Monday, October 27, 2008

Create Managed Distribution Groups through powershell

I recently had to create 85 managed groups; groups where users manage their memembership (instead of admins). I wrote a powershell script to create the groups, mail-enable them, set the managedby attribute, and associated AD permissions.

I created an csv with the following headings:
Alias , DisplayName, ManagedBy
*The ManagedBy field must contain a DN

Add-PSSnapin Quest.ActiveRoles.ADManagement
[array]$group_info = import-csv "C:\group_info.csv"
$group_info ForEach-Object {
$gname = $_.dispname
$gdesc = $gname
$gAlias = $_.Alias
$gsam = $gAlias
$gmanager = $_.managedby
$gmanager = "CN=De Las Heras\, Teo,CN=Users,DC=Company,DC=org"
#For Debugging, write out the variables (tab delimited)
# Write-Host $gname, `t,$gAlias, `t, $gmanager
$objOU = [ADSI]"OU=Groups,DC=Company,DC=ORG"
$gcn = "cn=" + $gname
$objGroup = $objOU.Create("group", $gcn)
$objGroup.Put("sAMAccountName", $gsam)
$objGroup.Put("groupType", "-2147483646")
$objGroup.Put("description", $gdesc)
$objGroup.Put("displayName", $gname)
$objGroup.Put("mailnickname", $gsam)
$objGroup.put("managedby", $gmanager)
add-qadpermission -service 'servername' $gname -Account 'Company\tdelasheras' -Rights 'WriteProperty' -Property 'Member'