Improve company productivity with a Business Account.Sign Up

x
?
Solved

Need powershell script to create OU's,Security groups,GPO's at the same time.

Posted on 2016-11-01
3
Medium Priority
?
107 Views
Last Modified: 2016-11-17
I've a task to automate a process which we do on almost daily basis. Below is the requirement.

1) Create a "Test" OU under OU=Sample,DC=Contoso,DC=COM

2) Create security groups named "Test 2", "Test 3", "Test 4" under OU=Sample1,DC=Contoso,DC=COM and add members in each group

3) Create a Test 5 group under "Test" OU.

4) Create a GPO named "Test-SA" and link it to "Test" OU.


How can i automate this whole thing?.

Thanks in Advance!!!
0
Comment
Question by:P S
  • 2
3 Comments
 
LVL 41

Expert Comment

by:Mahesh
ID: 41869644
All tasks are separate and you can have single one liner commands to achieve each task

Import-Module ActiveDirectory

New-ADOrganizationalUnit -Name "Test" -Path "OU=Sample,DC=Contoso,DC=COM"

NEW-ADGroup –name "Test 2" –groupscope Global –path “OU=sample1,DC=Contoso,DC=com”
NEW-ADGroup –name "Test 3" –groupscope Global –path “OU=sample1,DC=Contoso,DC=com”
NEW-ADGroup –name "Test 4" –groupscope Global –path “OU=sample1,DC=Contoso,DC=com”

NEW-ADGroup –name "Test 5" –groupscope Global -path "OU=test,OU=Sample,DC=Contoso,DC=COM"

Import-Module GroupPolicy
New-GPO -Name Test-SA -comment "This is a test GPO."
new-gplink -name test-SA -target "OU=test,OU=Sample,DC=Contoso,DC=COM"

Open in new window


save all above code into .ps1 file OR you can simply copy / paste into PowerShell

use domain admins member to logon on to DC  (2008 R2 and above) or member server with RSAT installed and run elevated PowerShell
then from elevated PowerShell run below command (one time)
set-executionpolicy remotesigned
when asking for prompt, press y and hit enter
This will allow running PowerShell script
1
 

Author Comment

by:P S
ID: 41869713
Thanks Mahesh. I did the same thing but I was not able to pipe the Add-ADGroupmember cmdlet and was not able to modify the script to add users in the respective group, Can you help?.

Thanks again
0
 
LVL 41

Accepted Solution

by:
Mahesh earned 2000 total points
ID: 41869877
you could have mention the things where you stuck in original question

What actually your script do? without understanding script logic its difficult what you are trying to do

If you upload script I can help

Add-AdGroupMember will not accept piped output
You need to put users in variable and then call it via Add-AdGroupMember

Ex: Get ad users from specific OU and add them to specific OU
$Allusers = Get-Aduser -Searchbase "Ou=Test,DC=contoso,DC=com"
foreach ($users in $Allusers) 
{ Add-AdGroupMember groupname –Member $users.SamAccountName }

Open in new window


If you are reading from csv file then
$allusers = import-csv C:\allusers.csv
foreach ($users in $allusers)
{ $user = Get-Aduser -Identity $users.SamAccountName -Erroraction -SilentlyContinue
  If($user -ne $null) { Add-AdGroupMember GroupName -Member $user }
}

Open in new window


The csv file should contains column called SamAccountName and all users should listed underneath that
1

Featured Post

NEW Internet Security Report Now Available!

WatchGuard’s Threat Lab is a group of dedicated threat researchers committed to helping you stay ahead of the bad guys by providing in-depth analysis of the top security threats to your network.  Check out this quarters report on the threats that shook the industry in Q4 2017.

Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

Join & Write a Comment

After a recent Outlook migration from a 2007 to 2010 environment, some issues with Distribution List owners were realized. In this article, I explain how that was rectified.
In this article, we will discuss how you can secure Active Directory using free tools, and how you can choose a safe and secure Active Directory security auditing tool.
Exchange organizations may use the Journaling Agent of the Transport Service to archive messages going through Exchange. However, if the Transport Service is integrated with some email content management application (such as an antispam), the admini…
Attackers love to prey on accounts that have privileges. Reducing privileged accounts and protecting privileged accounts therefore is paramount. Users, groups, and service accounts need to be protected to help protect the entire Active Directory …

585 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question