Hallo everyone,
I'm new to this Forum and I hope that someone can help me.
My Environment:
- Adaxes Backend Service and Web Frontend running on different mashines.
- The backend Service is located in Domain A and we have two other domains connected and managed.
Goal:
- I want to run a Scheduled Task to check if a set of groups are in the AD of domain B.
- If the groups are not there the Power Shell script in Adaxes should create them.
The Script:
#####################################
# Load Modules
#####################################
Import-Module Adaxes
#####################################
# Variables
#####################################
$Domain = 'hhcl.local'
$OUCustomers = 'OU=Customers,DC=hhcl,dc=local'
$CompanyGroups = @{'User' = 'Every user from this Company must be a member of this group'}
$CompanyGroups.Add('Exchange','Every Exchange user must be a member of this group')
$CompanyGroups.Add('Desktop','Default Desktop')
$CompanyGroups.Add('DesktopVDI','Default Desktop VDI')
$CompanyGroups.Add('App-Internet Explorer','Microsoft Internet Explorer')
$CompanyGroups.Add('App-Google-Chrome','Google Chrome')
$CompanyGroups.Add('App-Mozilla-Firefox','Mozilla Firefox')
$CompanyGroups.Add('Dev-Printer','Local printers from Client')
$CompanyGroups.Add('ThintPrint-Users','User that use ThinPrint devices')
$CompanyGroups.Add('Dev-Drives','Local drivers from Client')
$CompanyGroups.Add('Dev-USB','USB Devices from Client')
$CompanyGroups.Add('App-MUI-DE','Desktop language German')
$CompanyGroups.Add('App-Paint.Net','Paint.Net')
$CompanyGroups.Add('App-PDF Reader','PDF Reader')
$CompanyGroups.Add('App-OfficePro','Microsoft Office Pro')
$CompanyGroups.Add('App-OfficeProPlus','Microsoft Office Pro Plus with Access')
$CompanyGroups.Add('App-OfficeVisioStandard','Microsoft Office Visio Standard')
$CompanyGroups.Add('App-OfficeVisioProfessional','Microsoft Office Visio Professional')
$CompanyGroups.Add('App-OfficeProjectStandard','Microsoft Office Project Standard')
$CompanyGroups.Add('App-OfficeProjectProfessional','Microsoft Office Project Professional')
$CompanyGroups.Add('Res-LicenseOfficePro','Home License Office Professional')
$CompanyGroups.Add('Res-LicenseOfficeProPlus','Home License Office Professional Plus')
$CompanyGroups.Add('Res-LicenseOutlook','Home License Office Outlook')
$CompanyGroups.Add('Res-SmartSync','License Smart Sync')
$CompanyGroups.Add('Res-SmartSyncWeb','License Smart Sync Web')
$CompanyGroups.Add('Res-Token','Two factor authentication')
$ExchangeGroups = @{'OutlookWebAccess' = 'Exchange Access for OWA'}
$ExchangeGroups.Add('ActiveSync','Exchange access for mobile Sync')
$ExchangeGroups.Add('OutlookAnywhere','Exchange Access for mobile Outlook')
$ExchangeGroups.Add('EWS','Exchange access for the Exchange Web Services')
$CSNs = Get-AdmOrganizationalUnit -Filter * -AdaxesService 'localhost' -SearchBase $OUCustomers -Server $Domain -SearchScope 'OneLevel'
#####################################
# Script
#####################################
foreach($CSN in $CSNs)
{
# Walk through every Customer to check all the Groups
$CompanyGroups.GetEnumerator() | ForEach-Object {
$ErrorActionPreference = 'SilentlyContinue'
$WarningPreference = $ErrorActionPreference
$Groupname = $null
$Groupname = "$($CSN.Name)-$($_.Name)"
$GroupDescription = "$($_.Value)"
$objGroup = Get-AdmGroup -Identity $Groupname -AdaxesService 'localhost' -Server $Domain
if ($objGroup.Name -eq $NULL) {
New-AdmGroup -Name $Groupname -Path "OU=Ressources,OU=Group,OU=$($CSN.Name),$($OUCustomers)" -GroupScope Global -Description "$($GroupDescription)" -AdaxesService 'localhost' -Server $Domain
$Context.LogMessage("Gruppe $($Groupname) angelegt.", "Information")
}
}
$CompanyGroups.GetEnumerator() | ForEach-Object {
$Groupname = $null
$Groupname = "LD-$($CSN.Name)-$($_.Name)"
$GroupDescription = "$($_.Value)"
$objGroup = Get-AdmGroup -Identity $Groupname -AdaxesService 'localhost' -Server $Domain
if ($objGroup.Name -eq $NULL) {
New-AdmGroup -Name $Groupname -Path "OU=Security,OU=Group,OU=$($CSN.Name),$($OUCustomers)" -GroupScope DomainLocal -Description "$($GroupDescription)" -AdaxesService 'localhost' -Server $Domain
$Context.LogMessage("Gruppe $($Groupname) angelegt.", "Information")
}
}
$CompanyGroups.GetEnumerator() | ForEach-Object {
try {
$Groupname = $null
$Groupname = "$($CSN.Name)-$($_.Name)"
$X = Get-AdmGroup -Identity "LD-$($Groupname)" -AdaxesService 'localhost' -Server $Domain
$X = Get-AdmGroup -Identity "$($Groupname)" -AdaxesService 'localhost' -Server $Domain
Add-AdmGroupMember -Identity "LD-$($Groupname)" -Members "$($Groupname)" -AdaxesService 'localhost' -Server $Domain
}
catch { }
}
# Adding language groups to local ressource group LD-SW2-Global-TS-Language-DE
try {
$Groupname = $null
$Groupname = "$($CSN.Name)-App-MUI-DE"
$X = Get-AdmGroup -Identity "$($Groupname)" -AdaxesService 'localhost' -Server $Domain
$X = Get-AdmGroup -Identity 'S-1-5-21-624545983-476723688-3951924058-7257' -AdaxesService 'localhost' -Server $Domain
Add-AdmGroupMember -Identity 'S-1-5-21-624545983-476723688-3951924058-7257' -Members "$($Groupname)" -AdaxesService 'localhost' -Server $Domain
}
catch { }
# Adding Dev-Printer group to local ressource group LD-SW2-Local-Printers
try {
$Groupname = $null
$Groupname = "$($CSN.Name)-Dev-Printer"
$X = Get-AdmGroup -Identity "$($Groupname)" -AdaxesService 'localhost' -Server $Domain
$X = Get-AdmGroup -Identity 'S-1-5-21-624545983-476723688-3951924058-4885' -AdaxesService 'localhost' -Server $Domain
Add-AdmGroupMember -Identity 'S-1-5-21-624545983-476723688-3951924058-4885' -Members "$($Groupname)" -AdaxesService 'localhost' -Server $Domain
}
catch { }
# Adding Dev-Printer group to local ressource group LD-SW2-Local-DrivesFixed
try {
$Groupname = $null
$Groupname = "$($CSN.Name)-Dev-Drives"
$X = Get-AdmGroup -Identity "$($Groupname)" -AdaxesService 'localhost' -Server $Domain
$X = Get-AdmGroup -Identity 'S-1-5-21-624545983-476723688-3951924058-4884' -AdaxesService 'localhost' -Server $Domain
Add-AdmGroupMember -Identity 'S-1-5-21-624545983-476723688-3951924058-4884' -Members "$($Groupname)" -AdaxesService 'localhost' -Server $Domain
}
catch { }
# Adding Dev-Printer group to local ressource group LD-SW2-Local-DrivesUSB
try {
$Groupname = $null
$Groupname = "$($CSN.Name)-Dev-USB"
$X = Get-AdmGroup -Identity "$($Groupname)" -AdaxesService 'localhost' -Server $Domain
$X = Get-AdmGroup -Identity 'S-1-5-21-624545983-476723688-3951924058-4883' -AdaxesService 'localhost' -Server $Domain
Add-AdmGroupMember -Identity 'S-1-5-21-624545983-476723688-3951924058-4883' -Members "$($Groupname)" -AdaxesService 'localhost' -Server $Domain
}
catch { }
# Adding Dev-Printer group to local ressource group LD-SW2-ThinPrint-Users
try {
$Groupname = $null
$Groupname = "$($CSN.Name)-ThintPrint-Users"
$X = Get-AdmGroup -Identity "$($Groupname)" -AdaxesService 'localhost' -Server $Domain
$X = Get-AdmGroup -Identity 'S-1-5-21-624545983-476723688-3951924058-7278' -AdaxesService 'localhost' -Server $Domain
Add-AdmGroupMember -Identity 'S-1-5-21-624545983-476723688-3951924058-7278' -Members "$($Groupname)" -AdaxesService 'localhost' -Server $Domain
}
catch { }
# "Exchange-OWA","Exchange-ActiveSync","Exchange-OutlookAnywhere","Exchange-EWS"
$ExchangeGroups.GetEnumerator() | foreach {
try {
$Groupname = $null
$Groupname = "$($CSN.Name)-Exchange"
$X = Get-ADmGroup -Identity "LD-SW2-Exchange-$($_.Name)" -AdaxesService 'localhost' -Server $Domain
Add-ADmGroupMember -Identity "LD-SW2-Exchange-$($_.Name)" -Members "$($Groupname)" -AdaxesService 'localhost' -Server $Domain
}
catch { }
}
}
Scheduled Tast settings:
- Perform the following action on each Group effected by this task:
- Action: The script above
Symtom:
- When I run the script in the Admin Center it runs fine and end in two minutes. ;)
- When I start the Scheduled Task, the script run hours and will not end :?:
- The same issue when I change the scope of objects :?:
Question:
Can someone help me?
Thanks a lot.