In this script, an operating system tool called klist is being called to update the machine account group memberships. It then triggers a GPO update. This would be useful where GPO security filtering has been limited to a group and new members have been added to the group for the GPO to apply to.
Consider adjusting the gpupdate call to restrict it machine or user as necessary.
param (
[Parameter (ValueFromPipeline=$true, Mandatory=$true)]
[string]$Groupname = $null
)
$TargetMachineList=get-adgroupmember $groupname | select -expand name | sort name
foreach ($compname in $TargetMachineList)
{
$online = test-connection -computername $compname -Beffersize 16 -count 1 -quiet
if ($online -like "true")
{
invoke-command -cn $compname -command {c:\windows\system32\klist -lh 0 -li 0x3e7 purge}
invoke-command -cn $compname -command {c:\windows\system32\gpupdate /force}
}
}
