Hi All I was hoping you might be able to guide me with my query below.
I have a requirement to create multiple Active directory Groups (and users but not in this script) where the gidNumber has to be modified (for Linux Groups).
I can successfully obtain the GID from the AD Group SID, but I am then unable to pass this to the Set-ADGroup -replace parameter.
Headers (for CSV file):
Name,SamAccountName,Path,DisplayName,Description
Test Group,Test Group,“OU=Groups,DC=HomeDomain,DC=Local”,tstgrp,Test Group
Test2 Group,Test2 Group,“OU=Groups,DC=HomeDomain,DC=Local”,tstgrp2,Test Group
I think it is to do with the @{gidNumber=“GID”} scriptblock but cannot think how to take each GID and then put it into the gidNumber one at a time.
This is the error I get :
Set-ADGroup : The parameter is incorrect
At line:8 char:37
+ Get-adgroup $group.SamAccountName | Set-ADGroup -Replace @{gidNumber="GID"} -Ver ...
+ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+ CategoryInfo : InvalidOperation: (CN=Test Group,DC=Homenet,DC=Local:ADGroup) [Set-ADGroup], ADInvalidOperationException
+ FullyQualifiedErrorId : ActiveDirectoryServer:87,Microsoft.ActiveDirectory.Management.Commands.SetADGroup
Any assistance would be very much appreciated.
Out of curiosity, how did you create the $groups variable? Is it from running Get-ADGroup, or from something like a database or CSV file? You don’t need to keep making multiple calls to Get-ADGroup. Assuming that you ran something like $groups = Get-ADGroup -Filter * before the foreach loop, try this:
You might be able to consolidate that code even further, eliminating the call to Get-ADGroup. I’m not at home, so I can’t test this code yet, but you can try it:
Whereas modifying it to the below worked perfectly (it works with and with out specifying a variable in front of New-ADGroup i.e. $NewGroup = New-ADGroup ).