Powershell script at startup

Question

I have a PS script in a startup GPO (computer). This script moves some AD objects on OU and Security Group depending on the computer name.

For example, a computer name starting by P113301 will be member of a specific security group. And it moves to a specific OU depending of the IP (OU represents physical sites)

My script works like a charm locally on every computer, but not in the GPO. I think this is because the GPO is launch by local account and have no right on the domain.

I tried to change credentials (specific with elevated rights on domain), and it works again locally but not by GPO again.

My script is here. Have you an idea what i can do to make it work, or pearhaps have you an idea to achieve my goal. For information : no way for me to use GPO logon user, i want the process to start when the computer is turned on

$IP = $NULL
$ComputerName = $NULL
$CompObj = $NULL
$ComputerOU = $NULL
$ComputerDN = $NULL
$DestinationDN = $NULL


$GSFIXES = "CN=balbalbal_fixes, DC=balbla,DC=local"
$GSLAPTOPS = "CN=balbalbal_laptops, DC=balbla,DC=local"


$BIGANOSIPRange = "\b(?:(?:192)\.\b(?:(?:168)\.)\b(?:(?:36)\.|\b(?:(?:37)\.|\b(?:(?:38)\.|\b(?:(?:39))))))"
$SIEGEIPRange = "\b(?:(?:192)\.\b(?:(?:168)\.)\b(?:(?:4)\.|\b(?:(?:5)\.|\b(?:(?:6)\.|\b(?:(?:7))))))"


$BIGANOSDN = "OU=BIGANOS,DC=balbla,DC=local"
$SIEGEDN = "OU=SIEGE,DC=balbla,DC=local"


    $versionOS = (Get-WmiObject Win32_OperatingSystem).Version
    if ($versionOS.StartsWith("10")) {


    trap [System.Net.Sockets.SocketException] { continue; }


    $ComputerName = [system.environment]::MachineName
    $ComputerDN = ([ADSISEARCHER]”sAMAccountName=$($env:COMPUTERNAME)$”).FindOne().Path
    $CompObj = [ADSI]”$ComputerDN”
    $ComputerOU = ($ComputerDN -split $ComputerName + ",")[-1]


    $FixesMember = new-object DirectoryServices.DirectorySearcher([ADSI]"")
    $Fixesmember.filter = “(&(objectClass=computer)(sAMAccountName=$Computername$)(memberof=$GSFIXES))”
    $FixesMemberResult = $Fixesmember.FindOne()
    $LaptopsMember = new-object DirectoryServices.DirectorySearcher([ADSI]"")
    $Laptopsmember.filter = “(&(objectClass=computer)(sAMAccountName=$Computername$)(memberof=$GSLAPTOPS))”
    $LaptopsMemberResult = $Laptopsmember.FindOne()

    if (($FixesMemberResult) -OR ($LaptopsMemberResult))
    {}
    Else {
    if ($ComputerName.StartsWith("S113301"))  {
    $group = [ADSI]”LDAP://$($GSFIXES)”
    $machine = [ADSI]$ComputerDN
    $group.Add($machine.Path)
    }
    if ($ComputerName.StartsWith("P113301"))  {
    $group = [ADSI]”LDAP://$($GSLAPTOPS)”
    $machine = [ADSI]$ComputerDN
    $group.Add($machine.Path)
    }
    }

    $IP = Get-WmiObject Win32_NetworkAdapterConfiguration -Filter 'IPEnabled=TRUE' | Select-Object -ExpandProperty IPAddress | Where-Object { $_ -notlike "192.*" -and $_ -notlike "169.*" -and $_ -notlike "127.*" -and $_ -notlike "10.*" -and $_ -notlike "172.*" -and $_ -notlike "*:*"} | Select -First 1

    if ($IP -match $BIGANOSIPRange) {
        $DestinationDN = $BIGANOSDN
    }
    ElseIf ($IP -match $SIEGEIPRange) {
        $DestinationDN = $SIEGEDN
    }
    Else {

        $DestinationDN = $ComputerOU    
    }

    if ($IP -ne $NULL) {
    $CompObj.psbase.MoveTo([ADSI]”LDAP://$($DestinationDN)”)
    }
    }