The following script check if some AD users are a member of local group, what sqlserver agent group do they have, and grant the group the role. foreach ($sqlserver in "servername1","servername2") { echo $sqlserver invoke-command -computername $sqlserver -scriptblock {get-localgroupmember -name TCCSDBwriter*|format-list -property name|findstr /I "vaketi amohamme dmorad"} &sqlcmd -S $sqlserver -i query_agentjob_role.sql -Y 40 &sqlcmd -S $sqlserver -i grant_agentjob_role.sql } The query_agentjob_role.sql: SELECT DP1.name AS DatabaseRoleName, isnull (DP2.name, 'No members') AS DatabaseUserName FROM msdb.sys.database_role_members AS DRM RIGHT OUTER JOIN msdb.sys.database_principals AS DP1 ON DRM.role_principal_id = DP1.principal_id LEFT OUTER JOIN msdb.sys.database_principals AS DP2 ON DRM.member_principal_id = DP2.principal_...