuery = "INSERT INTO GROUPHISTORY (GroupName, Username, Action, Date) VALUES (@groupname, @username, @action, @date)"
 $DisabledUsersLogQuery = "INSERT INTO ADUSERHISTORY (OriginalOU, DestinationOU, UserName, DateMoved) VALUES (@OriginalOU, @DestinationOU, @UserName, @date)"

 #set Organizational Unit filters
 $ou = "OU=Users & Computers,OU=ARRC Network,DC=arrctek,DC=local"
 $ou1 = "OU=ARRC Users,OU=Users & Computers,OU=ARRC Network,DC=arrctek,DC=local"
 $ou2 = "OU=Corporate Operations,OU=ARRC Network,DC=arrctek,DC=local"
 $ou3 = "OU=Groups & Misc. Accounts,OU=ARRC Network,DC=arrctek,DC=local"

 #Get all enabled user accounts
 $Usergroup1 = Get-ADUser -searchBase $ou1 -Filter * -Properties mail | where {$_.Enabled -eq "True"}
 $Usergroup2 = Get-ADUser -searchBase $ou2 -Filter * -Properties mail | where {$_.Enabled -eq "True"}
 $allusers = $Usergroup1 += $usergroup2
 $DisabledUsers = Get-ADUser -searchBase $ou -Filter * | where {($_.Enabled -like "False") -and ($_.DistinguishedName -notlike "CN=$($_.Name),OU=Users & Computers,OU=ARRC Network,DC=arrctek,DC=local")}

 #Gather and Saves details about ARRC Users and the ARRC distribution group
 $ARRCUsers = $allusers | where {$_.mail -like "*@arrc.com"}
 $ARRCGroupMembers = Get-ADGroupMember ARRC

 #Gather and Save details about CharTec User and the CharTec distribution group
 $CharTecUsers = $allusers | where {$_.mail -like "*@chartec.net"}
 $CharTecGroupMembers = Get-ADGroupMember CharTec

 #Gather and Save details about CharTec User and the Relyenz distribution group
 $RelyenzUsers = $CharTecUsers = $allusers | where {$_.mail -like "*@relyenz.com"}
 $RelyenzGroupMembers = Get-ADGroupMember Relyenz

 #Gather and Save details about InternalUsers group members
 $InternalUsersGroupMembers = Get-ADGroupMember Internal

 #Gather and Save details regarding all groups
 $AllGroups = Get-ADGroup -searchbase $ou3 -Filter *

 #Disable user confirmations for all actions
 $ConfirmPreference = “None”

 function set-database
 {
    if(!(test-path $database))
        {
            if(!(Test-Path $dbBackup))
                {
                    $tablecreatequery = "CREATE TABLE GROUPHISTORY (GroupName TEXT, Username TEXT, Action TEXT, Date DATETIME);
                                         CREATE TABLE ADUSERHISTORY (OriginalOU TEXT, DestinationOU TEXT, UserName TEXT, DateMoved DATETIME)"
                    Invoke-SqliteQuery -Query $tablecreatequery -DataSource $Database
                }
            else
                {
                    Copy-Item $dbBackup $database
                }
        }
    else
        {
            $ExistingDBTables = Invoke-SqliteQuery -DataSource $database -Query $tableslistquery
            if ($ExistingDBTables.tbl_name -notcontains "GROUPHISTORY")
                {
                    $GHTableQry = "CREATE TABLE GROUPHISTORY (GroupName TEXT, Username TEXT, Action TEXT, Date DATETIME)"
                    Invoke-SqliteQuery -Query $GHTableQry -DataSource $Database
                }
            elseif ($ExistingDBTables.tbl_name -notcontains "ADUSERHISTORY")
                {
                    $ADUTableQry = "CREATE TABLE ADUSERHISTORY (OriginalOU TEXT, DestinationOU TEXT, UserName TEXT, DateMoved DATETIME)"
                    Invoke-SqliteQuery -Query $ADUTableQry -DataSource $Database
                }
            Copy-Item $database $dbBackup            
        }
 }

 function add-members
 {
    #Start Checking InternalUsers Group Members
    foreach ($User in $allusers)
        {
            $UserPresentInGroup = "False"
            foreach ($InternalUsersGroupMember in $InternalUsersGroupMembers)
                {
                    If ($($InternalUsersGroupMember.Name) -eq $($User.name))
                        {
                            $UserPresentInGroup = "True"
                        }
                }
            If ($UserPresentInGroup -ne "True")
                {
                    Add-ADGroupMember -Identity "Internal" -Member $User #-whatif
                    Invoke-SqliteQuery -Database $Database -Query $LogActionQuery -SqlParameters @{
                        groupname = "Internal"
                        username = "$($user.name)"
                        action = "Added"
                        date   = Get-Date -Format "yyyy-MM-dd HH:mm:ss"}
                }
        }

    #Start Checking ARRC Group Members
    foreach ($ARRCuser in $ARRCusers)
        {
            $UserPresentInGroup = "False"
            foreach ($ARRCGroupMember in $ARRCGroupMembers)
                {
                    If ($($ARRCGroupMember.Name) -eq $($ARRCuser.name))
                        {
                            $UserPresentInGroup = "True"
                        }
                }
            If ($UserPresentInGroup -ne "True")
                {
                    Add-ADGroupMember -Identity "ARRC" -Member $ARRCuser #-whatif
                    Invoke-SqliteQuery -Database $Database -Query $LogActionQuery -SqlParameters @{
                        groupname = "ARRC"
                        username = "$($ARRCuser.name)"
                        action = "Added"
                        date   = Get-Date -Format "yyyy-MM-dd HH:mm:ss"}
                }
        }

    #Start Checking CharTec Group Members
    foreach ($CharTecUser in $CharTecUsers)
        {
            $UserPresentInGroup = "False"
            foreach ($CharTecGroupMember in $CharTecGroupMembers)
            {
                If ($($CharTecGroupMember.Name) -eq $($CharTecUser.name))
                {
                    $UserPresentInGroup = "True"
                }
            }
            If ($UserPresentInGroup -ne "True")
                {
                    Add-ADGroupMember -Identity "CharTec" -Member $CharTecUser #-whatif
                    Invoke-SqliteQuery -Database $Database -Query $LogActionQuery -SqlParameters @{
                        groupname = "CharTec"
                        username = "$($CharTecUser.name)"
                        action = "Added"
                        date   = Get-Date -Format "yyyy-MM-dd HH:mm:ss"}
                }
        }

    #Start Checking Relyenz Group Members
    foreach ($RelyenzUser in $RelyenzUsers)
        {
            $UserPresentInGroup = "False"
            foreach ($RelyenzGroupMember in $RelyenzGroupMembers)
            {
                If ($($RelyenzGroupMember.Name) -eq $($RelyenzUser.name))
                {
                    $UserPresentInGroup = "True"
                }
            }
            If ($UserPresentInGroup -ne "True")
                {
                    Add-ADGroupMember -Identity "Relyenz" -Member $RelyenzUser #-whatif
                    Invoke-SqliteQuery -Database $Database -Query $LogActionQuery -SqlParameters @{
                        groupname = "Relyenz"
                        username = "$($RelyenzUser.name)"
                        action = "Added"
                        date   = Get-Date -Format "yyyy-MM-dd HH:mm:ss"}
                }
        }
 }

 function Remove-DisabledUsersFromGroups
 {
   foreach ($group in $AllGroups)
    {
        $groupmembers = Get-ADGroupMember $($group).name
        foreach ($member in $groupmembers)
        {
            if ($($member).objectClass -eq "user")
            {
                $GroupUser = Get-ADUser -Identity $($member).samaccountname
                if ($($GroupUser).Enabled -like "False")
                {
                    Remove-ADGroupMember -Identity $($group).name -Member $GroupUser #-whatif
                    Invoke-SqliteQuery -Database $Database -Query $LogActionQuery -SqlParameters @{
                        groupname = "$($group.name)"
                        username = "$($GroupUser.name)"
                        action = "Removed"
                        date   = Get-Date -Format "yyyy-MM-dd HH:mm:ss"}
                }
            } 
        }
    } 
 }

 function move-disabledusers
 {
    if ($DisabledUsers -ne $null)
        {
            foreach ($DisabledUser in $DisabledUsers)
                {
                    $OriginalOU = $DisabledUser.DistinguishedName -replace "CN=$($DisabledUser.name),",""
                    Move-ADObject -Identity $($DisabledUser.DistinguishedName) -TargetPath $ou #-whatif
                    Invoke-SqliteQuery -Database $Database -Query $DisabledUsersLogQuery -SqlParameters @{
                        OriginalOU = "$OriginalOU"
                        DestinationOU = "$ou"
                        UserName = "$($DisabledUser.name)"
                        date   = Get-Date -Format "yyyy-MM-dd HH:mm:ss"}
                }
        }
 }

 set-database
 add-members
 Remove-DisabledUsersFromGroups
 move-disabledusers
	#Import Necessary modules
	Import-Module ActiveDirectory
	Import-Module PSSQLite

	#Set Database information
	$Database = "E:\ARRC\ADChangeHistory.sqlite"
	$dbBackup = "E:\ARRC\ADChangeHistory.bak"
	$tableslistquery = "SELECT * FROM sqlite_master WHERE type='table'"
	$LogActionQuery = "INSERT INTO GROUPHISTORY (GroupName, Username, Action, Date) VALUES (@groupname, @username, @action, @date)"
	$DisabledUsersLogQuery = "INSERT INTO ADUSERHISTORY (OriginalOU, DestinationOU, UserName, DateMoved) VALUES (@OriginalOU, @DestinationOU, @UserName, @date)"

	#set Organizational Unit filters
	$ou = "OU=Users & Computers,OU=ARRC Network,DC=arrctek,DC=local"
	$ou1 = "OU=ARRC Users,OU=Users & Computers,OU=ARRC Network,DC=arrctek,DC=local"
	$ou2 = "OU=Corporate Operations,OU=ARRC Network,DC=arrctek,DC=local"
	$ou3 = "OU=Groups & Misc. Accounts,OU=ARRC Network,DC=arrctek,DC=local"

	#Get all enabled user accounts
	$Usergroup1 = Get-ADUser -searchBase $ou1 -Filter * -Properties mail \| where {$_.Enabled -eq "True"}
	$Usergroup2 = Get-ADUser -searchBase $ou2 -Filter * -Properties mail \| where {$_.Enabled -eq "True"}
	$allusers = $Usergroup1 += $usergroup2
	$DisabledUsers = Get-ADUser -searchBase $ou -Filter * \| where {($_.Enabled -like "False") -and ($_.DistinguishedName -notlike "CN=$($_.Name),OU=Users & Computers,OU=ARRC Network,DC=arrctek,DC=local")}

	#Gather and Saves details about ARRC Users and the ARRC distribution group
	$ARRCUsers = $allusers \| where {$_.mail -like "*@arrc.com"}
	$ARRCGroupMembers = Get-ADGroupMember ARRC

	#Gather and Save details about CharTec User and the CharTec distribution group
	$CharTecUsers = $allusers \| where {$_.mail -like "*@chartec.net"}
	$CharTecGroupMembers = Get-ADGroupMember CharTec

	#Gather and Save details about CharTec User and the Relyenz distribution group
	$RelyenzUsers = $CharTecUsers = $allusers \| where {$_.mail -like "*@relyenz.com"}
	$RelyenzGroupMembers = Get-ADGroupMember Relyenz

	#Gather and Save details about InternalUsers group members
	$InternalUsersGroupMembers = Get-ADGroupMember Internal

	#Gather and Save details regarding all groups
	$AllGroups = Get-ADGroup -searchbase $ou3 -Filter *

	#Disable user confirmations for all actions
	$ConfirmPreference = “None”

	function set-database
	{
	if(!(test-path $database))
	{
	if(!(Test-Path $dbBackup))
	{
	$tablecreatequery = "CREATE TABLE GROUPHISTORY (GroupName TEXT, Username TEXT, Action TEXT, Date DATETIME);
	CREATE TABLE ADUSERHISTORY (OriginalOU TEXT, DestinationOU TEXT, UserName TEXT, DateMoved DATETIME)"
	Invoke-SqliteQuery -Query $tablecreatequery -DataSource $Database
	}
	else
	{
	Copy-Item $dbBackup $database
	}
	}
	else
	{
	$ExistingDBTables = Invoke-SqliteQuery -DataSource $database -Query $tableslistquery
	if ($ExistingDBTables.tbl_name -notcontains "GROUPHISTORY")
	{
	$GHTableQry = "CREATE TABLE GROUPHISTORY (GroupName TEXT, Username TEXT, Action TEXT, Date DATETIME)"
	Invoke-SqliteQuery -Query $GHTableQry -DataSource $Database
	}
	elseif ($ExistingDBTables.tbl_name -notcontains "ADUSERHISTORY")
	{
	$ADUTableQry = "CREATE TABLE ADUSERHISTORY (OriginalOU TEXT, DestinationOU TEXT, UserName TEXT, DateMoved DATETIME)"
	Invoke-SqliteQuery -Query $ADUTableQry -DataSource $Database
	}
	Copy-Item $database $dbBackup
	}
	}

	function add-members
	{
	#Start Checking InternalUsers Group Members
	foreach ($User in $allusers)
	{
	$UserPresentInGroup = "False"
	foreach ($InternalUsersGroupMember in $InternalUsersGroupMembers)
	{
	If ($($InternalUsersGroupMember.Name) -eq $($User.name))
	{
	$UserPresentInGroup = "True"
	}
	}
	If ($UserPresentInGroup -ne "True")
	{
	Add-ADGroupMember -Identity "Internal" -Member $User #-whatif
	Invoke-SqliteQuery -Database $Database -Query $LogActionQuery -SqlParameters @{
	groupname = "Internal"
	username = "$($user.name)"
	action = "Added"
	date = Get-Date -Format "yyyy-MM-dd HH:mm:ss"}
	}
	}

	#Start Checking ARRC Group Members
	foreach ($ARRCuser in $ARRCusers)
	{
	$UserPresentInGroup = "False"
	foreach ($ARRCGroupMember in $ARRCGroupMembers)
	{
	If ($($ARRCGroupMember.Name) -eq $($ARRCuser.name))
	{
	$UserPresentInGroup = "True"
	}
	}
	If ($UserPresentInGroup -ne "True")
	{
	Add-ADGroupMember -Identity "ARRC" -Member $ARRCuser #-whatif
	Invoke-SqliteQuery -Database $Database -Query $LogActionQuery -SqlParameters @{
	groupname = "ARRC"
	username = "$($ARRCuser.name)"
	action = "Added"
	date = Get-Date -Format "yyyy-MM-dd HH:mm:ss"}
	}
	}

	#Start Checking CharTec Group Members
	foreach ($CharTecUser in $CharTecUsers)
	{
	$UserPresentInGroup = "False"
	foreach ($CharTecGroupMember in $CharTecGroupMembers)
	{
	If ($($CharTecGroupMember.Name) -eq $($CharTecUser.name))
	{
	$UserPresentInGroup = "True"
	}
	}
	If ($UserPresentInGroup -ne "True")
	{
	Add-ADGroupMember -Identity "CharTec" -Member $CharTecUser #-whatif
	Invoke-SqliteQuery -Database $Database -Query $LogActionQuery -SqlParameters @{
	groupname = "CharTec"
	username = "$($CharTecUser.name)"
	action = "Added"
	date = Get-Date -Format "yyyy-MM-dd HH:mm:ss"}
	}
	}

	#Start Checking Relyenz Group Members
	foreach ($RelyenzUser in $RelyenzUsers)
	{
	$UserPresentInGroup = "False"
	foreach ($RelyenzGroupMember in $RelyenzGroupMembers)
	{
	If ($($RelyenzGroupMember.Name) -eq $($RelyenzUser.name))
	{
	$UserPresentInGroup = "True"
	}
	}
	If ($UserPresentInGroup -ne "True")
	{
	Add-ADGroupMember -Identity "Relyenz" -Member $RelyenzUser #-whatif
	Invoke-SqliteQuery -Database $Database -Query $LogActionQuery -SqlParameters @{
	groupname = "Relyenz"
	username = "$($RelyenzUser.name)"
	action = "Added"
	date = Get-Date -Format "yyyy-MM-dd HH:mm:ss"}
	}
	}
	}

	function Remove-DisabledUsersFromGroups
	{
	foreach ($group in $AllGroups)
	{
	$groupmembers = Get-ADGroupMember $($group).name
	foreach ($member in $groupmembers)
	{
	if ($($member).objectClass -eq "user")
	{
	$GroupUser = Get-ADUser -Identity $($member).samaccountname
	if ($($GroupUser).Enabled -like "False")
	{
	Remove-ADGroupMember -Identity $($group).name -Member $GroupUser #-whatif
	Invoke-SqliteQuery -Database $Database -Query $LogActionQuery -SqlParameters @{
	groupname = "$($group.name)"
	username = "$($GroupUser.name)"
	action = "Removed"
	date = Get-Date -Format "yyyy-MM-dd HH:mm:ss"}
	}
	}
	}
	}
	}

	function move-disabledusers
	{
	if ($DisabledUsers -ne $null)
	{
	foreach ($DisabledUser in $DisabledUsers)
	{
	$OriginalOU = $DisabledUser.DistinguishedName -replace "CN=$($DisabledUser.name),",""
	Move-ADObject -Identity $($DisabledUser.DistinguishedName) -TargetPath $ou #-whatif
	Invoke-SqliteQuery -Database $Database -Query $DisabledUsersLogQuery -SqlParameters @{
	OriginalOU = "$OriginalOU"
	DestinationOU = "$ou"
	UserName = "$($DisabledUser.name)"
	date = Get-Date -Format "yyyy-MM-dd HH:mm:ss"}
	}
	}
	}

	set-database
	add-members
	Remove-DisabledUsersFromGroups
	move-disabledusers