PowerShell: Create new Active Directory groups, change group membership

The following script helps you to:

  1. Import Active Directory groups and their descriptions from a CSV file;
  2. Create Active Directory Groups and add Description
  3. If the Group is flagged (Yes or No), it will be added to another group (e.g. User groups –> Application provisioning group)

Excel view:

AD Group Name AD Group Description Add to Group
ROLE-G-APPLICATION-Users Application Users NO
ROLE-G-APPLICATION-PowerUsers Application Power Users YES
ROLE-G-APPLICATION-Administrators Application Administrators YES

CSV file:

AD Group Name,AD Group Description,Add to Group
ROLE-G-APPLICATION-Users,Application Users,NO
ROLE-G-APPLICATION-PowerUsers,Application Power Users,YES
ROLE-G-APPLICATION-Administrators,Application Administrators,YES

The script:

# Prompts you for Domain Admin like credentials
$LoginPassword = Get-Credential

# Imports groups and description list from CSV file
$groups = Import-CSV "D:groups.csv"    

foreach ($item in $groups) {
# Map variables from CSV
$group = $item.'AD Group Name'
$description = $item.'AD Group Description'
# Creates Active Directory Group
New-ADGroup –name $group –groupscope Global -Description $description –path “OU=Application,OU=Groups,DC=internal,DC=vstrong,DC=info” -Credential $LoginPassword
# Adds newly created group to existing group
if ($item.'Add to Group' -eq "YES")
{Add-ADGroupMember APP-APPLICATION-Publish -Members $group -Credential $LoginPassword}

I hope you will find this useful.

Leave a Reply

You can use these HTML tags

<a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <s> <strike> <strong>




This site uses Akismet to reduce spam. Learn how your comment data is processed.