Hi guys,
I would like to create a global security group that hold the servers accounts. Next, create a group manage account in AD.
I would need to check if the group name already exist before creating the group. The same check with the group service account. However, the script didn’t create the group nor did it create the service account after checking the group if exist. Appreciated if you can give me some tips . Thanks
Below is the script I’ve created:
$SvcName = Read-Host "Enter service account name"
$hostname = (Get-ADdomain).DNSRoot
$gname = Read-Host "Enter the group name"
$des = Read-Host "Enter group description"
$Path = Read-Host "Enter the path of the groups. Example:"CN=Computers,DC=busybox,DC=Local""
If(!(Get-ADgroup -identity "$gname")) {
Write-host "Creating Security group $gname..." -ForegroundColor Green
New-ADGroup -Name $gname -GroupCategory Security -GroupScope Global -Description "$des" -Path "$path"
} else {
throw " The group $gname already exists"
}
if(!(Get-ADServiceAccount -identity $SvcName)) {
New-ADServiceAccount -Name "$svcname" -DNSHostName "$hostname" -ManagedPasswordIntervalInDays 30 -PrincipalsAllowedToRetrieveManagedPassword "$gname"
} else {
throw " The group managed service account $svcname already exists"
}