-
Notifications
You must be signed in to change notification settings - Fork 38
/
AddAppUsers-FromADGroup.ps1
112 lines (100 loc) · 3.98 KB
/
AddAppUsers-FromADGroup.ps1
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
<#
.DESCRIPTION
This script updates an app group users based on a Windows AD security gorup
Tested with Windows AD only, not Azure AD
.PARAMETER adGroupName
Specifies the source group that the WVD App Group will update from.
.PARAMETER wvdTenantName
Specifies the Tenant name for the WVD service.
.PARAMETER wvdHostPoolName
Specifies the Host Pool name for the WVD service.
.PARAMETER wvdAppGroupName
Specifies the App Group users are added to.
.NOTES
Script is offered as-is with no warranty
Test it before you trust it
Author : Travis Roberts
Website : www.ciraltos.com
Version : 1.0.0.0 Initial Build
#>
[CmdletBinding()]
param (
[Parameter (Mandatory = $true)]
[string] $adGroupName,
[Parameter (Mandatory = $true)]
[string] $wvdTenantName,
[Parameter (Mandatory = $true)]
[string] $wvdHostPoolName,
[Parameter (Mandatory = $true)]
[string] $wvdAppGroupName
)
# Verify WVD and AD module
$reqModule = @('ActiveDirectory', 'Microsoft.RDInfra.RDPowershell')
foreach ($module in $reqModule) {
if (Get-Module -ListAvailable -Name $module) {
Import-Module $module
Write-Host "Module $module imported"
}
else {
Write-Host "Module $module does not exist. Install module and try again" -ForegroundColor Red
exit
}
}
# Verify the user is logged in
$rdsContext = get-rdscontext -ErrorAction SilentlyContinue
if ($rdsContext -eq $null) {
try {
Write-host "Use the login window to connect to WVD" -ForegroundColor Red
Add-RdsAccount -ErrorAction Stop -DeploymentUrl "https://rdbroker.wvd.microsoft.com"
}
catch {
$ErrorMessage = $_.Exception.message
write-host ('Error logging into the WVD account ' + $ErrorMessage)
exit
}
}
# Create user list and target list array
$adGroupUsers = @()
$appGroupUsers = @()
# Get the list of AD Group and WVD App Group users
try {
$adGroupUsers = (Get-ADGroupMember -identity $adGroupName -Recursive | ForEach-Object { Get-ADUser $_.SamAccountName } | Select-Object userPrincipalName).userPrincipalName
$appGroupUsers = (Get-RdsAppGroupUser -TenantName $wvdTenantName -HostPoolName $wvdHostPoolName -AppGroupName $wvdAppGroupName).UserPrincipalName
}
catch {
$ErrorMessage = $_.Exception.message
Write-Host ("Error building list of users: " + $ErrorMessage)
Break
}
# Logic to check if source users are part of the target group, add them if not
foreach ($adGroupUser in $adGroupUsers) {
# If user is in the AD Group and the App group, do nothing
if ($appGroupUsers -contains $adGroupUser) {
Write-Host ("$adGroupUser was found in the targetUsers list")
}
# If user is in the AD Group and not in the WVD App Group, add them
elseif ($appGroupUsers -notcontains $adGroupUser) {
try {
Add-RdsAppGroupUser -ErrorAction Stop -TenantName $wvdTenantName -HostPoolName $wvdHostPoolName -AppGroupName $wvdAppGroupName -UserPrincipalName $adGroupUser
Write-Host ("$adGroupUser not found in $wvdAppGroupName, adding to App Group $wvdAppGroupName")
}
Catch {
$ErrorMessage = $_.Exception.message
Write-Host ("Error adding user $adGroupUser to the target group. Message:" + $ErrorMessage)
}
}
}
# Logic to remove user from the App Group if they are not part of the AD Group
foreach ($appGroupUser in $appGroupUsers) {
# If ths users are in the WVD App Group, but not in the AD Group, remove them from the App Group
if (($adGroupUsers) -notcontains $appGroupUser) {
try {
Remove-RdsAppGroupUser -ErrorAction Stop -TenantName $wvdTenantName -HostPoolName $wvdHostPoolName -AppGroupName $wvdAppGroupName -UserPrincipalName $appGroupUser
Write-Host ("$appGroupUser was not found in AD Group $adGroupName, removed from $wvdAppGroupName")
}
catch {
$ErrorMessage = $_.Exception.message
Write-Host ("Error removing $appGroupUser from $targetGroup Message:" + $ErrorMessage)
}
}
}