AD PowerShell - Check new server then add on SG

Set up a PowerShell script that runs periodically on your domain controller to check for new servers. Here’s an outline of how you can approach this:

Create a Security Group: Set up a security group in Active Directory that will contain all Windows Server machines (e.g., AllWindowsServers).
PowerShell Script: Write a PowerShell script that will:

Search for new computer accounts with the OperatingSystem property containing "Windows Server."
Check if these accounts are already in the AllWindowsServers security group.
If not, add them to the group.
Send an email notification whenever a new server is added to the group.

Set Up Task Scheduler: Schedule this PowerShell script to run periodically (e.g., daily or hourly).

PowerShell Script

# Set the security group and email details

$groupName = "AllWindowsServers"

$emailRecipient = "admin@example.com"

$emailSender = "alert@example.com"

$smtpServer = "smtp.example.com"

# Find all Windows Server computers not already in the group

$servers = Get-ADComputer -Filter 'OperatingSystem -like "*Windows Server*"' -Properties OperatingSystem, MemberOf |

Where-Object { ($_ | Get-ADGroupMember -Recursive | Where-Object { $_.Name -eq $groupName }) -eq $null }

# Initialize a list to track newly added servers

$newServers = @()

foreach ($server in $servers) {

# Add the server to the group

Add-ADGroupMember -Identity $groupName -Members $server

$newServers += $server.Name

}

# If there were new servers added, send an email notification

if ($newServers.Count -gt 0) {

$subject = "New Windows Servers Added to Security Group"

$body = "The following Windows Servers were added to the $groupName security group:`n`n" + ($newServers -join "`n")

Send-MailMessage -From $emailSender -To $emailRecipient -Subject $subject -Body $body -SmtpServer $smtpServer

}

Google Sites

Report abuse