{"id":2638,"date":"2013-10-30T00:01:00","date_gmt":"2013-10-30T00:01:00","guid":{"rendered":"https:\/\/blogs.technet.microsoft.com\/heyscriptingguy\/2013\/10\/30\/building-a-demo-active-directory-part-3\/"},"modified":"2013-10-30T00:01:00","modified_gmt":"2013-10-30T00:01:00","slug":"building-a-demo-active-directory-part-3","status":"publish","type":"post","link":"https:\/\/devblogs.microsoft.com\/scripting\/building-a-demo-active-directory-part-3\/","title":{"rendered":"Building a Demo Active Directory: Part 3"},"content":{"rendered":"<p><strong>Summary<\/strong>: Create security groups in targeted organizational units in Active Directory.\n<img decoding=\"async\" src=\"https:\/\/devblogs.microsoft.com\/wp-content\/uploads\/sites\/29\/2019\/02\/q-for-powertip.jpg\" alt=\"Hey, Scripting Guy! Question\">&nbsp;Hey, Scripting Guy!\nI was wondering if you could please show me how to use Windows PowerShell to create some security groups inside a set of organizational units in Active Directory. Is it difficult?\n&mdash;DS\n<img decoding=\"async\" src=\"https:\/\/devblogs.microsoft.com\/wp-content\/uploads\/sites\/29\/2019\/02\/a-for-powertip.jpg\" alt=\"Hey, Scripting Guy! Answer\">&nbsp;Hello DS,\nHonorary Scripting Guy, Sean Kearney here, filling in for our good friend, Ed.\nTo catch up on the first parts in this series, please read:<\/p>\n<ul>\n<li><a href=\"http:\/\/blogs.technet.com\/b\/heyscriptingguy\/archive\/2013\/10\/28\/building-a-demo-active-directory-part-1.aspx\">Building a Demo Active Directory: Part 1<\/a><\/li>\n<li><a href=\"http:\/\/blogs.technet.com\/b\/heyscriptingguy\/archive\/2013\/10\/29\/building-a-demo-active-directory-part-2.aspx\">Building a Demo Active Directory: Part <\/a>2<\/li>\n<\/ul>\n<p>In Windows Server 2012&nbsp;R2 or Windows Server 2008 R2, creating security groups got far easier with built-in cmdlets for Active Directory. In Part 2 of this series, I introduced you to the <strong>New-ADOrganizationalUnit<\/strong> cmdlet. Today we&rsquo;re going to the see the <strong>New-ADGroup<\/strong> cmdlet in action!\nIn our demo Active Directory, our next task is to create some security groups. We&rsquo;re going to keep this simple and effective. We&rsquo;re going to place a security group that is based on the division and location in the final branch of each structure.\nLet&rsquo;s take a look at our variables for divisions and cities:<\/p>\n<p style=\"padding-left: 30px\">$CityOU=&rdquo;Tokyo&rdquo;,&rdquo;Redmond&rdquo;,&rdquo;Ottawa&rdquo;,&rdquo;Madrid&rdquo;,&rdquo;New Orleans&rdquo;,&rdquo;Queensland&rdquo;<\/p>\n<p style=\"padding-left: 30px\">$DivisionOU=&#8221;Sales&#8221;,&#8221;Marketing&#8221;,&#8221;HR&#8221;,&#8221;Finance&#8221;\nNow I&rsquo;m going to have each group based on the <strong>CityOU<\/strong> name and the <strong>DivisionOU<\/strong> name. We&rsquo;re going to concatenate each one, separated by a hyphen. We&rsquo;ll use a simple loop that will accomplish the following:<\/p>\n<ul>\n<li>Assign our current city to the variable <strong>$City<\/strong><\/li>\n<li>Assign our current division to the variable <strong>$Division<\/strong><\/li>\n<li>Build a group name by combining the city and division with no spaces and a hyphen separating them<\/li>\n<li>Populate the description of the group with similar details<\/li>\n<\/ul>\n<p>First we&rsquo;ll build the group name and ensure that any blank spaces are removed:<\/p>\n<p style=\"padding-left: 30px\">$GroupName=$City.replace(&#8221; &#8220;,&#8221;&#8221;)+&#8221;-&#8220;+$Division.replace(&#8221; &#8220;,&#8221;&#8221;)\nThen we build the group&rsquo;s description:<\/p>\n<p style=\"padding-left: 30px\">$GroupDescription=&#8221;$Division in $City Access Group&#8221;\nI plan on using this particular set of instructions later when I populate users based on city and division, so I&rsquo;m going to make this into a simple function:<\/p>\n<p style=\"padding-left: 30px\">Function GET-GroupInfo()<\/p>\n<p style=\"padding-left: 30px\">{<\/p>\n<p style=\"padding-left: 30px\">Param(<\/p>\n<p style=\"padding-left: 30px\">$City,<\/p>\n<p style=\"padding-left: 30px\">$Division<\/p>\n<p style=\"padding-left: 30px\">)<\/p>\n<p style=\"padding-left: 30px\">&nbsp;<\/p>\n<p style=\"padding-left: 30px\">$GroupName=$City.replace(&#8221; &#8220;,&#8221;&#8221;)+&#8221;-&#8220;+$Division.replace(&#8221; &#8220;,&#8221;&#8221;)<\/p>\n<p style=\"padding-left: 30px\">$GroupDescription=&#8221;$Division in $City Access Group&#8221;<\/p>\n<p style=\"padding-left: 30px\">&nbsp;<\/p>\n<p style=\"padding-left: 30px\"># Return the Results (This is a feature new to version 3)<\/p>\n<p style=\"padding-left: 30px\">[pscustomobject]@{Name=$Groupname;Description=$GroupDescription}<\/p>\n<p style=\"padding-left: 30px\">&nbsp;<\/p>\n<p style=\"padding-left: 30px\">}\nNow we&rsquo;ll take our original script to populate the organizational units and insert our new code to not only build a security group, but also populate it within targeted sections of our demo Active Directory environment:<\/p>\n<p style=\"padding-left: 30px\">$BaseOU=&rdquo;Offices&rdquo;<\/p>\n<p style=\"padding-left: 30px\">$CityOU=&rdquo;Tokyo&rdquo;,&rdquo;Redmond&rdquo;,&rdquo;Ottawa&rdquo;,&rdquo;Madrid&rdquo;,&rdquo;New Orleans&rdquo;,&rdquo;Queensland&rdquo;<\/p>\n<p style=\"padding-left: 30px\">$DivisionOU=&#8221;Sales&#8221;,&#8221;Marketing&#8221;,&#8221;HR&#8221;,&#8221;Finance&#8221;<\/p>\n<p style=\"padding-left: 30px\">&nbsp;<\/p>\n<p style=\"padding-left: 30px\">$Domain=&rdquo;DC=Contoso,DC=local&rdquo;<\/p>\n<p style=\"padding-left: 30px\">$CompanyPath=&#8221;OU=$BaseOU,&#8221;+$Domain<\/p>\n<p style=\"padding-left: 30px\">&nbsp;<\/p>\n<p style=\"padding-left: 30px\">NEW-ADOrganizationalUnit -name $BaseOU -path $Domain<\/p>\n<p style=\"padding-left: 30px\">&nbsp;<\/p>\n<p style=\"padding-left: 30px\"># Gather through list of Cities<\/p>\n<p style=\"padding-left: 30px\">Foreach ($City in $CityOU)<\/p>\n<p style=\"padding-left: 30px\">{<\/p>\n<p style=\"padding-left: 30px\"># Create OU for City<\/p>\n<p style=\"padding-left: 30px\">NEW-ADOrganizationalUnit -path $CompanyPath -name $City<\/p>\n<p style=\"padding-left: 30px\">&nbsp;<\/p>\n<p style=\"padding-left: 30px\"># Gather through list of Divisions<\/p>\n<p style=\"padding-left: 30px\">Foreach($Division in $DivisionOU)<\/p>\n<p style=\"padding-left: 30px\">&nbsp;<\/p>\n<p style=\"padding-left: 30px\">&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; {<\/p>\n<p style=\"padding-left: 30px\">&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; # Create Division within City<\/p>\n<p style=\"padding-left: 30px\">&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; NEW-ADOrganizationalUnit -path &#8220;OU=$City,$CompanyPath&#8221; -name $Division<\/p>\n<p style=\"padding-left: 30px\">&nbsp;<\/p>\n<p style=\"padding-left: 30px\">&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; # Create Group within Division and Description<\/p>\n<p style=\"padding-left: 30px\">&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; $GroupData=GET-GroupInfo -City $City -Division $Division<\/p>\n<p style=\"padding-left: 30px\">&nbsp;<\/p>\n<p style=\"padding-left: 30px\">$GroupName=$Groupdata.Name<\/p>\n<p style=\"padding-left: 30px\">$GroupDescription=$Groupdata.Description<\/p>\n<p style=\"padding-left: 30px\">&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;<\/p>\n<p style=\"padding-left: 30px\">NEW-ADGroup -name $GroupName -GroupScope Global -Description `<\/p>\n<p style=\"padding-left: 30px\">$GroupDescription &ndash;Path &#8220;OU=$Division,OU=$City,$CompanyPath&#8221;<\/p>\n<p style=\"padding-left: 30px\">&nbsp;<\/p>\n<p style=\"padding-left: 30px\">&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; }<\/p>\n<p style=\"padding-left: 30px\">}\nNeat, eh? So with some basic variables, we now have a now simple Active Directory structure with built-in security groups! Next, I think we might need some users. For that, pop-in tomorrow when I will show you how with only 15 male and female names, I can build as large a demo environment as you could ever want in Active Directory!\nSee you tomorrow!\nI invite you to follow the Scripting Guys on <a href=\"http:\/\/bit.ly\/scriptingguystwitter\" target=\"_blank\">Twitter<\/a> and <a href=\"http:\/\/bit.ly\/scriptingguysfacebook\" target=\"_blank\">Facebook<\/a>. If you have any questions, send email to <a href=\"http:\/\/blogs.technet.commailto:scripter@microsoft.com\" target=\"_blank\">scripter@microsoft.com<\/a>, or post your questions on the <a href=\"http:\/\/bit.ly\/scriptingforum\" target=\"_blank\">Official Scripting Guys Forum<\/a>. See you tomorrow. Until then, peace.\n<strong>Sean Kearney<\/strong>, Honorary Scripting Guy andWindows PowerShell MVP<\/p>\n","protected":false},"excerpt":{"rendered":"<p>Summary: Create security groups in targeted organizational units in Active Directory. &nbsp;Hey, Scripting Guy! I was wondering if you could please show me how to use Windows PowerShell to create some security groups inside a set of organizational units in Active Directory. Is it difficult? &mdash;DS &nbsp;Hello DS, Honorary Scripting Guy, Sean Kearney here, filling [&hellip;]<\/p>\n","protected":false},"author":596,"featured_media":87096,"comment_status":"open","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"_acf_changed":false,"footnotes":""},"categories":[1],"tags":[7,56,3,154,100],"class_list":["post-2638","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-scripting","tag-active-directory","tag-guest-blogger","tag-scripting-guy","tag-sean-kearney","tag-windows-powershell-ise"],"acf":[],"blog_post_summary":"<p>Summary: Create security groups in targeted organizational units in Active Directory. &nbsp;Hey, Scripting Guy! I was wondering if you could please show me how to use Windows PowerShell to create some security groups inside a set of organizational units in Active Directory. Is it difficult? &mdash;DS &nbsp;Hello DS, Honorary Scripting Guy, Sean Kearney here, filling [&hellip;]<\/p>\n","_links":{"self":[{"href":"https:\/\/devblogs.microsoft.com\/scripting\/wp-json\/wp\/v2\/posts\/2638","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/devblogs.microsoft.com\/scripting\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/devblogs.microsoft.com\/scripting\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/devblogs.microsoft.com\/scripting\/wp-json\/wp\/v2\/users\/596"}],"replies":[{"embeddable":true,"href":"https:\/\/devblogs.microsoft.com\/scripting\/wp-json\/wp\/v2\/comments?post=2638"}],"version-history":[{"count":0,"href":"https:\/\/devblogs.microsoft.com\/scripting\/wp-json\/wp\/v2\/posts\/2638\/revisions"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/devblogs.microsoft.com\/scripting\/wp-json\/wp\/v2\/media\/87096"}],"wp:attachment":[{"href":"https:\/\/devblogs.microsoft.com\/scripting\/wp-json\/wp\/v2\/media?parent=2638"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/devblogs.microsoft.com\/scripting\/wp-json\/wp\/v2\/categories?post=2638"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/devblogs.microsoft.com\/scripting\/wp-json\/wp\/v2\/tags?post=2638"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}