[Okta Webinar] Learn how to a build a cloud-first strategyRegister Now

x
  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 382
  • Last Modified:

Scripting new Active Directory groups

We are in the process of creating a new SharePoint site and I have spent a lot of time creating group structures. In future I want to be able to automate new 'sites' coming into SharePoint....

The Naming Convention for the SharePoint Sites in AD will always be the same and will always be located in the same OU (regardless of which domain).

We have a forest with 3 domains.

So for example a site has the following Domain Local Groups in our root Domain (BC.com)
 
DLS-B-ACL-***SITENAME***-Owners
DLS-B-ACL-***SITENAME***-Contributors
DLS-B-ACL-***SITENAME***-ReadOnly

Note B stands for BC domain
 
Then the following groups are created in the EU (EU.BC.COM) and AM (AM.BC.COM) domains, and nested to the corresponding Domain Local Security Groups in the ROOT (BC) Domain above.
 
GLS-E-ACL-***SITENAME***-Owners
GLS-E-ACL-***SITENAME***-Contributors
GLS-E-ACL-***SITENAME***-ReadOnly

Note E stands for EU domain
 
GLS-A-ACL-***SITENAME***-Owners
GLS-A-ACL-***SITENAME***-Contributors
GLS-A-ACL-***SITENAME***-ReadOnly
 
Note A stands for AM domain

What I want to do is run a VBS/Powershell Script that’s asks for the site name via a pop up box which is the Variable ***SiteName*** and then goes off and creates the groups in the relevant OUs in the ROOT and CHILD Domains, replacing the Variable ***SITENAME*** above with that which was entered in the pop up box.
 
If we can get them to add the descriptions as follows in the CHILD DOMAINS
 
Owners  - This provides full control to the SharePoint Site ***SITENAME***
Contributors – This provides read/write access to the SharePoint Site ***SITENAME***
Read Only – This provides read only access to the SharePoint Site ***SITENAME***
 
If we can get them to add the descriptions as follows in the ROOT DOMAIN
 
Owners  - This provides full control to the SharePoint Site ***SITENAME*** No Users should be added to this group, they should be added to the CHILD Domain Groups
Contributors – This provides read/write access to the SharePoint Site ***SITENAME*** No Users should be added to this group, they should be added to the CHILD Domain Groups
Read Only – This provides read only access to the SharePoint Site ***SITENAME*** No Users should be added to this group, they should be added to the CHILD Domain Groups
 
If we can get it to automatically add the corresponding GLS Groups to the DLS Groups that would be great!

Thanks for any help!
0
aideb
Asked:
aideb
  • 2
2 Solutions
 
GovvyCommented:
Perhaps use dsadd or csvde command lines
0
 
aidebAuthor Commented:
Using my *very limited* VBscript, I have come up with the following code.

Is anyone able to clean this up for me?

I would like to be able to do some error trapping; e.g. Confirm that the name entered is correct before creating, check group does not already exist etc.

Thanks
' This script will create the SharePoint groups for a new Site
' The groups created will be for Owners, Contributors and ReadOnly

Site = Inputbox("Please enter the Site to be created. Please remember to Capitalise!")


' Define Constants
Const ADS_GROUP_TYPE_LOCAL_GROUP = &h4
Const ADS_GROUP_TYPE_GLOBAL_GROUP = &h2
Const ADS_GROUP_TYPE_SECURITY_ENABLED = &h80000000
Const ADS_PROPERTY_APPEND = 3 

' This Creates the Owners

NewDLGroupName = "DLS-B-ACL-" & Site & "-Owners"
CNNewDLGroupName = "CN="&NewDLGroupName


Set objOU = GetObject("LDAP://OU=SharePoint,OU=Domain Local,OU=Access Control,OU=Coco,DC=TST,DC=local")
Set objGroup = objOU.Create("Group", CNNewDLGroupName)
objGroup.Put "sAMAccountName", NewDLGroupName
objGroup.Put "groupType", ADS_GROUP_TYPE_LOCAL_GROUP
objGroup.Put "Description", "This provides Full Control to the SharePoint site " & Site & ". No Users should be added to this group, they should be add to the Child Domain Groups"
objGroup.SetInfo


NewGLGroupName = "GLS-E-ACL-" & Site & "-Owners"
CNNewGLGroupName = "CN="&NewGLGroupName



Set objOU = GetObject("LDAP://OU=SharePoint,OU=Global,OU=Access Control,OU=Coco,DC=TST,DC=local")
Set objGroup = objOU.Create("Group", CNNewGLGroupName)
objGroup.Put "sAMAccountName", NewGLGroupName
objGroup.Put "Description", "This provides Full Control to the SharePoint site " & Site & "."
objGroup.Put "groupType", ADS_GROUP_TYPE_GLOBAL_GROUP Or _
ADS_GROUP_TYPE_SECURITY_ENABLED
objGroup.SetInfo

 
Set objGroup = GetObject _
  ("LDAP://cn="&NewDLGroupName&",OU=SharePoint,OU=Domain Local,OU=Access Control,OU=Coco,DC=TST,DC=local")
 

objGroup.PutEx ADS_PROPERTY_APPEND, "member", Array(CNNewGLGroupName & ",OU=SharePoint,OU=Global,OU=Access Control,OU=Coco,DC=TST,DC=local")
 

objGroup.SetInfo



'This creates the Contributors


NewDLGroupName = "DLS-B-ACL-" & Site & "-Contributors"
CNNewDLGroupName = "CN="&NewDLGroupName


Set objOU = GetObject("LDAP://OU=SharePoint,OU=Domain Local,OU=Access Control,OU=Coco,DC=TST,DC=local")
Set objGroup = objOU.Create("Group", CNNewDLGroupName)
objGroup.Put "sAMAccountName", NewDLGroupName
objGroup.Put "groupType", ADS_GROUP_TYPE_LOCAL_GROUP
objGroup.Put "Description", "This provides Read/Write to the SharePoint site " & Site & ". No Users should be added to this group, they should be add to the Child Domain Groups"
objGroup.SetInfo


NewGLGroupName = "GLS-E-ACL-" & Site & "-Contributors"
CNNewGLGroupName = "CN="&NewGLGroupName


Set objOU = GetObject("LDAP://OU=SharePoint,OU=Global,OU=Access Control,OU=Coco,DC=TST,DC=local")
Set objGroup = objOU.Create("Group", CNNewGLGroupName)
objGroup.Put "sAMAccountName", NewGLGroupName
objGroup.Put "Description", "This provides Full Control to the SharePoint site " & Site & "."
objGroup.Put "groupType", ADS_GROUP_TYPE_GLOBAL_GROUP Or _
ADS_GROUP_TYPE_SECURITY_ENABLED
objGroup.SetInfo

 
Set objGroup = GetObject _
  ("LDAP://cn="&NewDLGroupName&",OU=SharePoint,OU=Domain Local,OU=Access Control,OU=Coco,DC=TST,DC=local")
 

objGroup.PutEx ADS_PROPERTY_APPEND, "member", Array(CNNewGLGroupName & ",OU=SharePoint,OU=Global,OU=Access Control,OU=Coco,DC=TST,DC=local")
 
objGroup.SetInfo


'This creates ReadOnly


NewDLGroupName = "DLS-B-ACL-" & Site & "-ReadOnly"
CNNewDLGroupName = "CN="&NewDLGroupName


Set objOU = GetObject("LDAP://OU=SharePoint,OU=Domain Local,OU=Access Control,OU=Coco,DC=TST,DC=local")
Set objGroup = objOU.Create("Group", CNNewDLGroupName)
objGroup.Put "sAMAccountName", NewDLGroupName
objGroup.Put "groupType", ADS_GROUP_TYPE_LOCAL_GROUP
objGroup.Put "Description", "This provides Read Only access to the SharePoint site " & Site & ". No Users should be added to this group, they should be add to the Child Domain Groups"
objGroup.SetInfo


NewGLGroupName = "GLS-E-ACL-" & Site & "-ReadOnly"
CNNewGLGroupName = "CN="&NewGLGroupName


Set objOU = GetObject("LDAP://OU=SharePoint,OU=Global,OU=Access Control,OU=Coco,DC=TST,DC=local")
Set objGroup = objOU.Create("Group", CNNewGLGroupName)
objGroup.Put "sAMAccountName", NewGLGroupName
objGroup.Put "Description", "This provides Full Control to the SharePoint site " & Site & "."
objGroup.Put "groupType", ADS_GROUP_TYPE_GLOBAL_GROUP Or _
ADS_GROUP_TYPE_SECURITY_ENABLED
objGroup.SetInfo

 
 
Set objGroup = GetObject _
  ("LDAP://cn="&NewDLGroupName&",OU=SharePoint,OU=Domain Local,OU=Access Control,OU=Coco,DC=TST,DC=local")
 

objGroup.PutEx ADS_PROPERTY_APPEND, "member", Array(CNNewGLGroupName & ",OU=SharePoint,OU=Global,OU=Access Control,OU=Coco,DC=TST,DC=local")
 

objGroup.SetInfo





Msgbox "Operation Completed"

Open in new window

0
 
aidebAuthor Commented:
Best I could come up with..
0

Featured Post

Visualize your virtual and backup environments

Create well-organized and polished visualizations of your virtual and backup environments when planning VMware vSphere, Microsoft Hyper-V or Veeam deployments. It helps you to gain better visibility and valuable business insights.

  • 2
Tackle projects and never again get stuck behind a technical roadblock.
Join Now