Update

Author: Deyda

Active Directory/Microsoft-CleanADGroupMembers.ps1

@@ -0,0 +1,157 @@
+#requires -modules ActiveDirectory
+<#
+.SYNOPSIS
+  Clean out disabled user accounts from a selected AD Group
+.DESCRIPTION
+  This script provides a GUI to quickly clean an existing AD group from disabled user accounts, optionally recursive
+.PARAMETER <Parameter_Name>
+    None
+.INPUTS
+  AD Domain, Source AD group, Recursive
+.OUTPUTS
+  CSVFile with cleaned out users
+.NOTES
+  Version:        1.0
+  Author:         Bart Jacobs - @Cloudsparkle
+  Creation Date:  30/09/2020
+  Purpose/Change: Clean AD group of disabled user accounts
+ .EXAMPLE
+  None
+#>
+
+#Custom function to get Recursive AD Group Members
+function Get-ADGroupMemberRecursive
+{
+  [CmdletBinding()]
+  param
+    (
+      [parameter(Mandatory = $true )]
+      [string]$Identity,
+      [string]$Server
+    )
+
+  $RecMembers = Get-ADGroupMember -Identity $Identity -Server $Server
+
+  foreach($RecMember in $RecMembers)
+    {
+      $RecMember
+
+      if( $RecMember.objectClass -eq 'group' )
+      {
+        Get-ADGroupMemberRecursive -Identity $RecMember.SID -Server $Server
+      }
+    }
+}
+
+#Making sure we can have those fancy messageboxes working...
+Add-Type -AssemblyName PresentationFramework
+
+#Check for running as administrator, if not: exit
+Write-Host "Checking for elevated permissions..."
+if (-NOT ([Security.Principal.WindowsPrincipal] [Security.Principal.WindowsIdentity]::GetCurrent()).IsInRole([Security.Principal.WindowsBuiltInRole] "Administrator"))
+  {
+    [System.Windows.MessageBox]::Show("Insufficient permissions to run this script. Open the PowerShell console as an administrator and run this script again.","Error","OK","Error")
+    exit 1
+  }
+else
+  {
+    Write-Host "Code is running as administrator — go on executing the script..." -ForegroundColor Green
+  }
+
+#Initialize variables
+$SelectedDomain = ""
+$ADGroup = ""
+$Subgroupname = ""
+$ToCleanGroup = ""
+$CSVFile = "c:\temp\DisabledAccountsCleaned.csv"
+$csvContents = @() # Create the empty array that will eventually be the CSV file
+
+#Get the AD DomainName
+$ADForestInfo = Get-ADForest
+$SelectedDomain = $ADForestInfo.Domains | Out-GridView -Title "Select AD Domain" -OutputMode Single
+
+#Check for a valid DomainName
+if ($SelectedDomain -eq $null)
+  {
+    [System.Windows.MessageBox]::Show("AD Domain not selected","Error","OK","Error")
+    exit 1
+  }
+
+#Find the right AD Domain Controller
+$dc = Get-ADDomainController -DomainName $SelectedDomain -Discover -NextClosestSite
+
+#Get all groups and select the group to clean
+$ADGroupList = Get-ADGroup -filter * -Server $SelectedDomain | sort name | select Name
+$ADGroup = $ADGroupList | Out-GridView -Title "Select the AD Group that needs cleaning" -OutputMode Single
+
+#Basic checks for selecte groups
+if ($ADGroup -eq $null)
+  {
+    [System.Windows.MessageBox]::Show("Source group not selected","Error","OK","Error")
+    exit 1
+  }
+
+#Ask for
+$DoRecursive = [System.Windows.MessageBox]::Show('Do you want to clean subgroups too?','Run recursive?','YesNo','Question')
+
+#Fetch all members from selecte source group
+if ($DoRecursive -eq "Yes")
+  {
+    #write-host "Recursive Mode"
+    $members = Get-ADGroupMemberRecursive -Identity $ADGroup.Name -Server $dc.HostName[0]
+  }
+Else
+  {
+    #write-host "Non-Recursive Mode"
+    $members = Get-ADGroupMember -Identity $ADGroup.Name -Server $dc.HostName[0]
+  }
+
+#Try to clean the selected AD Group
+Try
+  {
+    foreach ($member in $members)
+      {
+        If ($member.objectClass -eq "group")
+          {
+            $Subgroupname = $member.SamAccountName
+          }
+        Else
+          {
+            $ADUSer = get-aduser -Identity $member
+            if ($ADUSer.Enabled -eq $False)
+              {
+                if ($Subgroupname -eq "")
+                  {
+                    $ToCleanGroup = $ADGroup.Name
+                  }
+                Else
+                  {
+                    $ToCleanGroup = $Subgroupname
+                  }
+
+                #uncomment below for rolling output
+                #write-host $member.SamAccountName, $ToCleanGroup
+                Remove-ADGroupMember -Identity $ToCleanGroup -Members $member.samaccountname -Confirm:$False
+
+                #Get the CSV data ready
+                $row = New-Object System.Object # Create an object to append to the array
+                $row | Add-Member -MemberType NoteProperty -Name "Account" -Value $member.SamAccountName
+                $row | Add-Member -MemberType NoteProperty -Name "GroupName" -Value $ToCleanGroup
+
+                $csvContents += $row # append the new data to the array#
+              }
+          }
+      }
+
+    #Write the CSV output
+    $csvContents | Export-CSV -path $CSVFile -NoTypeInformation
+
+    $message = "The AD Group " + $ADGroup.name + " has been cleaned."
+    [System.Windows.MessageBox]::Show($message,"Finished","OK","Asterisk")
+
+  }
+Catch
+  {
+    [System.Windows.MessageBox]::Show("AD Group cleaning failed","Error","OK","Error")
+    exit 1
+  }

Active Directory/Microsoft-CopyADGroupMembers.ps1

@@ -0,0 +1,81 @@
+#requires -modules ActiveDirectory
+<#
+.SYNOPSIS
+  Copy AD group members from one AD group to another AD group in the same domain
+.DESCRIPTION
+  This script provides a GUI to quickly copy AD group members to another existing group in the same domain. Multi-domain forests are supported, the script will query for the AD domain.
+.PARAMETER <Parameter_Name>
+    None
+.INPUTS
+  AD Domain, Source AD group, Destination AD Group
+.OUTPUTS
+  None
+.NOTES
+  Version:        1.1
+  Author:         Bart Jacobs - @Cloudsparkle
+  Creation Date:  09/03/2020
+  Purpose/Change: Copy AD Group members to another group
+
+.EXAMPLE
+  None
+#>
+
+#Initialize variables
+$SelectedDomain = ""
+$SourceGroup = ""
+$DestinationGroup = ""
+
+Add-Type -AssemblyName PresentationFramework
+
+#Get the AD DomainName
+$ADForestInfo = Get-ADForest
+$SelectedDomain = $ADForestInfo.Domains | Out-GridView -Title "Select AD Domain" -OutputMode Single
+
+#Check for a valid DomainName
+if ($SelectedDomain -eq $null)
+  {
+    [System.Windows.MessageBox]::Show("AD Domain not selected","Error","OK","Error")
+    exit
+  }
+
+#Find the right AD Domain Controller
+$dc = Get-ADDomainController -DomainName $SelectedDomain -Discover -NextClosestSite
+
+#Get all groups from selected and select source and destination groups
+$ADGroupList = Get-ADGroup -filter * -Server $SelectedDomain | sort name | select Name
+$SourceGroup = $ADGroupList | Out-GridView -Title "Select the AD Group Name who's members needs to be copied" -OutputMode Single
+$DestinationGroup = $ADGroupList | Out-GridView -Title "Select the AD Group Name that needs to be populated" -OutputMode Single
+
+#Basic checks for selecte groups
+if ($SourceGroup -eq $null)
+  {
+    [System.Windows.MessageBox]::Show("Source group not selected","Error","OK","Error")
+    exit 1
+  }
+
+if ($DestinationGroup -eq $null)
+  {
+    [System.Windows.MessageBox]::Show("Destination group not selected","Error","OK","Error")
+    exit 1
+  }
+
+if ($SourceGroup -eq $DestinationGroup)
+  {
+    [System.Windows.MessageBox]::Show("Source and Destination groups can not be the same","Error","OK","Error")
+    exit 1
+  }
+
+#Fetch all members from selecte source group
+$member = Get-ADGroupMember -Identity $SourceGroup.Name -Server $dc.HostName[0]
+
+#Try to populate the selected destination group with members
+Try
+  {
+    Add-ADGroupMember -Identity $DestinationGroup.name -Members $member -Server $dc.HostName[0]
+    $message = "Members of AD Group " + $SourceGroup.name + " have been copied to AD Group " + $DestinationGroup.Name
+    [System.Windows.MessageBox]::Show($message,"Finished","OK","Asterisk")
+  }
+Catch
+  {
+    [System.Windows.MessageBox]::Show("AD Group membership copy failed","Error","OK","Error")
+  }

Windows/Microsoft-ProfileCleaner.ps1

@@ -0,0 +1,99 @@
+Param
+  (
+    [switch]$RunOnce = $False
+  )
+<#
+.SYNOPSIS
+  Clean up (partial) local profiles that are not in use anymore.
+.DESCRIPTION
+  This script provides a way to delete local (copies) of user profiles that are not in use anymore. There is an option to exclude specified accounts. Special accounts like SYSTEM are always excluded
+.PARAMETER RunOnce
+  By default, the script will loop continuously, use this parameter to run it only once
+.INPUTS
+  None
+.OUTPUTS
+  Logfile
+.NOTES
+  Version:        1.0
+  Author:         Bart Jacobs - @Cloudsparkle
+  Creation Date:  17/04/2020
+  Purpose/Change: Remove obsolete local profiles
+
+.EXAMPLE
+  None
+#>
+
+# Usernames to be excluded
+$Exclusions = "P-SVC-ACCOUNT1, P-SVC-ACCOUNT2"
+$Exclusions = $Exclusions.tolower()
+
+# Set the output folder for the logfile
+$currentDir = Split-Path $MyInvocation.MyCommand.Path
+$outputdir = $currentDir
+
+# Set the filename for the logfile
+$logfilename = "ProfilesDeleted.txt"
+
+# Path and filename for logfile
+$logfile = Join-Path $outputdir $logfilename
+
+# Script loop
+while ($true)
+{
+  # Write-host "Starting scriptloop"
+  Try {$profiles = Get-WmiObject -Class Win32_UserProfile}
+  Catch
+    {
+    Write-Warning "Failed to retreive user profiles"
+    Exit 1
+    }
+
+  ForEach ($profile in $profiles)
+  {
+  # Retreiving profiledata
+  $sid = New-Object System.Security.Principal.SecurityIdentifier($profile.SID)
+  $account = $sid.Translate([System.Security.Principal.NTAccount])
+  $accountDomain = $account.value.split("\")[0]
+  $accountName = $account.value.split("\")[1]
+  $profilePath = $profile.LocalPath
+  $loaded = $profile.Loaded
+  $special = $profile.Special
+  $excluded = $false
+
+  # Convert the accountname to lower, to match the exclusions
+  $accountname = $accountname.tolower()
+
+  if ($Exclusions.Contains($accountName))
+    {
+    $excluded = $true
+    }
+
+  if (-Not $loaded -and -not $special -and -not $excluded)
+    {
+    Try
+      {
+      $profile.Delete()
+      # Write-Host "Profile deleted successfully" -ForegroundColor Green
+      $logEntry = ((Get-Date -uformat "%D %T") + " - Profile deleted successfully: " + $accountname)
+	    $logEntry | Out-File $logFile -Append
+      }
+    Catch
+      {
+      Write-Host "Error deleting profile" -ForegroundColor Red
+      write-host $accountName -ForegroundColor Red
+      $logEntry = ((Get-Date -uformat "%D %T") + " - ERROR Deleting profile: " + $accountname)
+	    $logEntry | Out-File $logFile -Append
+      }
+    }
+  }
+
+  if ($RunOnce -eq $True)
+  {
+  write-host "Running Once, exiting now"
+  Exit 0
+  }
+
+  #Sleeping 30 seconds before the next run
+  Write-Host "Sleeping..."
+  start-sleep -s 30
+}