# script to update depatment groups based on the users in the OU
# requires Powershell 2.0 
# requires Windows 2008 Powershell Active Directory Module
# Version 1.0 - erste Version
# Version 1.1 - Erweiterung Skip USers already in group
#
# Pending
#	-ErrorHandling/Loggin

[string]$deptgroupprefix="dept-"
[string]$abteilungOUbase="ou=department,dc=w08dom,dc=test"

Import-Module ActiveDirectory

foreach ($group in (get-adgroup -filter 'samaccountname -like "dept-*"')) {
	write-host "======== Processing $group  ======="
	[string]$abteilung = $group.Name.Replace($deptgroupprefix,"")
	[string]$ou = "ou=$abteilung,$abteilungOUbase"
	Write-Host "   Abteilung: $abteilung"
	Write-Host "   UserOU   : $ou"

	write-host "--  Addiere Abteilungskonten --"
	foreach ($user in (get-aduser -filter:* -searchbase:$ou)) {
		write-host "    Benutzer: $user.name" -nonewline
		$alreadymember = $false
		foreach ($member in (get-adgroupmember -identity $group)) {
			if ($member.distinguishedname -eq $user.distinguishedname) {
				$alreadymember = $true
				write-host " Already Member"
			}
		}
		if ($alreadymember -eq $false) {
			write-host " ADD Member"
			add-adgroupmember $group $user
		}
	}

	write-host "--  Entferne fremde Konten --"
	foreach ($member in (get-adgroupmember $group)) {
		write-host "    Mitglied: "$member -nonewline
		if ($member.distinguishedName.tolower().endswith($ou.tolower())) {
			write-host "-> Nicht Entfernen"
		}
		else {
			write-host "-> Entfernen"
			remove-adgroupmember -identity $group -members $member -confirm:$false
		}
	}
}