Creating a Group in Active-Directory on Windows 2008 Server Core R2

We can create Groups in Active-Directory through PowerShell. Step one is to make a connection to the OU where you want to place your Group. In this example I’ll use the OU that i created in a previous post.


PS > $Connection = "LDAP://OU=NewOU,DC=BPA,DC=CORP"
PS > $OU = [adsi] $Connection
PS > $OU


distinguishedName : {OU=NewOU,DC=APA,DC=CORP}
Path              : LDAP://OU=NewOU,DC=APA,DC=CORP

Next, we use the Create() method to create a New Group.


PS > $Group = $OU.Create("Group", "CN=NewGroup")
PS > $Group.setinfo()

If we look at the group through the MMC snapin.

servercore-05

It’s also possible to retrieve detailed information if we pipe the object to the Format-List CmdLet.


PS > $Group | Format-List *


objectClass           : {top, group}
cn                    : {NewGroup}
distinguishedName     : {CN=NewGroup,OU=NewOU,DC=APA,DC=CORP}
instanceType          : {4}
whenCreated           : {1/17/2009 7:45:09 AM}
whenChanged           : {1/17/2009 7:45:09 AM}
uSNCreated            : {System.__ComObject}
uSNChanged            : {System.__ComObject}
name                  : {NewGroup}
objectGUID            : {54 186 37 137 40 211 36 68 191 63 127 148 134 182 116
                        2}
objectSid             : {1 5 0 0 0 0 0 5 21 0 0 0 171 166 141 168 63 138 126 92
                         158 59 183 83 80 4 0 0}
sAMAccountName        : {$G21000-VS2BCS6RM3JL}
sAMAccountType        : {268435456}
groupType             : {-2147483646}
objectCategory        : {CN=Group,CN=Schema,CN=Configuration,DC=APA,DC=CORP}
dSCorePropagationData : {1/1/1601 12:00:00 AM}
nTSecurityDescriptor  : {System.__ComObject}
AuthenticationType    : Secure
Children              : {}
Guid                  : 36ba258928d32444bf3f7f9486b67402
ObjectSecurity        : System.DirectoryServices.ActiveDirectorySecurity
NativeGuid            : 36ba258928d32444bf3f7f9486b67402
NativeObject          : System.__ComObject
Parent                : LDAP://Server1/OU=NewOU,DC=APA,DC=CORP
Password              :
Path                  : LDAP://Server1/CN=NewGroup,OU=NewOU,DC=APA,DC=CORP
Properties            : {objectClass, cn, distinguishedName, instanceType...}
SchemaClassName       : Group
SchemaEntry           : System.DirectoryServices.DirectoryEntry
UsePropertyCache      : True
Username              :
Options               : {}
Site                  :
Container             :

If we inspect the returned information above, sAMAccountName looks a little funny, changing that is simple through PowerShell.


PS > $Connection = "LDAP://Server1/CN=NewGroup,OU=NewOU,DC=APA,DC=CORP"
PS > $Group = [adsi] $Connection

PS > $Group.put("sAMAccountName", ”NewGroup")
PS > $Group.SetInfo()

PS > $Group.sAMAccountName

NewGroup

It’s also possible to change the property directly as shown below.


PS > $Group.sAMAccountName = "Another Name"
PS > $Group.SetInfo()

Below is the code used in this post


$Connection = "LDAP://OU=NewOU,DC=APA,DC=CORP"
$OU = [adsi] $Connection

$Group = $OU.Create("Group", "CN=NewGroup")
$Group.setinfo()

$Connection = "LDAP://Server1/CN=NewGroup,OU=NewOU,DC=APA,DC=CORP"

$Group = [adsi] $Connection
$Group.put("sAMAccountName", ”NewGroup")
$Group.SetInfo()

$Group.sAMAccountName = "Another Name"
$Group.SetInfo()

Rating 4.00 out of 5
[?]

Leave a Reply

Your email address will not be published. Required fields are marked *

You may use these HTML tags and attributes: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <strike> <strong>

Anti-Spam Protection by WP-SpamFree