Hello,
I am looking for a simple DSC script (using Group Resource) which can be used to add multiple AD groups in to local administrators on multiple servers. Could someone pls help
Please see if below works for you in a test environment. You’ll need to work with certificates to properly secure the credential password.
Configuration AddGroupMembers {
param (
[Parameter(Mandatory)]
[System.String]
$GroupName,
[Parameter(Mandatory)]
[System.String[]]
$MembersToInclude,
[Parameter(Mandatory)]
[System.Management.Automation.PSCredential]
$Credential
)
Import-DscResource -ModuleName PSDesiredStateConfiguration -Name Group
Node $AllNodes.NodeName {
Group AddGroupMembers {
Ensure = 'Present'
GroupName = $GroupName
MembersToInclude = $MembersToInclude
Credential = $Credential
}
}
}
$ConfigData = @{
AllNodes = @(
@{
# the name of the target node
NodeName = 'localhost'
# This is not recommended, only for testing purposes. Replace with Thumbprint and CertificateFile after testing.
PsDscAllowPlainTextPassword = $true
# Suppress warning: It is not recommended to use domain credential ...
PSDscAllowDomainUser = $true
}
)
}
$AddParams = @{
GroupName = 'Event Log Readers'
MembersToInclude = 'DOMAIN\my-group'
Credential = (Get-Credential -Credential 'DOMAIN\admin user')
ConfigurationData = $ConfigData
}
AddGroupMembers @AddParams
I hope that helps to get started. Additional details regarding the encryption can be found here: https://msdn.microsoft.com/en-us/powershell/dsc/secureMOF
The online documentation for the Group resource is here: https://msdn.microsoft.com/en-us/powershell/dsc/groupresource