Solved

Need powershell script to create OU's,Security groups,GPO's at the same time.

Posted on 2016-11-01
3
74 Views
Last Modified: 2016-11-17
I've a task to automate a process which we do on almost daily basis. Below is the requirement.

1) Create a "Test" OU under OU=Sample,DC=Contoso,DC=COM

2) Create security groups named "Test 2", "Test 3", "Test 4" under OU=Sample1,DC=Contoso,DC=COM and add members in each group

3) Create a Test 5 group under "Test" OU.

4) Create a GPO named "Test-SA" and link it to "Test" OU.


How can i automate this whole thing?.

Thanks in Advance!!!
0
Comment
Question by:A D
  • 2
3 Comments
 
LVL 37

Expert Comment

by:Mahesh
ID: 41869644
All tasks are separate and you can have single one liner commands to achieve each task

Import-Module ActiveDirectory

New-ADOrganizationalUnit -Name "Test" -Path "OU=Sample,DC=Contoso,DC=COM"

NEW-ADGroup –name "Test 2" –groupscope Global –path “OU=sample1,DC=Contoso,DC=com”
NEW-ADGroup –name "Test 3" –groupscope Global –path “OU=sample1,DC=Contoso,DC=com”
NEW-ADGroup –name "Test 4" –groupscope Global –path “OU=sample1,DC=Contoso,DC=com”

NEW-ADGroup –name "Test 5" –groupscope Global -path "OU=test,OU=Sample,DC=Contoso,DC=COM"

Import-Module GroupPolicy
New-GPO -Name Test-SA -comment "This is a test GPO."
new-gplink -name test-SA -target "OU=test,OU=Sample,DC=Contoso,DC=COM"

Open in new window


save all above code into .ps1 file OR you can simply copy / paste into PowerShell

use domain admins member to logon on to DC  (2008 R2 and above) or member server with RSAT installed and run elevated PowerShell
then from elevated PowerShell run below command (one time)
set-executionpolicy remotesigned
when asking for prompt, press y and hit enter
This will allow running PowerShell script
1
 

Author Comment

by:A D
ID: 41869713
Thanks Mahesh. I did the same thing but I was not able to pipe the Add-ADGroupmember cmdlet and was not able to modify the script to add users in the respective group, Can you help?.

Thanks again
0
 
LVL 37

Accepted Solution

by:
Mahesh earned 500 total points
ID: 41869877
you could have mention the things where you stuck in original question

What actually your script do? without understanding script logic its difficult what you are trying to do

If you upload script I can help

Add-AdGroupMember will not accept piped output
You need to put users in variable and then call it via Add-AdGroupMember

Ex: Get ad users from specific OU and add them to specific OU
$Allusers = Get-Aduser -Searchbase "Ou=Test,DC=contoso,DC=com"
foreach ($users in $Allusers) 
{ Add-AdGroupMember groupname –Member $users.SamAccountName }

Open in new window


If you are reading from csv file then
$allusers = import-csv C:\allusers.csv
foreach ($users in $allusers)
{ $user = Get-Aduser -Identity $users.SamAccountName -Erroraction -SilentlyContinue
  If($user -ne $null) { Add-AdGroupMember GroupName -Member $user }
}

Open in new window


The csv file should contains column called SamAccountName and all users should listed underneath that
1

Featured Post

NFR key for Veeam Backup for Microsoft Office 365

Veeam is happy to provide a free NFR license (for 1 year, up to 10 users). This license allows for the non‑production use of Veeam Backup for Microsoft Office 365 in your home lab without any feature limitations.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

This article demonstrates probably the easiest way to configure domain-wide tier isolation within Active Directory. If you do not know tier isolation read https://technet.microsoft.com/en-us/windows-server-docs/security/securing-privileged-access/s…
Recently, Microsoft released a best-practice guide for securing Active Directory. It's a whopping 300+ pages long. Those of us tasked with securing our company’s databases and systems would, ideally, have time to devote to learning the ins and outs…
Exchange organizations may use the Journaling Agent of the Transport Service to archive messages going through Exchange. However, if the Transport Service is integrated with some email content management application (such as an antispam), the admini…
Attackers love to prey on accounts that have privileges. Reducing privileged accounts and protecting privileged accounts therefore is paramount. Users, groups, and service accounts need to be protected to help protect the entire Active Directory …

726 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question