For licensed software applications i have always used AD Security groups to manage license compliance, i create an AD Group for each piece of licensed software and set AD Description with the maximum amount of machines to be added.
Checking these groups manually for license compliance is tedious, so ive written the below script and placed it within a scheduled task to notify by email if groups exceed their count.
Script:
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| ############################################################################################################################ | |
| ## Script: Script will alert if membership exceeds limits set for each group and email. | |
| ## Author: dpadgett | |
| ## Date: 08/11/16 | |
| ## Usage: Fill email details, and values for each AD group you want to monitor followed by the maximum allowed member count | |
| ############################################################################################################################ | |
| #Setting Global Variables for script# | |
| $smtpserver = "mailserver" | |
| $recipients = "email1","email2","email3" | |
| $senderaddress = "senderaddress" | |
| try | |
| { | |
| Import-Module ActiveDirectory | |
| $body = "" | |
| $groups = @{"ADGroup1" = 5; | |
| "ADGroup2" = 6; | |
| "ADGroup3 = 15; | |
| } | |
| $groups.GetEnumerator() | % { | |
| $members = Get-ADGroupMember $_.Key | % { Get-ADComputer $_ -prop Description } | |
| if ($members.Count -gt $_.Value) | |
| { | |
| $memString = Out-String -InputObject $($members | select Name, Description| ft) | |
| $body = $body + | |
| @" | |
| The Software Group $($_.Key) , is out of compliance , please evaluate memberships. | |
| The maximum allowed count for $($_.Key) is : $($_.Value) | |
| The current count for $($_.Key) is: $($members.count) | |
| $memString | |
| **************************************************************************************** | |
| "@ | |
| } | |
| } | |
| if ($body -ne "") | |
| { | |
| Send-MailMessage -SmtpServer $smtpserver -To $recipients -From $senderaddress -Subject "Software Licenses are Not Compliant!" -Body $body | |
| } | |
| else | |
| { | |
| $body = "All Licensing is Compliant" | |
| Send-MailMessage -SmtpServer $smtpserver -To $recipients -From $senderaddress -Subject "License compliance is OK!" -Body $body | |
| } | |
| } | |
| Catch | |
| { | |
| $body = $_.exception.message | |
| Write-Host $body | |
| Send-MailMessage -SmtpServer $smtpserver -To $recipients -From $senderaddress -Subject "license script broken, please check script" -Body $body | |
| } | |
Exec|Mgr 