Back Ground:
This is my case, In the school I worked for, the students access to all computers are restrained, however, in certain classroom,
those restrain need to be removed for students since there are media softwares need full access to the computer.


Data Information:
I have a students-class.csv contains students and class assossiation in such format, I get this from a scripts exported from SQLserver.

student-class.csv
student0,11his2
student1,10med9
student2,10med4
student3,9med4
student5,8med5
student6,7Int5

I have another classlist.csv conatins all the class which need extra access to those class room computers.
I get this from teacher who request access for his students.

10med9
9med4
8med5
10med4

Active Directory: All students are under students OU. The group policy is setting restrictions on students OU level. There are year level OU under students OU. My goal is create class OU under yearl level OU, move the students within med class inside, block the group policy heritage then apply the special group policy I created for those students.

Powershell scripts:

# Intro: Create new OU from class.csv, block group policy inheritance on those OU 
#        Link a existing group policy to the OU we created
#        Move assosiated users to the OU
# Ahuthor: Lei Liu
# Date: 25/07/2013


import-module grouppolicy
# a function to find user DistinguishedName from student username
Function Get-DistinguishedName ($strUserName) 
{  
   $searcher = New-Object System.DirectoryServices.DirectorySearcher([ADSI]'') 
   $searcher.Filter = "(&(objectClass=User)(samAccountName=$strUserName))" 
   $result = $searcher.FindOne() 
   Return $result.GetDirectoryEntry().DistinguishedName 
} 

$userlist = import-csv Student-Class.csv  -header StudID,Class
$mediaclasslist = import-csv ClassList.csv -header ClassName
foreach ($mediaClass in $mediaclasslist)
{
	#a little bit string manupulation to locate students year level
	if ($mediaClass.ClassName.Substring(0,1) -eq "1")
		{
		$yearlevel = $mediaClass.ClassName.Substring(0,2)
		}
	else
		{
		$yearlevel = $mediaClass.ClassName.Substring(0,1)
		}
	$moveToOU = 'OU='+$mediaClass.ClassName+',OU=Yr'+$yearlevel+',OU=Students,DC=MyDomain'
	dsadd ou $moveToOU
	
	#block the Group Policy Inheritance
	Set-GPinheritance -Target $moveToOU -IsBlocked Yes
	#link the Group Policy to the OU
	new-gplink -name MedStudentGroupPolicy -target $moveToOU -enforced yes
	
	#starting move students cross
	foreach ($Person in $UserList) 
	{
		if ($Person.Class -eq $mediaClass.ClassName)
		{
			$UserName = $Person.StudID
			$strDN = Get-DistinguishedName $UserName
			#Finding the location of the user account Andre:
			Move-adobject $strDN -targetpath $moveToOU

		}
	}
}

 

About Lei

I am an IT specialist with over 10 year experience - years on Automation, on-Premise or Azure.

I am happy to develop however never want be a full time developer. Only do what I have to do. If it has to be PowerShell,HTML, PHP, CSS, C#, VBS or JS, front end or backend, so be it, doesn't matter!

Spent years with Windows, SCCM, SharePoint, SQL and Exchange servers. For last several years, I have been actively working under On Premise > Azure environment.

THERE IS NO WAY BACK!!!

Current Certificates:
    Microsoft® Certified-
  • -Enterprise Administrator
  • -Database Administrator
  • -SharePoint Administrator
  • -Administering and Deploying SCCM 2012
Red Hat Certified Technician
ITIL V3 Foundation - Practitioner

Working on Azure Certificates now and hopefully they can stop upgrading their questions one day! GIVE ME A BREAK!

Contact Lei

Name *
Email *
Comments *

Traffic since 10/08/2016

Today13
Yesterday83
This week637
This month1933
Total416293

Visitor Info

  • IP: 54.221.73.186
  • Browser: Unknown
  • Browser Version:
  • Operating System: Unknown

Who Is Online

1
Online

2017-12-17

Login