tbennett35
asked on
AD Management via Powershell
Hi,
Is there a way to add one AD universal group to another, in the same domain? I know there's a way to do this where both groups are Exchange mail enabled groups, because I would use get-distributiongroup/add-
Is there a way to add one AD universal group to another, in the same domain? I know there's a way to do this where both groups are Exchange mail enabled groups, because I would use get-distributiongroup/add-
Joseph Daly
Have you taken a look at the get-group cmdlet?
Perhaps the simplest way is to grab Quest's AD CmdLets:
http://www.quest.com/powershell/activeroles-server.aspx
Then you can use:
Add-QADGroupMember "Group" -Member "GroupToAdd"
It's entirely possible without if that isn't an option.
Chris
ASKER
I have, and I can get the details of the group I want to add to, but I'm unsure how to then pipe another group name in. I was thinking the powershell would have been somethign like:
get-group "group 1" | add-member -name "group 2".
I know this code specifically won't work, but this is the sort of thing I'm trying to achieve (i.e. add group 2 as a member of group 1), in a reasonably simplistic piece of coding.
get-group "group 1" | add-member -name "group 2".
I know this code specifically won't work, but this is the sort of thing I'm trying to achieve (i.e. add group 2 as a member of group 1), in a reasonably simplistic piece of coding.
For AD Management your choices are:
1. Quest CmdLets
2. MS AD CmdLets (requires web service: http://blogs.msdn.com/b/adpowershell/archive/2009/09/18/active-directory-management-gateway-service-released-to-web-manage-your-windows-2003-2008-dcs-using-ad-powershell.aspx). But you'll still need either Win 7 or 2008 R2 to run the module.
3. Native System.DirectoryServices. e.g.
([ADSI]"LDAP://$((Get-Grou
Not exactly obvious...
Chris
ASKER
Thanks Chris-Dent, I had seen may references to these cmdlets during my search prior to posting, but I dismissed them as I suspected (knowing Quest usually) that they were either not free or part of Quest Active Roles.
If these will work, great, however are we saying that what I want to achieve isn;t possible via standard powershell?
If these will work, great, however are we saying that what I want to achieve isn;t possible via standard powershell?
ASKER
the Quest extensions work a treat, however one more question has arisen from that. The task I want to perform is part of a larger script which does stuff like address list creation for exchange in a multi tenant environment. When I type -get-qad' from an exchange shell, this cmdlet isnt recognised. Didn't try it teh otehrway round (i.e. exchange commands from the shell available by the link that quest drops on the start menu). Is there any way of rigging paths or something, so i can run all command s in one big script via either shell? (sorry, just learning powershell)
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
Top quality answer. Many thanksfor your help.