Want to protect your cyber security and still get fast solutions? Ask a secure question today.Go Premium

x
  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 98
  • Last Modified:

Need powershell script to create OU's,Security groups,GPO's at the same time.

I've a task to automate a process which we do on almost daily basis. Below is the requirement.

1) Create a "Test" OU under OU=Sample,DC=Contoso,DC=COM

2) Create security groups named "Test 2", "Test 3", "Test 4" under OU=Sample1,DC=Contoso,DC=COM and add members in each group

3) Create a Test 5 group under "Test" OU.

4) Create a GPO named "Test-SA" and link it to "Test" OU.


How can i automate this whole thing?.

Thanks in Advance!!!
0
P S
Asked:
P S
  • 2
1 Solution
 
MaheshArchitectCommented:
All tasks are separate and you can have single one liner commands to achieve each task

Import-Module ActiveDirectory

New-ADOrganizationalUnit -Name "Test" -Path "OU=Sample,DC=Contoso,DC=COM"

NEW-ADGroup –name "Test 2" –groupscope Global –path “OU=sample1,DC=Contoso,DC=com”
NEW-ADGroup –name "Test 3" –groupscope Global –path “OU=sample1,DC=Contoso,DC=com”
NEW-ADGroup –name "Test 4" –groupscope Global –path “OU=sample1,DC=Contoso,DC=com”

NEW-ADGroup –name "Test 5" –groupscope Global -path "OU=test,OU=Sample,DC=Contoso,DC=COM"

Import-Module GroupPolicy
New-GPO -Name Test-SA -comment "This is a test GPO."
new-gplink -name test-SA -target "OU=test,OU=Sample,DC=Contoso,DC=COM"

Open in new window


save all above code into .ps1 file OR you can simply copy / paste into PowerShell

use domain admins member to logon on to DC  (2008 R2 and above) or member server with RSAT installed and run elevated PowerShell
then from elevated PowerShell run below command (one time)
set-executionpolicy remotesigned
when asking for prompt, press y and hit enter
This will allow running PowerShell script
1
 
P SAuthor Commented:
Thanks Mahesh. I did the same thing but I was not able to pipe the Add-ADGroupmember cmdlet and was not able to modify the script to add users in the respective group, Can you help?.

Thanks again
0
 
MaheshArchitectCommented:
you could have mention the things where you stuck in original question

What actually your script do? without understanding script logic its difficult what you are trying to do

If you upload script I can help

Add-AdGroupMember will not accept piped output
You need to put users in variable and then call it via Add-AdGroupMember

Ex: Get ad users from specific OU and add them to specific OU
$Allusers = Get-Aduser -Searchbase "Ou=Test,DC=contoso,DC=com"
foreach ($users in $Allusers) 
{ Add-AdGroupMember groupname –Member $users.SamAccountName }

Open in new window


If you are reading from csv file then
$allusers = import-csv C:\allusers.csv
foreach ($users in $allusers)
{ $user = Get-Aduser -Identity $users.SamAccountName -Erroraction -SilentlyContinue
  If($user -ne $null) { Add-AdGroupMember GroupName -Member $user }
}

Open in new window


The csv file should contains column called SamAccountName and all users should listed underneath that
1

Featured Post

Evaluating UTMs? Here's what you need to know!

Evaluating a UTM appliance and vendor can prove to be an overwhelming exercise.  How can you make sure that you're getting the security that your organization needs without breaking the bank? Check out our UTM Buyer's Guide for more information on what you should be looking for!

  • 2
Tackle projects and never again get stuck behind a technical roadblock.
Join Now