this is a little AddOn to my previous post: KACE SDA - Adding Clients to AD Groups during deployment

This blog will focus on an ongoing management of AD security groups. 

First i have to say the main script is written by OneScript Team.

The idea here is to use KACE SMA to have an sheduled or an adhoc script wich will assign devices to specific AD securitygroup(s). 

First we will create an online KScript like this: 

After that we have to decleare on which device(s) it should be deployed to. Here you can choose to leave it empty or using a specific smartlabel or whatever you need it for.

After that you have to add credentials of a user who has the right to add the targeted devices to the targeted AD securitygroups.

Pro Tipp: Only use Domain Administrator if you are in a lab :)  

We don't need a notification and the shedule is up to you. Maybe you wan't to run it every monday to be sure that every device is in the correct group(s). 

Necessary to check is the "Allow run without a logged-in user". 

And now the final step: Upload the VBS as dependency and configure a task (or multiple).

Of course you can do here whatever you want. Feel free to proof registry keys or whatever you like before adding a computer to an AD securitygroup. 

You can add all securitygroup names seperated by a space as an argument. So you are able to create different sets of joining ad groups in one task.