Want to win a PS4? Go Premium and enter to win our High-Tech Treats giveaway. Enter to Win

x
?
Solved

Need powershell script to create OU's,Security groups,GPO's at the same time.

Posted on 2016-11-01
3
Medium Priority
?
93 Views
Last Modified: 2016-11-17
I've a task to automate a process which we do on almost daily basis. Below is the requirement.

1) Create a "Test" OU under OU=Sample,DC=Contoso,DC=COM

2) Create security groups named "Test 2", "Test 3", "Test 4" under OU=Sample1,DC=Contoso,DC=COM and add members in each group

3) Create a Test 5 group under "Test" OU.

4) Create a GPO named "Test-SA" and link it to "Test" OU.


How can i automate this whole thing?.

Thanks in Advance!!!
0
Comment
Question by:P S
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 2
3 Comments
 
LVL 38

Expert Comment

by:Mahesh
ID: 41869644
All tasks are separate and you can have single one liner commands to achieve each task

Import-Module ActiveDirectory

New-ADOrganizationalUnit -Name "Test" -Path "OU=Sample,DC=Contoso,DC=COM"

NEW-ADGroup –name "Test 2" –groupscope Global –path “OU=sample1,DC=Contoso,DC=com”
NEW-ADGroup –name "Test 3" –groupscope Global –path “OU=sample1,DC=Contoso,DC=com”
NEW-ADGroup –name "Test 4" –groupscope Global –path “OU=sample1,DC=Contoso,DC=com”

NEW-ADGroup –name "Test 5" –groupscope Global -path "OU=test,OU=Sample,DC=Contoso,DC=COM"

Import-Module GroupPolicy
New-GPO -Name Test-SA -comment "This is a test GPO."
new-gplink -name test-SA -target "OU=test,OU=Sample,DC=Contoso,DC=COM"

Open in new window


save all above code into .ps1 file OR you can simply copy / paste into PowerShell

use domain admins member to logon on to DC  (2008 R2 and above) or member server with RSAT installed and run elevated PowerShell
then from elevated PowerShell run below command (one time)
set-executionpolicy remotesigned
when asking for prompt, press y and hit enter
This will allow running PowerShell script
1
 

Author Comment

by:P S
ID: 41869713
Thanks Mahesh. I did the same thing but I was not able to pipe the Add-ADGroupmember cmdlet and was not able to modify the script to add users in the respective group, Can you help?.

Thanks again
0
 
LVL 38

Accepted Solution

by:
Mahesh earned 2000 total points
ID: 41869877
you could have mention the things where you stuck in original question

What actually your script do? without understanding script logic its difficult what you are trying to do

If you upload script I can help

Add-AdGroupMember will not accept piped output
You need to put users in variable and then call it via Add-AdGroupMember

Ex: Get ad users from specific OU and add them to specific OU
$Allusers = Get-Aduser -Searchbase "Ou=Test,DC=contoso,DC=com"
foreach ($users in $Allusers) 
{ Add-AdGroupMember groupname –Member $users.SamAccountName }

Open in new window


If you are reading from csv file then
$allusers = import-csv C:\allusers.csv
foreach ($users in $allusers)
{ $user = Get-Aduser -Identity $users.SamAccountName -Erroraction -SilentlyContinue
  If($user -ne $null) { Add-AdGroupMember GroupName -Member $user }
}

Open in new window


The csv file should contains column called SamAccountName and all users should listed underneath that
1

Featured Post

New feature and membership benefit!

New feature! Upgrade and increase expert visibility of your issues with Priority Questions.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

This process allows computer passwords to be managed and secured without using LAPS. This is an improvement on an existing process, enhanced to store password encrypted, instead of clear-text files within SQL
It’s time for spooky stories and consuming way too much sugar, including the many treats we’ve whipped for you in the world of tech. Check it out!
This tutorial will walk an individual through the process of transferring the five major, necessary Active Directory Roles, commonly referred to as the FSMO roles to another domain controller. Log onto the new domain controller with a user account t…
Sometimes it takes a new vantage point, apart from our everyday security practices, to truly see our Active Directory (AD) vulnerabilities. We get used to implementing the same techniques and checking the same areas for a breach. This pattern can re…
Suggested Courses

604 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question