Scripting new Active Directory groups

We are in the process of creating a new SharePoint site and I have spent a lot of time creating group structures. In future I want to be able to automate new 'sites' coming into SharePoint....

The Naming Convention for the SharePoint Sites in AD will always be the same and will always be located in the same OU (regardless of which domain).

We have a forest with 3 domains.

So for example a site has the following Domain Local Groups in our root Domain (BC.com)
 
DLS-B-ACL-***SITENAME***-Owners
DLS-B-ACL-***SITENAME***-Contributors
DLS-B-ACL-***SITENAME***-ReadOnly

Note B stands for BC domain
 
Then the following groups are created in the EU (EU.BC.COM) and AM (AM.BC.COM) domains, and nested to the corresponding Domain Local Security Groups in the ROOT (BC) Domain above.
 
GLS-E-ACL-***SITENAME***-Owners
GLS-E-ACL-***SITENAME***-Contributors
GLS-E-ACL-***SITENAME***-ReadOnly

Note E stands for EU domain
 
GLS-A-ACL-***SITENAME***-Owners
GLS-A-ACL-***SITENAME***-Contributors
GLS-A-ACL-***SITENAME***-ReadOnly
 
Note A stands for AM domain

What I want to do is run a VBS/Powershell Script that’s asks for the site name via a pop up box which is the Variable ***SiteName*** and then goes off and creates the groups in the relevant OUs in the ROOT and CHILD Domains, replacing the Variable ***SITENAME*** above with that which was entered in the pop up box.
 
If we can get them to add the descriptions as follows in the CHILD DOMAINS
 
Owners  - This provides full control to the SharePoint Site ***SITENAME***
Contributors – This provides read/write access to the SharePoint Site ***SITENAME***
Read Only – This provides read only access to the SharePoint Site ***SITENAME***
 
If we can get them to add the descriptions as follows in the ROOT DOMAIN
 
Owners  - This provides full control to the SharePoint Site ***SITENAME*** No Users should be added to this group, they should be added to the CHILD Domain Groups
Contributors – This provides read/write access to the SharePoint Site ***SITENAME*** No Users should be added to this group, they should be added to the CHILD Domain Groups
Read Only – This provides read only access to the SharePoint Site ***SITENAME*** No Users should be added to this group, they should be added to the CHILD Domain Groups
 
If we can get it to automatically add the corresponding GLS Groups to the DLS Groups that would be great!

Thanks for any help!
LVL 2
aidebAsked:
Who is Participating?

[Product update] Infrastructure Analysis Tool is now available with Business Accounts.Learn More

x
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

GovvyCommented:
Perhaps use dsadd or csvde command lines
aidebAuthor Commented:
Using my *very limited* VBscript, I have come up with the following code.

Is anyone able to clean this up for me?

I would like to be able to do some error trapping; e.g. Confirm that the name entered is correct before creating, check group does not already exist etc.

Thanks
' This script will create the SharePoint groups for a new Site
' The groups created will be for Owners, Contributors and ReadOnly

Site = Inputbox("Please enter the Site to be created. Please remember to Capitalise!")


' Define Constants
Const ADS_GROUP_TYPE_LOCAL_GROUP = &h4
Const ADS_GROUP_TYPE_GLOBAL_GROUP = &h2
Const ADS_GROUP_TYPE_SECURITY_ENABLED = &h80000000
Const ADS_PROPERTY_APPEND = 3 

' This Creates the Owners

NewDLGroupName = "DLS-B-ACL-" & Site & "-Owners"
CNNewDLGroupName = "CN="&NewDLGroupName


Set objOU = GetObject("LDAP://OU=SharePoint,OU=Domain Local,OU=Access Control,OU=Coco,DC=TST,DC=local")
Set objGroup = objOU.Create("Group", CNNewDLGroupName)
objGroup.Put "sAMAccountName", NewDLGroupName
objGroup.Put "groupType", ADS_GROUP_TYPE_LOCAL_GROUP
objGroup.Put "Description", "This provides Full Control to the SharePoint site " & Site & ". No Users should be added to this group, they should be add to the Child Domain Groups"
objGroup.SetInfo


NewGLGroupName = "GLS-E-ACL-" & Site & "-Owners"
CNNewGLGroupName = "CN="&NewGLGroupName



Set objOU = GetObject("LDAP://OU=SharePoint,OU=Global,OU=Access Control,OU=Coco,DC=TST,DC=local")
Set objGroup = objOU.Create("Group", CNNewGLGroupName)
objGroup.Put "sAMAccountName", NewGLGroupName
objGroup.Put "Description", "This provides Full Control to the SharePoint site " & Site & "."
objGroup.Put "groupType", ADS_GROUP_TYPE_GLOBAL_GROUP Or _
ADS_GROUP_TYPE_SECURITY_ENABLED
objGroup.SetInfo

 
Set objGroup = GetObject _
  ("LDAP://cn="&NewDLGroupName&",OU=SharePoint,OU=Domain Local,OU=Access Control,OU=Coco,DC=TST,DC=local")
 

objGroup.PutEx ADS_PROPERTY_APPEND, "member", Array(CNNewGLGroupName & ",OU=SharePoint,OU=Global,OU=Access Control,OU=Coco,DC=TST,DC=local")
 

objGroup.SetInfo



'This creates the Contributors


NewDLGroupName = "DLS-B-ACL-" & Site & "-Contributors"
CNNewDLGroupName = "CN="&NewDLGroupName


Set objOU = GetObject("LDAP://OU=SharePoint,OU=Domain Local,OU=Access Control,OU=Coco,DC=TST,DC=local")
Set objGroup = objOU.Create("Group", CNNewDLGroupName)
objGroup.Put "sAMAccountName", NewDLGroupName
objGroup.Put "groupType", ADS_GROUP_TYPE_LOCAL_GROUP
objGroup.Put "Description", "This provides Read/Write to the SharePoint site " & Site & ". No Users should be added to this group, they should be add to the Child Domain Groups"
objGroup.SetInfo


NewGLGroupName = "GLS-E-ACL-" & Site & "-Contributors"
CNNewGLGroupName = "CN="&NewGLGroupName


Set objOU = GetObject("LDAP://OU=SharePoint,OU=Global,OU=Access Control,OU=Coco,DC=TST,DC=local")
Set objGroup = objOU.Create("Group", CNNewGLGroupName)
objGroup.Put "sAMAccountName", NewGLGroupName
objGroup.Put "Description", "This provides Full Control to the SharePoint site " & Site & "."
objGroup.Put "groupType", ADS_GROUP_TYPE_GLOBAL_GROUP Or _
ADS_GROUP_TYPE_SECURITY_ENABLED
objGroup.SetInfo

 
Set objGroup = GetObject _
  ("LDAP://cn="&NewDLGroupName&",OU=SharePoint,OU=Domain Local,OU=Access Control,OU=Coco,DC=TST,DC=local")
 

objGroup.PutEx ADS_PROPERTY_APPEND, "member", Array(CNNewGLGroupName & ",OU=SharePoint,OU=Global,OU=Access Control,OU=Coco,DC=TST,DC=local")
 
objGroup.SetInfo


'This creates ReadOnly


NewDLGroupName = "DLS-B-ACL-" & Site & "-ReadOnly"
CNNewDLGroupName = "CN="&NewDLGroupName


Set objOU = GetObject("LDAP://OU=SharePoint,OU=Domain Local,OU=Access Control,OU=Coco,DC=TST,DC=local")
Set objGroup = objOU.Create("Group", CNNewDLGroupName)
objGroup.Put "sAMAccountName", NewDLGroupName
objGroup.Put "groupType", ADS_GROUP_TYPE_LOCAL_GROUP
objGroup.Put "Description", "This provides Read Only access to the SharePoint site " & Site & ". No Users should be added to this group, they should be add to the Child Domain Groups"
objGroup.SetInfo


NewGLGroupName = "GLS-E-ACL-" & Site & "-ReadOnly"
CNNewGLGroupName = "CN="&NewGLGroupName


Set objOU = GetObject("LDAP://OU=SharePoint,OU=Global,OU=Access Control,OU=Coco,DC=TST,DC=local")
Set objGroup = objOU.Create("Group", CNNewGLGroupName)
objGroup.Put "sAMAccountName", NewGLGroupName
objGroup.Put "Description", "This provides Full Control to the SharePoint site " & Site & "."
objGroup.Put "groupType", ADS_GROUP_TYPE_GLOBAL_GROUP Or _
ADS_GROUP_TYPE_SECURITY_ENABLED
objGroup.SetInfo

 
 
Set objGroup = GetObject _
  ("LDAP://cn="&NewDLGroupName&",OU=SharePoint,OU=Domain Local,OU=Access Control,OU=Coco,DC=TST,DC=local")
 

objGroup.PutEx ADS_PROPERTY_APPEND, "member", Array(CNNewGLGroupName & ",OU=SharePoint,OU=Global,OU=Access Control,OU=Coco,DC=TST,DC=local")
 

objGroup.SetInfo





Msgbox "Operation Completed"

Open in new window

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
aidebAuthor Commented:
Best I could come up with..
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
VB Script

From novice to tech pro — start learning today.