0

Right now I have a script that cycles through different AD users and groups that are manually assigned. I would love to be able to do a read-console but I don't know how to get to ask for multiple strings, when I don't know how many strings there will be. The code in question is below and the variables in question are $Users and $Groups . Depending on its use, there may be many or few users/groups used.

<#
This script is to be used for impending access, usually of a high priority for users with an AD account not yet created.

Needs to be run as administrator.

Please note that the script will generate console log failures when accounts do not exist. THIS IS NORMAL BEHAVIOR.
#>

<#Modify these variables in the same format based on requirements. Leave "" for a null value.#>
$Users = "user1", "user2"
$Groups = "group1", "group2"

<#values for notifiation email. Internal addresses only.#>
$FromAddr = "a@b.com"
$ToAddr = "a@b.com", "a@b.com"
$ccAddr = "a@b.com"

<#P1 is assumed, but can be anything#>
$Priority = "P1"

<#How often (in seconds) the script will check for the existence of the AD accounts#>
$SleepTimerSec = 30

DO{

Foreach ($User in $Users) {

If (Get-ADUser -Identity $User){

#If the user exists in AD, it will add it to all of the AD groups listed above
Add-ADPrincipalGroupMembership $User -MemberOf $Groups[0..$Groups.GetUpperBound(0)]

#Removes the added user from being checked going forward
$Users = $Users | Where-Object {$_ -ne $User}

#sends and email alert that the user was added
Send-MailMessage -From $FromAddr -Subject "VPN access granted" -SmtpServer xxxx -To $ToAddr -Cc $ccAddr -Body "Access has been granted for $($Priority) User:  $($User)"
}
}
#Console logging
Write-Host "Users remaining: " $Users
Write-Host "Waiting" $SleepTimerSec "seconds"

#Pause before the next AD check
Start-Sleep -Seconds $SleepTimerSec
} While($Users -ne $Null)
aric8456
  • 129
  • 2
  • 11
  • 1
    It's not very clear what you exactly want. Do you want to track the progress of remaining `users` & `groups` on your `Do` loop? – Santiago Squarzon May 25 '21 at 17:34
  • 2
    If you want to accept multiple users ask the operator for a comma separated list, then split it on commas (and probably remove spaces). Otherwise my only thought is that you end up with a Do/While loop and ask them to leave it blank when they're done with users, and that just doesn't seem clean/intuitive to me. – TheMadTechnician May 25 '21 at 17:37
  • Just as an aside, if you know that some users won't be found/are relying on user input as free text, [you should deal with the `ADIdentityNotFoundException`](https://stackoverflow.com/a/48389528/9164015) errors properly. – Ash May 25 '21 at 18:27
  • 1
    Complementing @Ash es comment. `Get-ADUser -Identity $User` will throw an exception if the user cannot be found. Better use `$adUser = Get-ADUser -Filter "SamAccountName -eq '$User' -ErrorAction SilentlyContinue`. Then test with `if($adUser)` before you proceed. – Theo May 26 '21 at 15:05

0 Answers0