Create distribution groups in ad with loop script...

This topic contains 5 replies, has 2 voices, and was last updated by Profile photo of Matt Howard Matt Howard 7 months, 3 weeks ago.

Viewing 6 posts - 1 through 6 (of 6 total)
  • Author
    Posts
  • #34638
    Profile photo of Jesper Kristensen
    Jesper Kristensen
    Participant

    Hi Guys

    I am new to Powershell, so bare with me. 🙂

    I have an OU with approx. 40-50 global Security Groups. These should actually have been distribution Groups instead!! Don't ffel like changing this manually and thought I would give myself an interesting little Powershell task to Work on. But I am stuck...

    I am trying to create a script to copy (not convert) these existing Security Groups to new Distribution Groups with similar names. (not covert, because we use these separately. Security Groups for shares and DL's for mail. I read that converting COULD cause issues later on in AD).
    I cannot seem to "extract" the Security Group names and create a new DL with the same name (in a different OU). I tried a ton of things collected from various Forums, but cannot make it Work. I haven't gotten to the part where I copy members from the SG's to the DL's yet, but feel free to help me out with that too if possible. 🙂

    Current "script":

    $name = Get-ADGroup -Filter {GroupCategory -eq 'Security'} -SearchBase 'OU=Test,OU=Groups,OU=DK,OU=Common Resources,DC=DOMAIN,DC=com' | Select -Property Name | Out-String

    **at this point typing: $name – outputs the correct names of the three SG's in my test Group **

    Foreach ($n in $name) {New-ADGroup -Name $_.name -GroupCategory Distribution -GroupScope Global -Path 'OU=Test2,OU=Groups,OU=DK,OU=Common Resources,DC=DOMAIN,DC=com'}

    ** here I am Getting the error:
    New-ADGroup : Cannot validate argument on parameter 'Name'. The argument is null or empty. Provide an argument that is not null or empty, and then try the command again.
    At line:1 char:42
    + Foreach ($n in $name) {New-ADGroup -Name $_.name -GroupCategory Distribution -Gr ...
    + ~~~~~~~
    + CategoryInfo : InvalidData: (:) [New-ADGroup], ParameterBindingValidationException
    + FullyQualifiedErrorId : ParameterArgumentValidationError,Microsoft.ActiveDirectory.Management.Commands.NewADGroup

    I have seen other errors for the other things I have tried, among those something regarding: Cannot convert'System.Object[]' to the type 'System.String' Required for parameter 'name', which is why I added the Out-String command to the $name variable

    Any help will be greatly appreciated. 🙂

    Best Regards, Jesper

    I

    #34642
    Profile photo of Matt Howard
    Matt Howard
    Participant

    Jesper–On your New-ADGroup statement within the foreach, change the value you set on the Name parameter from $_.name to $n. It should look like this:

    Foreach ($n in $name) {New-ADGroup -Name $n -GroupCategory Distribution -GroupScope Global -Path 'OU=Test2,OU=Groups,OU=DK,OU=Common Resources,DC=DOMAIN,DC=com'}

    The $_.name would make more sense if you were piping the the AD group objects to New-ADGroup. The $name array only contains the names of the groups, not the group objects, if that makes sense. You will also need to change the group names. Even though they are different group types, you cannot have two objects with the same name.

    Hope that helps!
    –Matt

    #34643
    Profile photo of Matt Howard
    Matt Howard
    Participant

    try this:

    #34700
    Profile photo of Jesper Kristensen
    Jesper Kristensen
    Participant

    Hi Matt.
    I suspected it was something fairly easy (for you).
    ...and ofcourse I can see what you mean now . Doing it my way, I already "extracted" the name property and cannot extract $_.name from that.
    I just might get the hang of this Powershell thing in time. 🙂

    Thank you so much for your help.

    Best Regards, Jesper

    #34703
    Profile photo of Jesper Kristensen
    Jesper Kristensen
    Participant

    Hi Again Matt and others

    Matts few lines (above) worked fine. BUT I also need to copy users from the old SG to the new DL. I have been trying different approaches these past hours, but...
    Allthough being a complete noob, I still have a preference for "less is better" and was hoping to achieve the above result with not too much extra code.

    Why won't this work?:

    $Path = "OU=Test,OU=Groups,OU=DK,OU=Common Resources,DC=DOMAIN,DC=com"

    # Get all security groups from the Test OU and pipe to ForEach-Object
    $name = Get-ADGroup -Filter {GroupCategory -eq 'Security'} -SearchBase $Path

    # For each security group, create a new distribution group based on the security group object, overwriting category, and setting new path AND copy users from old to new Group

    $name | ForEach-Object { New-ADGroup -Instance $_ -Name ($_.Name + "-DL") -GroupScope Global -GroupCategory Distribution -Path $Path} |
    Add-ADGroupMember -Members (Get-ADGroupMember -Identity $name)

    Getting error:
    Get-ADGroupMember : Cannot convert 'System.Object[]' to the type 'Microsoft.ActiveDirectory.Management.ADGroup' required by parameter 'Identity'. Specified method is not supported.
    At line:8 char:57
    + Add-ADGroupMember -Members (Get-ADGroupMember -Identity $name)
    + ~~~~~
    + CategoryInfo : InvalidArgument: (:) [Get-ADGroupMember], ParameterBindingException
    + FullyQualifiedErrorId : CannotConvertArgument,Microsoft.ActiveDirectory.Management.Commands.GetADGroupMember

    Again, I am very grateful for any help. 🙂

    Best Regards, Jesper

    #35148
    Profile photo of Matt Howard
    Matt Howard
    Participant

    Hi Jesper–
    You almost have it, if you modify the foreach-object loop, you'll have it. Add -PassThru at the end of your New-ADGroup line, then change the identity value in Get-ADGroupMember to $_.Name

    Updated the code:

Viewing 6 posts - 1 through 6 (of 6 total)

You must be logged in to reply to this topic.