<#
.Synopsis
   Create AD group within ITD GROUPS OU
.DESCRIPTION
   Create Active Directory group within the ITD\ITD GROUPS OU, ability to add group members if needed
.EXAMPLE
   New-ITDADGroup -SamAccountName ITD-GROUP-1 -Description "Sales group"
.EXAMPLE
   New-ITDADGroup -SamAccountName ITD-GROUP-1 -Description "Sales group" -Members username1,username2,username3
#>
function New-ITDADGroup
{
    [CmdletBinding()]
    Param
    (
        [Parameter(Mandatory=$true)]
        [string]
        $SamAccountName,

        [Parameter(Mandatory=$true)]
        [string]
        $Description,

        [string[]]
        $Members,

        [PSCredential]
        $Credential
    )

    Begin
    {
        Write-Verbose "Validate credentials, stop script if invalid."
        If($Credential -eq "" -or $Credential -eq $null)
        {
            $Credential = Get-Credential -Message "Enter domain/OU administrator credentials.  User name must be entered as a SAMAccountName (DOMAIN\username) or as a User Principal Name (username@domain.com)" -UserName $Credential
            If($Credential -eq "" -or $Credential -eq $null)
            {
                Write-Warning "credentials missing - stopping script"
                break
            }
            If((Test-ADCredential -Credential $Credential -ErrorAction Stop) -eq $false)
            {
                Write-Warning "Invalid credentials or locked account."
                break
            }
        }

        Import-Module ActiveDirectory
    }
    Process
    {
        Write-Verbose "verify group object does not already exist, if it does, stop script"
        $groupexists = Get-ADGroup -Filter {sAMAccountName -eq $SamAccountName}
        If($groupexists)
        {
            Write-Warning "$SamAccountName already exists"
            break
        }
        
        Write-Verbose "fix description if needed"
        If($Description -like "*1120*")
        {
            Write-Verbose "no change to description"
        }
        Else
        {
            Write-Verbose "adding '1120 - ' to description"
            $Description = "1120 - " + $Description
        }

        $OUdestination = "OU=ITDGROUPS,OU=GROUPS,OU=ITD,DC=ND,DC=GOV"    
            
        Write-Verbose "create group in AD"
        New-ADGroup -Name $SamAccountName `
            -SamAccountName $SamAccountName `
            -Description $Description `
            -DisplayName $SamAccountName `
            -GroupScope Global `
            -GroupCategory Security `
            -Path $OUdestination `
            -Credential $Credential

        Write-Verbose "Adding group members if applicable"
        If($Members)
        {
            Add-ADGroupMember -Identity $SamAccountName -Members $Members -Credential $Credential
        }
    }
    End
    {
    }
}