Right now I have a script that cycles through different AD users and groups that are manually assigned. I would love to be able to do a read-console but I don't know how to get to ask for multiple strings, when I don't know how many strings there will be. The code in question is below and the variables in question are $Users and $Groups . Depending on its use, there may be many or few users/groups used.
<#
This script is to be used for impending access, usually of a high priority for users with an AD account not yet created.
Needs to be run as administrator.
Please note that the script will generate console log failures when accounts do not exist. THIS IS NORMAL BEHAVIOR.
#>
<#Modify these variables in the same format based on requirements. Leave "" for a null value.#>
$Users = "user1", "user2"
$Groups = "group1", "group2"
<#values for notifiation email. Internal addresses only.#>
$FromAddr = "[email protected]"
$ToAddr = "[email protected]", "[email protected]"
$ccAddr = "[email protected]"
<#P1 is assumed, but can be anything#>
$Priority = "P1"
<#How often (in seconds) the script will check for the existence of the AD accounts#>
$SleepTimerSec = 30
DO{
Foreach ($User in $Users) {
If (Get-ADUser -Identity $User){
#If the user exists in AD, it will add it to all of the AD groups listed above
Add-ADPrincipalGroupMembership $User -MemberOf $Groups[0..$Groups.GetUpperBound(0)]
#Removes the added user from being checked going forward
$Users = $Users | Where-Object {$_ -ne $User}
#sends and email alert that the user was added
Send-MailMessage -From $FromAddr -Subject "VPN access granted" -SmtpServer xxxx -To $ToAddr -Cc $ccAddr -Body "Access has been granted for $($Priority) User: $($User)"
}
}
#Console logging
Write-Host "Users remaining: " $Users
Write-Host "Waiting" $SleepTimerSec "seconds"
#Pause before the next AD check
Start-Sleep -Seconds $SleepTimerSec
} While($Users -ne $Null)