The specified group already exists, New-ADGroup

Welcome Forums General PowerShell Q&A The specified group already exists, New-ADGroup

This topic contains 2 replies, has 2 voices, and was last updated by

 
Participant
3 years, 8 months ago.

  • Author
    Posts
  • #25013

    Participant
    Points: 0
    Rank: Member

    Powershell Novice here

    Making a script to bulk add Global and Local groups. Importing info from .csv. The script will add the first group then error with "The Specified group already exists" on all other entries in file.

    Script:
    $filepath = Read-Host "Location of .csv file"
    $CreateTheseGroups = Import-Csv $filepath
    $CreateTheseGroups | New-ADGroup

    .csv content
    name,groupcategory,groupscope,path
    GG_Executives,security,global,"ou=groups,dc=dfslab,dc=local"
    GG_HumanResources,security,global,"ou=groups,dc=dfslab,dc=local"
    GG_OrderDesk,security,global,"ou=groups,dc=dfslab,dc=local"
    GG_SalesMarketing,security,global,"ou=groups,dc=dfslab,dc=local"
    GG_IT,security,global,"ou=groups,dc=dfslab,dc=local"
    GG_Shipping,security,global,"ou=groups,dc=dfslab,dc=local"
    DL_Executives_RO,security,domainlocal,"ou=groups,dc=dfslab,dc=local"
    DL_Executives_RW,security,domainlocal,"ou=groups,dc=dfslab,dc=local"
    DL_HumanResources_RO,security,domainlocal,"ou=groups,dc=dfslab,dc=local"
    DL_HumanResources_RW,security,domainlocal,"ou=groups,dc=dfslab,dc=local"

    Any suggestions?

    c.

  • #25014

    Participant
    Points: 0
    Rank: Member

    I got it, not sure why it had to be this way though

    $filepath = Read-Host "Location of .csv file"
    $CreateTheseGroups = Import-Csv $filepath |
    Select-Object name,groupcategory,groupscope,path,@{n="samaccountname";e={$_.name}} |
    New-ADGroup

    I had to specify a SamAccountName in addition to the Name. Any explanation for this would be appreciated.

    c.

  • #25017

    Participant
    Points: 438
    Helping Hand
    Rank: Contributor

    Are any of the groups larger than 20 characters? I assume what you posted was a example, but the documentation has this little snippet:

    To be compatible with older operating systems, create a SAM account name that is 20 characters or less. This parameter sets the SAMAccountName for an account object. The LDAP display name [ldapDisplayName] for this property is "sAMAccountName".

    It shows that SamAccountName is not mandatory. I tested...

    PS C:\Windows\System32\WindowsPowerShell\v1.0> New-ADGroup -Name "Test" -GroupCategory Security -GroupScope Global -WhatIf
    What if: Performing the operation "New" on target "CN=Test,CN=Users,DC=mydomain,DC=iap,DC=dom".
    
    PS C:\Windows\System32\WindowsPowerShell\v1.0> ("DL_HumanResources_RW").Length
    20
    
    PS C:\Windows\System32\WindowsPowerShell\v1.0> New-ADGroup -Name "Testdsfasdgasfgafdgadfhadfhsdthsdghdfh" -GroupCategory Security -GroupScope Global -WhatIf
    What if: Performing the operation "New" on target "CN=Testdsfasdgasfgafdgadfhadfhsdthsdghdfh,CN=Users,DC=mydomain,DC=iap,DC=dom".
    

    but it did not prompt for SamAccountName when I added more than 20 characters. The only think I can think is it is prompting for a SamAccountName if it's longer than 20 characters so you specify it versus just truncating it. Just a guess.

The topic ‘The specified group already exists, New-ADGroup’ is closed to new replies.