The specified group already exists, New-ADGroup

This topic contains 2 replies, has 2 voices, and was last updated by  Rob Simmers 2 years, 7 months ago.

  • Author
    Posts
  • #25013

    Chris Ediger
    Participant

    Powershell Novice here

    Making a script to bulk add Global and Local groups. Importing info from .csv. The script will add the first group then error with "The Specified group already exists" on all other entries in file.

    Script:
    $filepath = Read-Host "Location of .csv file"
    $CreateTheseGroups = Import-Csv $filepath
    $CreateTheseGroups | New-ADGroup

    .csv content
    name,groupcategory,groupscope,path
    GG_Executives,security,global,"ou=groups,dc=dfslab,dc=local"
    GG_HumanResources,security,global,"ou=groups,dc=dfslab,dc=local"
    GG_OrderDesk,security,global,"ou=groups,dc=dfslab,dc=local"
    GG_SalesMarketing,security,global,"ou=groups,dc=dfslab,dc=local"
    GG_IT,security,global,"ou=groups,dc=dfslab,dc=local"
    GG_Shipping,security,global,"ou=groups,dc=dfslab,dc=local"
    DL_Executives_RO,security,domainlocal,"ou=groups,dc=dfslab,dc=local"
    DL_Executives_RW,security,domainlocal,"ou=groups,dc=dfslab,dc=local"
    DL_HumanResources_RO,security,domainlocal,"ou=groups,dc=dfslab,dc=local"
    DL_HumanResources_RW,security,domainlocal,"ou=groups,dc=dfslab,dc=local"

    Any suggestions?

    c.

  • #25014

    Chris Ediger
    Participant

    I got it, not sure why it had to be this way though

    $filepath = Read-Host "Location of .csv file"
    $CreateTheseGroups = Import-Csv $filepath |
    Select-Object name,groupcategory,groupscope,path,@{n="samaccountname";e={$_.name}} |
    New-ADGroup

    I had to specify a SamAccountName in addition to the Name. Any explanation for this would be appreciated.

    c.

  • #25017

    Rob Simmers
    Participant

    Are any of the groups larger than 20 characters? I assume what you posted was a example, but the documentation has this little snippet:

    [i]To be compatible with older operating systems, create a SAM account name that is 20 characters or less. This parameter sets the SAMAccountName for an account object. The LDAP display name [ldapDisplayName] for this property is "sAMAccountName".[/i]

    It shows that SamAccountName is not mandatory. I tested...

    PS C:\Windows\System32\WindowsPowerShell\v1.0> New-ADGroup -Name "Test" -GroupCategory Security -GroupScope Global -WhatIf
    What if: Performing the operation "New" on target "CN=Test,CN=Users,DC=mydomain,DC=iap,DC=dom".
    
    PS C:\Windows\System32\WindowsPowerShell\v1.0> ("DL_HumanResources_RW").Length
    20
    
    PS C:\Windows\System32\WindowsPowerShell\v1.0> New-ADGroup -Name "Testdsfasdgasfgafdgadfhadfhsdthsdghdfh" -GroupCategory Security -GroupScope Global -WhatIf
    What if: Performing the operation "New" on target "CN=Testdsfasdgasfgafdgadfhadfhsdthsdghdfh,CN=Users,DC=mydomain,DC=iap,DC=dom".
    

    but it did not prompt for SamAccountName when I added more than 20 characters. The only think I can think is it is prompting for a SamAccountName if it's longer than 20 characters so you specify it versus just truncating it. Just a guess.

You must be logged in to reply to this topic.