Author Posts

May 7, 2015 at 9:05 am

Powershell Novice here

Making a script to bulk add Global and Local groups. Importing info from .csv. The script will add the first group then error with "The Specified group already exists" on all other entries in file.

Script:
$filepath = Read-Host "Location of .csv file"
$CreateTheseGroups = Import-Csv $filepath
$CreateTheseGroups | New-ADGroup

.csv content
name,groupcategory,groupscope,path
GG_Executives,security,global,"ou=groups,dc=dfslab,dc=local"
GG_HumanResources,security,global,"ou=groups,dc=dfslab,dc=local"
GG_OrderDesk,security,global,"ou=groups,dc=dfslab,dc=local"
GG_SalesMarketing,security,global,"ou=groups,dc=dfslab,dc=local"
GG_IT,security,global,"ou=groups,dc=dfslab,dc=local"
GG_Shipping,security,global,"ou=groups,dc=dfslab,dc=local"
DL_Executives_RO,security,domainlocal,"ou=groups,dc=dfslab,dc=local"
DL_Executives_RW,security,domainlocal,"ou=groups,dc=dfslab,dc=local"
DL_HumanResources_RO,security,domainlocal,"ou=groups,dc=dfslab,dc=local"
DL_HumanResources_RW,security,domainlocal,"ou=groups,dc=dfslab,dc=local"

Any suggestions?

c.

May 7, 2015 at 9:41 am

I got it, not sure why it had to be this way though

$filepath = Read-Host "Location of .csv file"
$CreateTheseGroups = Import-Csv $filepath |
Select-Object name,groupcategory,groupscope,path,@{n="samaccountname";e={$_.name}} |
New-ADGroup

I had to specify a SamAccountName in addition to the Name. Any explanation for this would be appreciated.

c.

May 7, 2015 at 10:14 am

Are any of the groups larger than 20 characters? I assume what you posted was a example, but the documentation has this little snippet:

[i]To be compatible with older operating systems, create a SAM account name that is 20 characters or less. This parameter sets the SAMAccountName for an account object. The LDAP display name [ldapDisplayName] for this property is "sAMAccountName".[/i]

It shows that SamAccountName is not mandatory. I tested...

PS C:\Windows\System32\WindowsPowerShell\v1.0> New-ADGroup -Name "Test" -GroupCategory Security -GroupScope Global -WhatIf
What if: Performing the operation "New" on target "CN=Test,CN=Users,DC=mydomain,DC=iap,DC=dom".

PS C:\Windows\System32\WindowsPowerShell\v1.0> ("DL_HumanResources_RW").Length
20

PS C:\Windows\System32\WindowsPowerShell\v1.0> New-ADGroup -Name "Testdsfasdgasfgafdgadfhadfhsdthsdghdfh" -GroupCategory Security -GroupScope Global -WhatIf
What if: Performing the operation "New" on target "CN=Testdsfasdgasfgafdgadfhadfhsdthsdghdfh,CN=Users,DC=mydomain,DC=iap,DC=dom".

but it did not prompt for SamAccountName when I added more than 20 characters. The only think I can think is it is prompting for a SamAccountName if it's longer than 20 characters so you specify it versus just truncating it. Just a guess.