[Last Call] Learn how to a build a cloud-first strategyRegister Now

x
?
Solved

How do I Use Powershell to create Multiple Global, Domain Local, and Universal Distribution Active Directory Groups?

Posted on 2009-04-21
4
Medium Priority
?
2,367 Views
Last Modified: 2012-05-06
Hello All,

I am absolutely new to PowerShell and I am trying to get up to speed. I am trying to find or create a script that would look in a .CSV file and create (approx 400) Domain Local groups. I would like to repeat the process (it can be multiple scripts) for Distribution and Global Groups. Additionally, I would like to specify that the Domain Local groups be placed in an OU called "Domain Local Groups" under an OU called "Domain Groups" in our AD environment--and then place the Global Groups in a sub OU called "Global Groups" under an OU called "Domain Groups", and the Universal Distribution Groups be placed in a sub OU called "Distribution Groups" under an OU called "Domain Groups".

Thanks in advance for everyone's help and patience!!
0
Comment
Question by:brianroma
  • 2
  • 2
4 Comments
 
LVL 71

Accepted Solution

by:
Chris Dent earned 2000 total points
ID: 24202588

Hey,

The first thing I'd do is grab the PowerShell CmdLets from Quest here (they're free):

http://www.quest.com/powershell/

Once you have that you can pipe your CSV or text file into the New-QADGroup command.

For example. If you had a list in a text file which looked like this:

Group 1
Group 2
Group 3

The command could look something like this:

$OU = "OU=Distribution Groups,OU=Domain Groups,DC=yourdomain,DC=com"
$GroupType = "Distribution"
$GroupScope = "Universal"

Get-Content "TextFile.txt" | %{ `
  New-QADGroup -Name $_ -ParentContainer $OU -GroupType $GroupType -GroupScope $GroupScope }

Where $_ is the current object in the pipeline, in this case a line in the text file. You can also import from a CSV file in much the same way.

Full syntax for the New-QADGroup command can be viewed with "Get-Help New-QADGroup -Detailed | more".

Note that this doesn't cover mail enabling groups if that is a requirement. You'd have to let us know the version of Exchange for that, and it's only easy in PowerShell if it's Exchange 2007.

Chris
0
 

Author Comment

by:brianroma
ID: 24206189
Thanks for the fast response, Chris!!


OK, I took the following steps on a DC in our test environment:

Installed .Net Framework 3.5 Service Pack 1

Rebooted

Installed .net hotfix

Rebooted

Installed Powershell (Enabled feature in server management console)

Installed 64 bit version of Quest cmdlets

Installed PowerGUI



I then modified your script. It now looks like:


$OU = "OU=Distribution Groups,OU=Domain Groups,DC=MUDTEST,DC=com"
$GroupType = "Distribution"
$GroupScope = "Universal"

Get-Content "DistroGroupsList.txt" | %{ `
  New-QADGroup -Name $_ -ParentContainer $OU -GroupType $GroupType -GroupScope $GroupScope }



the list file looks like this:


Information Technology-DistroU
Infrastructure-DistroU
Business Systems-DistroU
Quality Assurance-DistroU
Project Management-DistroU





I got the following error:



The argument cannot be null or empty.
At :line:6 char:20
+   New-QADGroup -Name <<<<  $_ -ParentContainer $OU -GroupType $GroupType -GroupScope $GroupScope }
0
 
LVL 71

Assisted Solution

by:Chris Dent
Chris Dent earned 2000 total points
ID: 24206250

It'll get upset if you have blank lines in there, it's quite a rough way of doing it.

We check for that like this:

Get-Content "DistroGroupsList.txt" | %{ If ($_ -ne "") { `
  New-QADGroup -Name $_ -ParentContainer $OU -GroupType $GroupType -GroupScope $GroupScope } }

Or we could treat it as a CSV file. e.g.

File (FileName.csv):

GroupName
Information Technology-DistroU
Infrastructure-DistroU
Business Systems-DistroU
Quality Assurance-DistroU
Project Management-DistroU

Import-CSV "FileName.csv" | %{ `
  New-QADGroup -Name $_.GroupName -ParentContainer $OU -GroupType $GroupType -GroupScope $GroupScope }

It's really flexible, we can do pretty much anything you want.

Chris
0
 

Author Comment

by:brianroma
ID: 24206769
Ok, thanks!!

I used:

Get-Content "DistroGroupsList.txt" | %{ If ($_ -ne "") { `
  New-QADGroup -Name $_ -ParentContainer $OU -GroupType $GroupType -GroupScope $GroupScope } }

And it works like a champ!!


My syntax for domain local file permission security groups (which works)--in case other people are learning this as well:


$OU = "OU=File Access Groups,OU=Domain Groups,DC=MUDTEST,DC=com"
$GroupType = "Security"
$GroupScope = "DomainLocal"

Get-Content "FileAccessGroupList.txt" | %{ If ($_ -ne "") { `
  New-QADGroup -Name $_ -ParentContainer $OU -GroupType $GroupType -GroupScope $GroupScope } }
0

Featured Post

Creating Active Directory Users from a Text File

If your organization has a need to mass-create AD user accounts, watch this video to see how its done without the need for scripting or other unnecessary complexities.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

A project that enables an administrator to perform actions within a user session context not just at the time of login but any time later on day(s) or week(s) later.
In previous parts of this Nano Server deployment series, we learned how to create, deploy and configure Nano Server as a Hyper-V host. In this part, we will look for a clustering option. We will create a Hyper-V cluster of 3 Nano Server host nodes w…
Exchange organizations may use the Journaling Agent of the Transport Service to archive messages going through Exchange. However, if the Transport Service is integrated with some email content management application (such as an antispam), the admini…
Screencast - Getting to Know the Pipeline

830 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question