update

2026-04-15 15:45:50 -05:00
commit 1d304511b8
613 changed files with 140998 additions and 0 deletions
@@ -0,0 +1,93 @@
+<#
+.Synopsis
+   Create AD group within ITD GROUPS OU
+.DESCRIPTION
+   Create Active Directory group within the ITD\ITD GROUPS OU, ability to add group members if needed
+.EXAMPLE
+   New-ITDADGroup -SamAccountName ITD-GROUP-1 -Description "Sales group"
+.EXAMPLE
+   New-ITDADGroup -SamAccountName ITD-GROUP-1 -Description "Sales group" -Members username1,username2,username3
+#>
+function New-ITDADGroup
+{
+    [CmdletBinding()]
+    Param
+    (
+        [Parameter(Mandatory=$true)]
+        [string]
+        $SamAccountName,
+
+        [Parameter(Mandatory=$true)]
+        [string]
+        $Description,
+
+        [string[]]
+        $Members,
+
+        [PSCredential]
+        $Credential
+    )
+
+    Begin
+    {
+        Write-Verbose "Validate credentials, stop script if invalid."
+        If($Credential -eq "" -or $Credential -eq $null)
+        {
+            $Credential = Get-Credential -Message "Enter domain/OU administrator credentials.  User name must be entered as a SAMAccountName (DOMAIN\username) or as a User Principal Name (username@domain.com)" -UserName $Credential
+            If($Credential -eq "" -or $Credential -eq $null)
+            {
+                Write-Warning "credentials missing - stopping script"
+                break
+            }
+            If((Test-ADCredential -Credential $Credential -ErrorAction Stop) -eq $false)
+            {
+                Write-Warning "Invalid credentials or locked account."
+                break
+            }
+        }
+
+        Import-Module ActiveDirectory
+    }
+    Process
+    {
+        Write-Verbose "verify group object does not already exist, if it does, stop script"
+        $groupexists = Get-ADGroup -Filter {sAMAccountName -eq $SamAccountName}
+        If($groupexists)
+        {
+            Write-Warning "$SamAccountName already exists"
+            break
+        }
+        
+        Write-Verbose "fix description if needed"
+        If($Description -like "*1120*")
+        {
+            Write-Verbose "no change to description"
+        }
+        Else
+        {
+            Write-Verbose "adding '1120 - ' to description"
+            $Description = "1120 - " + $Description
+        }
+
+        $OUdestination = "OU=ITDGROUPS,OU=GROUPS,OU=ITD,DC=ND,DC=GOV"    
+            
+        Write-Verbose "create group in AD"
+        New-ADGroup -Name $SamAccountName `
+            -SamAccountName $SamAccountName `
+            -Description $Description `
+            -DisplayName $SamAccountName `
+            -GroupScope Global `
+            -GroupCategory Security `
+            -Path $OUdestination `
+            -Credential $Credential
+
+        Write-Verbose "Adding group members if applicable"
+        If($Members)
+        {
+            Add-ADGroupMember -Identity $SamAccountName -Members $Members -Credential $Credential
+        }
+    }
+    End
+    {
+    }
+}