Configuration driven Active Directory management.
Groups are the binding glue that allows effective permission delegation and message distribution service to actually work. This Component allows you to define your own groups but does not cover group membership assignments.
See the Group Membership Component for managing group memberships.
A sample group defined:
[
{
"Path": "OU=Groups,OU=Administration,%DomainDN%",
"Name": "Tier 1 Accounts",
"Description": "All Accounts operating at Tier 1",
"Scope": "Global"
}
]
This creates the “Tier 1 Accounts” global group under the specified OU.
Convert all groups to configuration:
Get-ADGroup -Filter * -Property Description | Select-PSFObject @{
Name = 'Path'
Expression = { $_.DistinguishedName -replace ',DC=.+$',',%DomainDN%' -replace '^.+?,' }
}, Name, "Description to string", 'GroupScope as Scope to String' | convertTo-Json
This parameter uses name resolution.
The name of the group.
This parameter uses name resolution.
The SamAccountName of the group. Defaults to the Name if not otherwise specified.
This parameter uses name resolution.
Path (distinguishedName) of the OU to place the group in.
This parameter uses name resolution.
Description of the group.
The scope of the group. Use DomainLocal for groups that grrant direct permissions and Global for role groups.
| Default: Security | Optional: yes |
Whether the group should be a security group or a distribution group.
Previous names the group used to have. By specifying this name, groups will be renamed if still using an old name. Conflicts may require resolving.
| Default: $true | Optional: yes |
Whether the group should exist. Set to $false for explicitly deleting groups, rather than creating them.
Group is tolerated if it exists, but will not be created if not.