Categories

Bulk create groups–script

Having seen how to create a group – lets look at bulk creation.  I’ll start with the script method as thats partially done

http://msmvps.com/blogs/richardsiddaway/archive/2012/02/19/1795354.aspx

I created a csv file with 10 rows – the field headers are name, OU and description

Name, OU, Description
TestG0,"OU=TestGroups,DC=Manticore,DC=org","Test Group 0"
TestG1,"OU=TestGroups,DC=Manticore,DC=org","Test Group 1"
TestG2,"OU=TestGroups,DC=Manticore,DC=org","Test Group 2"
TestG3,"OU=TestGroups,DC=Manticore,DC=org","Test Group 3"
TestG4,"OU=TestGroups,DC=Manticore,DC=org","Test Group 4"
TestG5,"OU=TestGroups,DC=Manticore,DC=org","Test Group 5"
TestG6,"OU=TestGroups,DC=Manticore,DC=org","Test Group 6"
TestG7,"OU=TestGroups,DC=Manticore,DC=org","Test Group 7"
TestG8,"OU=TestGroups,DC=Manticore,DC=org","Test Group 8"
TestG9,"OU=TestGroups,DC=Manticore,DC=org","Test Group 9"

 

I want to be able to create any type of group so switches are created for the scopes – universal, global and domainlocal. That could be changed to make scope another variable

The name, OU and description parameters are configured to take pipeline input

function new-securitygroup {            
[CmdletBinding()]            
param (            
 [parameter(ValueFromPipeline=$true,             
   ValueFromPipelineByPropertyName=$true)]            
 [string]$name,            
             
  [parameter(ValueFromPipeline=$true,             
   ValueFromPipelineByPropertyName=$true)]            
 [string]$description,            
             
  [parameter(ValueFromPipeline=$true,             
   ValueFromPipelineByPropertyName=$true)]            
 [string]$ou,            
             
 [parameter(ParameterSetName="U")]            
 [switch]$universal,            
             
 [parameter(ParameterSetName="G")]            
 [switch]$global,            
             
 [parameter(ParameterSetName="DL")]            
 [switch]$domainlocal            
)            
BEGIN {            
# set constants for group types            
$globalgroup = 0x00000002            
$domainlocalgroup = 0x00000004            
$security = 0x80000000            
$universalgroup = 0x00000008            
}            
PROCESS {            
$target = [ADSI]"LDAP://$ou"            
            
switch ($psCmdlet.ParameterSetName) {            
 "DL" {$grouptype1 = $security -bor $universalgroup            
       $grouptype2 = $security -bor $domainlocalgroup}            
 "G"  {$grouptype  = $security -bor $globalgroup }            
 "U"  {$grouptype  = $security -bor $universalgroup }            
 default {Write-Host "Error!!! Should not be here" }            
}            
            
$group = $target.Create("Group", "cn=$name")            
$group.SetInfo()            
            
if ($domainlocal) {            
  $group.GroupType = $grouptype1            
  $group.SetInfo()            
              
  $group.GroupType = $grouptype2            
  $group.SetInfo()            
}            
else {            
  $group.GroupType = $grouptype            
  $group.SetInfo()            
}              
$group.samAccountname = $name            
$group.Description = $description            
$group.SetInfo()            
} # end process block            
}


The BEGIN block sets the constants – only need to do this once



The PROCESS block uses the parameter set name to determine the value of group type. The script proceeds as we saw previously.



Run the script to create the function. It can then be used as



import-csv .\testgroups.csv | new-securitygroup -universal

Leave a Reply

Your email address will not be published. Required fields are marked *

You may use these HTML tags and attributes: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <strike> <strong>