I am attempting to write a script that will create OU’s for each new customer my company gets, and thus each customer OU needs to be a part of specific Security Groups. Is there any way to script this? I have been trying for a few days with no success.
Is there any way to script this?There's almost always a way. ;-) :-D You might show what you have so far and we'll try to improve it. We don't like to deliver productive code on request for free. ;-) ;-)
Of course, I am however new to scripting so it’s not the most clean code. What I am trying to do is add the last two groups I have made to the OU made at the start of the script.
$MPID = Read-Host -Prompt "Input the company's MPID" $Company = Read-Host -Prompt "Input the company's full name" $OUName = "$MPID ($Company)" $CSVLocation = "C:\Users\ben.wilson.admin\Documents\Scripts\Resources\New-ADHostingUser" $OUCSVLocation = "$CSVLocation\OU.csv" $MPIDCSVLocation = "$CSVLocation\MPIDs.csv" $DomainName = (Get-AdDomain).DistinguishedName $Location = "OU=Customers,OU=Hosting,$DomainName" $GroupLocation= "OU=Groups,OU=$OUName,$Location" $AddGroup = "CN=$OUName,$Location" Add-content "$OUCSVLocation" "$OUName" Add-Content "$MPIDCSVLocation" "$MPID" ##OU New-ADOrganizationalUnit -Name "$OUName" -Path "$Location" -ProtectedFromAccidentalDeletion $false New-ADOrganizationalUnit -Name "Computers" -Path "OU=$OUName,$Location" -ProtectedFromAccidentalDeletion $false New-ADOrganizationalUnit -Name "FTP Users" -Path "OU=$OUName,$Location" -ProtectedFromAccidentalDeletion $false New-ADOrganizationalUnit -Name "Groups" -Path "OU=$OUName,$Location" -ProtectedFromAccidentalDeletion $false New-ADOrganizationalUnit -Name "Service" -Path "OU=$OUName,$Location" -ProtectedFromAccidentalDeletion $false New-ADOrganizationalUnit -Name "Users" -Path "OU=$OUName,$Location" -ProtectedFromAccidentalDeletion $false ##Group $GroupName = "$MPID Shared Access (Read-Write)" New-ADGroup -Name "$GroupName" -GroupCategory Security -GroupScope DomainLocal -DisplayName "$GroupName" -Path "$GroupLocation" $GroupName = "$MPID Shared Access (Read-Only)" New-ADGroup -Name "$GroupName" -GroupCategory Security -GroupScope DomainLocal -DisplayName "$GroupName" -Path "$GroupLocation" $GroupName = "$MPID FTP Users" New-ADGroup -Name "$GroupName" -GroupCategory Security -GroupScope Global -DisplayName "$GroupName" -Path "$GroupLocation" $GroupName = "$MPID FTP Folder Access (Read-Write)" New-ADGroup -Name "$GroupName" -GroupCategory Security -GroupScope DomainLocal -DisplayName "$GroupName" -Path "$GroupLocation" $GroupName = "$MPID Data Share Access (Read-Write)" New-ADGroup -Name "$GroupName" -GroupCategory Security -GroupScope DomainLocal -DisplayName "$GroupName" -Path "$GroupLocation" $GroupName = "$MPID Data Share Access (Read-Only)" New-ADGroup -Name "$GroupName" -GroupCategory Security -GroupScope DomainLocal -DisplayName "$GroupName" -Path "$GroupLocation" $GroupName = "$MPID Customer Users" New-ADGroup -Name "$GroupName" -GroupCategory Security -GroupScope Global -DisplayName "$GroupName" -Path "$GroupLocation" $GroupName = "$MPID Billing Share Access" New-ADGroup -Name "$GroupName" -GroupCategory Security -GroupScope DomainLocal -DisplayName "$GroupName" -Path "$GroupLocation" $GroupName = "$MPID All Users" New-ADGroup -Name "$GroupName" -GroupCategory Security -GroupScope DomainLocal -DisplayName "$GroupName" -Path "$GroupLocation" $GroupName = "$MPID All Computers" New-ADGroup -Name "$GroupName" -GroupCategory Security -GroupScope Global -DisplayName "$GroupName" -Path "$GroupLocation"
Please edit your post again and format the code as code. This way it is hard to read and hard to copy because there are unwanted line breaks.
Thanks
(You use the “pre” buttons in the edit bar to format code as code here in the forum)
Sorry, it’s my first time using a forum for code.
$MPID = Read-Host -Prompt "Input the company's MPID" $Company = Read-Host -Prompt "Input the company's full name" $OUName = "$MPID ($Company)" $CSVLocation = "C:\Users\ben.wilson.admin\Documents\Scripts\Resources\New-ADHostingUser" $OUCSVLocation = "$CSVLocation\OU.csv" $MPIDCSVLocation = "$CSVLocation\MPIDs.csv" $DomainName = (Get-AdDomain).DistinguishedName $Location = "OU=Customers,OU=Hosting,$DomainName" $GroupLocation= "OU=Groups,OU=$OUName,$Location" $AddGroup = "CN=$OUName,$Location" Add-content "$OUCSVLocation" "$OUName" Add-Content "$MPIDCSVLocation" "$MPID" ##OU New-ADOrganizationalUnit -Name "$OUName" -Path "$Location" -ProtectedFromAccidentalDeletion $false New-ADOrganizationalUnit -Name "Computers" -Path "OU=$OUName,$Location" -ProtectedFromAccidentalDeletion $false New-ADOrganizationalUnit -Name "FTP Users" -Path "OU=$OUName,$Location" -ProtectedFromAccidentalDeletion $false New-ADOrganizationalUnit -Name "Groups" -Path "OU=$OUName,$Location" -ProtectedFromAccidentalDeletion $false New-ADOrganizationalUnit -Name "Service" -Path "OU=$OUName,$Location" -ProtectedFromAccidentalDeletion $false New-ADOrganizationalUnit -Name "Users" -Path "OU=$OUName,$Location" -ProtectedFromAccidentalDeletion $false ##Group $GroupName = "$MPID Shared Access (Read-Write)" New-ADGroup -Name "$GroupName" -GroupCategory Security -GroupScope DomainLocal -DisplayName "$GroupName" -Path "$GroupLocation" $GroupName = "$MPID Shared Access (Read-Only)" New-ADGroup -Name "$GroupName" -GroupCategory Security -GroupScope DomainLocal -DisplayName "$GroupName" -Path "$GroupLocation" $GroupName = "$MPID FTP Users" New-ADGroup -Name "$GroupName" -GroupCategory Security -GroupScope Global -DisplayName "$GroupName" -Path "$GroupLocation" $GroupName = "$MPID FTP Folder Access (Read-Write)" New-ADGroup -Name "$GroupName" -GroupCategory Security -GroupScope DomainLocal -DisplayName "$GroupName" -Path "$GroupLocation" $GroupName = "$MPID Data Share Access (Read-Write)" New-ADGroup -Name "$GroupName" -GroupCategory Security -GroupScope DomainLocal -DisplayName "$GroupName" -Path "$GroupLocation" $GroupName = "$MPID Data Share Access (Read-Only)" New-ADGroup -Name "$GroupName" -GroupCategory Security -GroupScope DomainLocal -DisplayName "$GroupName" -Path "$GroupLocation" $GroupName = "$MPID Customer Users" New-ADGroup -Name "$GroupName" -GroupCategory Security -GroupScope Global -DisplayName "$GroupName" -Path "$GroupLocation" $GroupName = "$MPID Billing Share Access" New-ADGroup -Name "$GroupName" -GroupCategory Security -GroupScope DomainLocal -DisplayName "$GroupName" -Path "$GroupLocation" $GroupName = "$MPID All Users" New-ADGroup -Name "$GroupName" -GroupCategory Security -GroupScope DomainLocal -DisplayName "$GroupName" -Path "$GroupLocation" $GroupName = "$MPID All Computers" New-ADGroup -Name "$GroupName" -GroupCategory Security -GroupScope Global -DisplayName "$GroupName" -Path "$GroupLocation"
So from the code you have posted, it looks like you are creating a parent OU, and then creating child OUs for Computers, FTP Users, Groups, Service, Users. Then you create new security groups of various scope.
From what I can see - the piece that is missing is – adding members to the group. Your original post states:
each customer OU needs to be a part of specific Security GroupsThe code you have posted above does not deal with any group membership assignments.
Add-ADGroupMemberis probably what you are looking for. But with the given example / description, it isn't clear where you are stuck?
Sorry i meant to mention, I actually left out that line of code as it wasn’t working. I am trying to add the last 2 groups I have made to the parent OU. Should have been more clear.
So you need to add the “MPID All Users” and MPID All Computers" groups to that parent OU’s ACL?
I think the part that I am confused by in your original post is that you need “each customer OU needs to be part of specific security groups” – you can’t add OUs to security groups. Are you talking about shadow groups? Or are you talking about OU permissions with ACL as @matt-howard mentioned?
I would assume ACL, I am new to scripting so these terms are all new too.
Well - if you weren’t scripting this – how would you accomplish this task? Adding users to a group? Modifying the permission of the OU?