Monthly Archive


Bulk create groups–script

Having seen how to create a group – lets look at bulk creation.  I’ll start with the script method as thats partially done

I created a csv file with 10 rows – the field headers are name, OU and description

Name, OU, Description
TestG0,"OU=TestGroups,DC=Manticore,DC=org","Test Group 0"
TestG1,"OU=TestGroups,DC=Manticore,DC=org","Test Group 1"
TestG2,"OU=TestGroups,DC=Manticore,DC=org","Test Group 2"
TestG3,"OU=TestGroups,DC=Manticore,DC=org","Test Group 3"
TestG4,"OU=TestGroups,DC=Manticore,DC=org","Test Group 4"
TestG5,"OU=TestGroups,DC=Manticore,DC=org","Test Group 5"
TestG6,"OU=TestGroups,DC=Manticore,DC=org","Test Group 6"
TestG7,"OU=TestGroups,DC=Manticore,DC=org","Test Group 7"
TestG8,"OU=TestGroups,DC=Manticore,DC=org","Test Group 8"
TestG9,"OU=TestGroups,DC=Manticore,DC=org","Test Group 9"


I want to be able to create any type of group so switches are created for the scopes – universal, global and domainlocal. That could be changed to make scope another variable

The name, OU and description parameters are configured to take pipeline input

function new-securitygroup {            
param (            
BEGIN {            
# set constants for group types            
$globalgroup = 0x00000002            
$domainlocalgroup = 0x00000004            
$security = 0x80000000            
$universalgroup = 0x00000008            
PROCESS {            
$target = [ADSI]"LDAP://$ou"            
switch ($psCmdlet.ParameterSetName) {            
 "DL" {$grouptype1 = $security -bor $universalgroup            
       $grouptype2 = $security -bor $domainlocalgroup}            
 "G"  {$grouptype  = $security -bor $globalgroup }            
 "U"  {$grouptype  = $security -bor $universalgroup }            
 default {Write-Host "Error!!! Should not be here" }            
$group = $target.Create("Group", "cn=$name")            
if ($domainlocal) {            
  $group.GroupType = $grouptype1            
  $group.GroupType = $grouptype2            
else {            
  $group.GroupType = $grouptype            
$group.samAccountname = $name            
$group.Description = $description            
} # end process block            

The BEGIN block sets the constants – only need to do this once

The PROCESS block uses the parameter set name to determine the value of group type. The script proceeds as we saw previously.

Run the script to create the function. It can then be used as

import-csv .\testgroups.csv | new-securitygroup -universal

Leave a Reply