Summary

This script was made for the purpose of creating local user groups based off of existing JumpCloud User Groups. A usage example would be creating local network shares on a workstation/server

Basic Usage

  • The PowerShell Module is required to run this script
  • Save the script to a location
  • Edit the $userGroupName and $api_key variables with your desired group name and organization API key
  • In a PowerShell terminal window, run the script ~/Path/To/Scrpt/filename.ps1

Additional Information

This script strictly adds users to the local user groups, it does not check if previous users that were added are no longer in the group.

Script

$userGroupName = "UserGroupName"

# Input organization's API key
$api_key = "apiKeyHere"

# Validate the script is being run with admin permissions
Write-Host "Checking for elevated permissions..."
if (-NOT ([Security.Principal.WindowsPrincipal] [Security.Principal.WindowsIdentity]::GetCurrent()).IsInRole(`
          [Security.Principal.WindowsBuiltInRole] "Administrator")) {
    Write-Warning "Insufficient permissions to run this script. Open the PowerShell console as an administrator and run this script again."
    Break
}
else {
    Write-Host "Code is running as administrator — go on executing the script..." -ForegroundColor Green
}

# Connect to PowerShell module
Connect-JCOnline -force $api_key

# Gets the User Group information based off of inputted name
try {
    $userGroup = Get-JCGroup -type User -Name $userGroupName
}
catch {
    Write-Host "An error occurred:"
    Write-Host $_
    Break
}


# Create a local group using the JumpCloud's UserGroup's description and name
if (Get-LocalGroup -Name $userGroupName -erroraction 'silentlycontinue') {
    Write-Host "The local group $($userGroup.name) already exists on the local machine `n" -ForegroundColor Green
}else {
    New-LocalGroup -Name $userGroup.name
    Write-Host "Created new Local Group $($userGroup.name) `n" -ForegroundColor Green
}

# Gets list of members of the specified user group
$userGroupMembers = $userGroup | Get-JCUserGroupMember

# Logging variables
$successUsers = "The following users were successfully added to $($userGroup.name): "
$existingUsers = "The following users already exist in local group $($userGroup.name): "
$failedUsers = "The following users were unable to be added with associated reason(s): "

# Add users to created Local Group
try {
    $userGroupMembers | 
    ForEach-Object { 
        # Validate the local user exists
        if (Get-LocalUser -Name $_.Username -erroraction 'silentlycontinue') {
            # Validate if the local user already belongs to the local group
            if (Get-LocalGroupMember -Group $userGroup.name -Member $_.Username -erroraction 'silentlycontinue') {
                $existingUsers += "`n $($_.Username)"
            }else {
                # Add the local user to the local group
                Add-LocalGroupMember -Group $userGroup.name -Member $_.Username
                $successUsers += "`n $($_.Username)"
            }
        }else {
            $failedUsers += "`n $($_.Username) - not bound to the local machine"
        }
    }
    $successUsers + "`n"
    $existingUsers + "`n"
    $failedUsers + "`n"
}
catch {
    Write-Host "An error occurred:"
    Write-Host $_
}
Tags:
[ powershell  windows  groups  automation  ]