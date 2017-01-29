Q. How can I check for a switch using PowerShell?

A. I recently had to create a script that enabled a user to be specified then had to be added to two groups which represented the target location for access and a VLAN. Based on these values two group names were generated (based on a standard) then the user added to them. The groups already existed for all the possible locations and VLANs. After being passed the values a check is performed to ensure they exist. I also wanted the option to remove a user from the groups which is accomplished via a single switch RemoveMember. Then in the code you can check if the switch is passed using RemoveMember.IsPresent. Below is the full script.

<#

.SYNOPSIS

Enables a user for a VLAN for a specific location

.DESCRIPTION

Enables a user for a VLAN for a specific location

.PARAMETER Username

User name

.PARAMETER VLAN

User vlan

.PARAMETER Location

User location

.PARAMETER RemoveMember

User RemoveMember

.EXAMPLE

EnableVLANUser johnsav 99 DAL

#>

[cmdletbinding()]

Param(

[Parameter(ValuefromPipeline=$true,Mandatory=$true)][string]$username,

[Parameter(ValuefromPipeline=$true,Mandatory=$true)][string]$vlan,

[Parameter(ValuefromPipeline=$true,Mandatory=$true)][string]$loc,

[Parameter(ValuefromPipeline=$false,Mandatory=$false)][switch]$RemoveMember)



#Check if the entries are valid



$vlangroupname = "VLAN" + $vlan + "GRP"

$locgroupname = "LOC" + $loc + "VLGRP"



$userobj = Get-ADUser -LDAPFilter "(SAMAccountName=$username)"

$vlanobj = Get-ADGroup -LDAPFilter "(SAMAccountName=$vlangroupname)"

$locobj = Get-ADGroup -LDAPFilter "(SAMAccountName=$locgroupname)"



$errorFound = $false



if ($userobj -eq $null) {"User not valid";$errorFound = $true}

if ($vlanobj -eq $null) {"VLAN not valid";$errorFound = $true}

if ($locobj -eq $null) {"Location not valid";$errorFound = $true}



if(!$errorFound)

{

Write-Verbose "Looking good and adding user to groups"



if($RemoveMember.IsPresent) #if removing

{

$userobj | Remove-ADPrincipalGroupMembership -MemberOf $vlanobj -Confirm:$false

$userobj | Remove-ADPrincipalGroupMembership -MemberOf $locobj -Confirm:$false

}

else #if adding

{

$userobj | Add-ADPrincipalGroupMembership -MemberOf $vlanobj

$userobj | Add-ADPrincipalGroupMembership -MemberOf $locobj

}

}

Usage is as follows to add:

.\EnableVLANUser.ps1 johnsav 100 DAL

To remove:

.\EnableVLANUser.ps1 johnsav 100 DAL –RemoveMember