Author Posts

September 10, 2018 at 1:39 pm

I am attempting to write a script that will create OU's for each new customer my company gets, and thus each customer OU needs to be a part of specific Security Groups. Is there any way to script this? I have been trying for a few days with no success.

September 10, 2018 at 11:34 pm

Is there any way to script this?

There's almost always a way. 😉 😀
You might show what you have so far and we'll try to improve it. We don't like to deliver productive code on request for free. 😉 😉

September 11, 2018 at 8:18 am

Of course, I am however new to scripting so it's not the most clean code. What I am trying to do is add the last two groups I have made to the OU made at the start of the script.

$MPID = Read-Host -Prompt "Input the company's MPID"

$Company = Read-Host -Prompt "Input the company's full name"

$OUName = "$MPID ($Company)"

$CSVLocation = "C:\Users\ben.wilson.admin\Documents\Scripts\Resources\New-ADHostingUser"

$OUCSVLocation = "$CSVLocation\OU.csv"

$MPIDCSVLocation = "$CSVLocation\MPIDs.csv"

$DomainName = (Get-AdDomain).DistinguishedName

$Location = "OU=Customers,OU=Hosting,$DomainName"

$GroupLocation= "OU=Groups,OU=$OUName,$Location"

$AddGroup = "CN=$OUName,$Location"

Add-content "$OUCSVLocation" "$OUName"

Add-Content "$MPIDCSVLocation" "$MPID"

 

##OU

 

New-ADOrganizationalUnit -Name "$OUName" -Path "$Location" -ProtectedFromAccidentalDeletion $false

New-ADOrganizationalUnit -Name "Computers" -Path "OU=$OUName,$Location" -ProtectedFromAccidentalDeletion $false

New-ADOrganizationalUnit -Name "FTP Users" -Path "OU=$OUName,$Location" -ProtectedFromAccidentalDeletion $false

New-ADOrganizationalUnit -Name "Groups" -Path "OU=$OUName,$Location" -ProtectedFromAccidentalDeletion $false

New-ADOrganizationalUnit -Name "Service" -Path "OU=$OUName,$Location" -ProtectedFromAccidentalDeletion $false

New-ADOrganizationalUnit -Name "Users" -Path "OU=$OUName,$Location" -ProtectedFromAccidentalDeletion $false

 

##Group

$GroupName = "$MPID Shared Access (Read-Write)"

New-ADGroup -Name "$GroupName" -GroupCategory Security -GroupScope DomainLocal -DisplayName "$GroupName" -Path "$GroupLocation"

$GroupName = "$MPID Shared Access (Read-Only)"

New-ADGroup -Name "$GroupName" -GroupCategory Security -GroupScope DomainLocal -DisplayName "$GroupName" -Path "$GroupLocation"

$GroupName = "$MPID FTP Users"

New-ADGroup -Name "$GroupName" -GroupCategory Security -GroupScope Global -DisplayName "$GroupName" -Path "$GroupLocation"

$GroupName = "$MPID FTP Folder Access (Read-Write)"

New-ADGroup -Name "$GroupName" -GroupCategory Security -GroupScope DomainLocal -DisplayName "$GroupName" -Path "$GroupLocation"

$GroupName = "$MPID Data Share Access (Read-Write)"

New-ADGroup -Name "$GroupName" -GroupCategory Security -GroupScope DomainLocal -DisplayName "$GroupName" -Path "$GroupLocation"

$GroupName = "$MPID Data Share Access (Read-Only)"

New-ADGroup -Name "$GroupName" -GroupCategory Security -GroupScope DomainLocal -DisplayName "$GroupName" -Path "$GroupLocation"

$GroupName = "$MPID Customer Users"

New-ADGroup -Name "$GroupName" -GroupCategory Security -GroupScope Global -DisplayName "$GroupName" -Path "$GroupLocation"

$GroupName = "$MPID Billing Share Access"

New-ADGroup -Name "$GroupName" -GroupCategory Security -GroupScope DomainLocal -DisplayName "$GroupName" -Path "$GroupLocation"

$GroupName = "$MPID All Users"

New-ADGroup -Name "$GroupName" -GroupCategory Security -GroupScope DomainLocal -DisplayName "$GroupName" -Path "$GroupLocation"

$GroupName = "$MPID All Computers"

New-ADGroup -Name "$GroupName" -GroupCategory Security -GroupScope Global -DisplayName "$GroupName" -Path "$GroupLocation"

September 11, 2018 at 9:12 am

Please edit your post again and format the code as code. This way it is hard to read and hard to copy because there are unwanted line breaks.
Thanks
(You use the "pre" buttons in the edit bar to format code as code here in the forum)

September 11, 2018 at 9:48 am

Sorry, it's my first time using a forum for code.

$MPID = Read-Host -Prompt "Input the company's MPID"
$Company = Read-Host -Prompt "Input the company's full name"
$OUName = "$MPID ($Company)"
$CSVLocation = "C:\Users\ben.wilson.admin\Documents\Scripts\Resources\New-ADHostingUser"
$OUCSVLocation = "$CSVLocation\OU.csv"
$MPIDCSVLocation = "$CSVLocation\MPIDs.csv"
$DomainName = (Get-AdDomain).DistinguishedName
$Location = "OU=Customers,OU=Hosting,$DomainName"
$GroupLocation= "OU=Groups,OU=$OUName,$Location"
$AddGroup = "CN=$OUName,$Location"
Add-content "$OUCSVLocation" "$OUName"
Add-Content "$MPIDCSVLocation" "$MPID"

##OU

New-ADOrganizationalUnit -Name "$OUName" -Path "$Location" -ProtectedFromAccidentalDeletion $false
New-ADOrganizationalUnit -Name "Computers" -Path "OU=$OUName,$Location" -ProtectedFromAccidentalDeletion $false
New-ADOrganizationalUnit -Name "FTP Users" -Path "OU=$OUName,$Location" -ProtectedFromAccidentalDeletion $false
New-ADOrganizationalUnit -Name "Groups" -Path "OU=$OUName,$Location" -ProtectedFromAccidentalDeletion $false
New-ADOrganizationalUnit -Name "Service" -Path "OU=$OUName,$Location" -ProtectedFromAccidentalDeletion $false
New-ADOrganizationalUnit -Name "Users" -Path "OU=$OUName,$Location" -ProtectedFromAccidentalDeletion $false

##Group
$GroupName = "$MPID Shared Access (Read-Write)"
New-ADGroup -Name "$GroupName" -GroupCategory Security -GroupScope DomainLocal -DisplayName "$GroupName" -Path "$GroupLocation"
$GroupName = "$MPID Shared Access (Read-Only)"
New-ADGroup -Name "$GroupName" -GroupCategory Security -GroupScope DomainLocal -DisplayName "$GroupName" -Path "$GroupLocation"
$GroupName = "$MPID FTP Users"
New-ADGroup -Name "$GroupName" -GroupCategory Security -GroupScope Global -DisplayName "$GroupName" -Path "$GroupLocation"
$GroupName = "$MPID FTP Folder Access (Read-Write)"
New-ADGroup -Name "$GroupName" -GroupCategory Security -GroupScope DomainLocal -DisplayName "$GroupName" -Path "$GroupLocation"
$GroupName = "$MPID Data Share Access (Read-Write)"
New-ADGroup -Name "$GroupName" -GroupCategory Security -GroupScope DomainLocal -DisplayName "$GroupName" -Path "$GroupLocation"
$GroupName = "$MPID Data Share Access (Read-Only)"
New-ADGroup -Name "$GroupName" -GroupCategory Security -GroupScope DomainLocal -DisplayName "$GroupName" -Path "$GroupLocation"
$GroupName = "$MPID Customer Users"
New-ADGroup -Name "$GroupName" -GroupCategory Security -GroupScope Global -DisplayName "$GroupName" -Path "$GroupLocation"
$GroupName = "$MPID Billing Share Access"
New-ADGroup -Name "$GroupName" -GroupCategory Security -GroupScope DomainLocal -DisplayName "$GroupName" -Path "$GroupLocation"
$GroupName = "$MPID All Users"
New-ADGroup -Name "$GroupName" -GroupCategory Security -GroupScope DomainLocal -DisplayName "$GroupName" -Path "$GroupLocation"
$GroupName = "$MPID All Computers"
New-ADGroup -Name "$GroupName" -GroupCategory Security -GroupScope Global -DisplayName "$GroupName" -Path "$GroupLocation"

September 11, 2018 at 1:27 pm

So from the code you have posted, it looks like you are creating a parent OU, and then creating child OUs for Computers, FTP Users, Groups, Service, Users. Then you create new security groups of various scope.

From what I can see – the piece that is missing is — adding members to the group. Your original post states:

each customer OU needs to be a part of specific Security Groups

The code you have posted above does not deal with any group membership assignments.

Add-ADGroupMember

is probably what you are looking for. But with the given example / description, it isn't clear where you are stuck?

September 11, 2018 at 1:57 pm

Sorry i meant to mention, I actually left out that line of code as it wasn't working. I am trying to add the last 2 groups I have made to the parent OU. Should have been more clear.

September 11, 2018 at 2:35 pm

So you need to add the "MPID All Users" and MPID All Computers" groups to that parent OU's ACL?

September 11, 2018 at 2:58 pm

I think the part that I am confused by in your original post is that you need "each customer OU needs to be part of specific security groups" — you can't add OUs to security groups. Are you talking about shadow groups? Or are you talking about OU permissions with ACL as @matt-howard mentioned?

September 11, 2018 at 2:59 pm

I would assume ACL, I am new to scripting so these terms are all new too.

September 11, 2018 at 3:01 pm

Well – if you weren't scripting this — how would you accomplish this task? Adding users to a group? Modifying the permission of the OU?