Building a Demo Active Directory: Part 3

Building a Demo Active Directory: Part 3

  • Comments 5
  • Likes

Summary: Create security groups in targeted organizational units in Active Directory.

Hey, Scripting Guy! Question Hey, Scripting Guy!

I was wondering if you could please show me how to use Windows PowerShell to create some security groups inside a set of organizational units in Active Directory. Is it difficult?

—DS

Hey, Scripting Guy! Answer Hello DS,

Honorary Scripting Guy, Sean Kearney here, filling in for our good friend, Ed.

To catch up on the first parts in this series, please read:

In Windows Server 2012 R2 or Windows Server 2008 R2, creating security groups got far easier with built-in cmdlets for Active Directory. In Part 2 of this series, I introduced you to the New-ADOrganizationalUnit cmdlet. Today we’re going to the see the New-ADGroup cmdlet in action!

In our demo Active Directory, our next task is to create some security groups. We’re going to keep this simple and effective. We’re going to place a security group that is based on the division and location in the final branch of each structure.

Let’s take a look at our variables for divisions and cities:

$CityOU=”Tokyo”,”Redmond”,”Ottawa”,”Madrid”,”New Orleans”,”Queensland”

$DivisionOU="Sales","Marketing","HR","Finance"

Now I’m going to have each group based on the CityOU name and the DivisionOU name. We’re going to concatenate each one, separated by a hyphen. We’ll use a simple loop that will accomplish the following:

  • Assign our current city to the variable $City
  • Assign our current division to the variable $Division
  • Build a group name by combining the city and division with no spaces and a hyphen separating them
  • Populate the description of the group with similar details

First we’ll build the group name and ensure that any blank spaces are removed:

$GroupName=$City.replace(" ","")+"-"+$Division.replace(" ","")

Then we build the group’s description:

$GroupDescription="$Division in $City Access Group"

I plan on using this particular set of instructions later when I populate users based on city and division, so I’m going to make this into a simple function:

Function GET-GroupInfo()

{

Param(

$City,

$Division

)

 

$GroupName=$City.replace(" ","")+"-"+$Division.replace(" ","")

$GroupDescription="$Division in $City Access Group"

 

# Return the Results (This is a feature new to version 3)

[pscustomobject]@{Name=$Groupname;Description=$GroupDescription}

 

}

Now we’ll take our original script to populate the organizational units and insert our new code to not only build a security group, but also populate it within targeted sections of our demo Active Directory environment:

$BaseOU=”Offices”

$CityOU=”Tokyo”,”Redmond”,”Ottawa”,”Madrid”,”New Orleans”,”Queensland”

$DivisionOU="Sales","Marketing","HR","Finance"

 

$Domain=”DC=Contoso,DC=local”

$CompanyPath="OU=$BaseOU,"+$Domain

 

NEW-ADOrganizationalUnit -name $BaseOU -path $Domain

 

# Gather through list of Cities

Foreach ($City in $CityOU)

{

# Create OU for City

NEW-ADOrganizationalUnit -path $CompanyPath -name $City

 

# Gather through list of Divisions

Foreach($Division in $DivisionOU)

 

            {

            # Create Division within City

            NEW-ADOrganizationalUnit -path "OU=$City,$CompanyPath" -name $Division

 

            # Create Group within Division and Description

            $GroupData=GET-GroupInfo -City $City -Division $Division

 

$GroupName=$Groupdata.Name

$GroupDescription=$Groupdata.Description

           

NEW-ADGroup -name $GroupName -GroupScope Global -Description `

$GroupDescription –Path "OU=$Division,OU=$City,$CompanyPath"

 

            }

}

Neat, eh? So with some basic variables, we now have a now simple Active Directory structure with built-in security groups! Next, I think we might need some users. For that, pop-in tomorrow when I will show you how with only 15 male and female names, I can build as large a demo environment as you could ever want in Active Directory!

See you tomorrow!

I invite you to follow the Scripting Guys on Twitter and Facebook. If you have any questions, send email to scripter@microsoft.com, or post your questions on the Official Scripting Guys Forum. See you tomorrow. Until then, peace.

Sean Kearney, Honorary Scripting Guy andWindows PowerShell MVP

Your comment has been posted.   Close
Thank you, your comment requires moderation so it may take a while to appear.   Close
Leave a Comment
  • Nice sample. Thanks for sharing

  • @Durval Ramos

    The really cool part is when you pull all of the pieces together and can just spin up Demo AD Structures on the fly.   Makes it easier to "Play" with a structure that has a pile of "Real" data in it.   Without this I was going "Right Click, New etc etc etc" and wondering where the day went.

    Not anymore thanks to PowerShell

    :=)

    Sean

  • Goo Learning

  • Hi Sean,

    I am trying to follow the lab exercise until now but i am not a pro scripter.

    Missing something in the last statement when I try to launch the script.

    $GroupDescription –Path "OU=$Division,OU=$City,$CompanyPath"

    On the last line it keeps telling me unexpected token, and I am not able to run the script.

    I have tried to put a = between and use other brackets but structure is there but not the groups.

    Copied and pasted every little part from your writing in a file but cant get the groups to function. its building the structure that is not the problem.

    Hope you can provide me with the answer.

    Kind regards,

    Raymond Boer

  • thanks