Skip navigation
Menu
Check for a switch with PowerShell script
End-User Platforms>PowerShell

Check for a switch with PowerShell script

Q. How can I check for a switch using PowerShell?

A. I recently had to create a script that enabled a user to be specified then had to be added to two groups which represented the target location for access and a VLAN. Based on these values two group names were generated (based on a standard) then the user added to them. The groups already existed for all the possible locations and VLANs. After being passed the values a check is performed to ensure they exist. I also wanted the option to remove a user from the groups which is accomplished via a single switch RemoveMember. Then in the code you can check if the switch is passed using RemoveMember.IsPresent. Below is the full script.

<#
.SYNOPSIS
Enables a user for a VLAN for a specific location
.DESCRIPTION
Enables a user for a VLAN for a specific location
.PARAMETER Username
User name
.PARAMETER VLAN
User vlan
.PARAMETER Location
User location
.PARAMETER RemoveMember
User RemoveMember
.EXAMPLE
EnableVLANUser johnsav 99 DAL
#>
[cmdletbinding()]
Param(
[Parameter(ValuefromPipeline=$true,Mandatory=$true)][string]$username,
[Parameter(ValuefromPipeline=$true,Mandatory=$true)][string]$vlan,
[Parameter(ValuefromPipeline=$true,Mandatory=$true)][string]$loc,
[Parameter(ValuefromPipeline=$false,Mandatory=$false)][switch]$RemoveMember)

#Check if the entries are valid

$vlangroupname = "VLAN" + $vlan + "GRP"
$locgroupname = "LOC" + $loc + "VLGRP"

$userobj = Get-ADUser -LDAPFilter "(SAMAccountName=$username)" 
$vlanobj = Get-ADGroup -LDAPFilter "(SAMAccountName=$vlangroupname)"
$locobj = Get-ADGroup -LDAPFilter "(SAMAccountName=$locgroupname)"

$errorFound = $false

if ($userobj -eq $null) {"User not valid";$errorFound = $true}
if ($vlanobj -eq $null) {"VLAN not valid";$errorFound = $true}
if ($locobj -eq $null) {"Location not valid";$errorFound = $true}

if(!$errorFound)
{
    Write-Verbose "Looking good and adding user to groups"
    
    if($RemoveMember.IsPresent) #if removing
    {
        $userobj | Remove-ADPrincipalGroupMembership -MemberOf $vlanobj -Confirm:$false
        $userobj | Remove-ADPrincipalGroupMembership -MemberOf $locobj -Confirm:$false
    }
    else #if adding
    {
        $userobj | Add-ADPrincipalGroupMembership -MemberOf $vlanobj
        $userobj | Add-ADPrincipalGroupMembership -MemberOf $locobj
    }
}

Usage is as follows to add:

.\EnableVLANUser.ps1 johnsav 100 DAL

To remove:

.\EnableVLANUser.ps1 johnsav 100 DAL –RemoveMember

Hide comments

More information about text formats

Comments

  • Allowed HTML tags: <em> <strong> <blockquote> <br> <p>

Plain text

  • No HTML tags allowed.
  • Web page addresses and e-mail addresses turn into links automatically.
  • Lines and paragraphs break automatically.
Publish
Recommended Reading
Cute Conversational copilot AI robot with speech bubble, 3d rendering
Getting Started Using GitHub Copilot for PowerShell Scripting
Apr 23, 2024
Visual Studio Code logo close-up on website page
Exploring Visual Studio Code as a PowerShell ISE Alternative
Apr 19, 2024
Text caption presenting Password Cracking on a button on top of a keyboard
Using PowerShell for Brute-Force Password Cracking (Example Script)
Apr 17, 2024
Cogwheels or gears on blue background
How To Use PowerShell for Automated Event Response
Apr 11, 2024