Check Computer Group Membership and add if not member

[MeenSeen]

I am trying to create a script that checks a computer's group membership. The computer's IP determines what group it should belong to. So I want to check AD for all workstations, get it's IP, based on IP, check for group membership and if not a member, add it. Thanks.

 

[kmcferrin]

Which part are you stuck on? Getting a list of workstations from AD, getting the IP address of the workstation, checking the group membership of the workstation, or adding the workstation to a group?

Also, I'm assuming that you're doing this for some sort of location-based functionality (maybe printing?). Have you considered what happens when the PC moves to a different IP block/location? They'll be added to the new group but not taken out of the existing group.

You might want to check out these two FAQs:

http://www.tek-tips.com/faqs.cfm?fid=5798

http://www.tek-tips.com/faqs.cfm?fid=5908

 

[MeenSeen]

Getting the list of workstations is no big deal, the part I am really having an issue with is either subsequently getting the IP from the workstation, checking if the computer is a member of a certain group based on its subnet (ie 10.10.2.x vs 10.10.3.x) or by checking if the computer is a member of one of several groups and if not adding to a group based on IP. The script will be used for placing computers into security groups based on location (VLAN) and having a gpo apply to that security group for installing updates based on the computers location.

I don't really care if the computer is moved because I will have a way to deal with that on a limited basis.

Thanks