We’ve all had to create a security group before, but why not standardize it.
First, what fields are mandatory and helpful for creating a security group? We will need these to create parameters to make sure they are always filled out.
- Security Group Name
- Display Name
- Description of Group
- Credential
Then we create the function parameters as below. If you notice the Mandatory and help message in there, these will require these parameters to be entered in before running as well as give help if someone is unsure of what needs to be entered.
#Create Security Group
#Change the OU path if necessary
[CmdletBinding()]
param (
[Parameter(Mandatory,HelpMessage='Name of Security Group')]
[string]$Name,
[Parameter(Mandatory,HelpMessage='Display Name of Security Group')]
[string]$DisplayName,
[Parameter(HelpMessage='Description of Security Group')]
[string]$Description,
[Parameter(Mandatory)]
[ValidateNotNull()]
[System.Management.Automation.PSCredential]
[System.Management.Automation.Credential()]
$Credential = [System.Management.Automation.PSCredential]::Empty
)Then we apply these parameters to our code
New-ADGroup -Name $Name -Credential $Credential -SamAccountName $Name -GroupCategory Security -GroupScope Global -DisplayName $DisplayName -Path "OU=Security Groups,DC=domain,DC=local" -Description $Description -ConfirmAs you can see I’ve hard coded the default OU Path, which you can easily change, or even create a variable for it too. Also you’ll notice that I put the “-Confirm” at the end, this will ask you again if you want to create it after you attempt to run it.
And that’s it! Now you can make sure you and your team always create AD Security Groups the same way. You can add more parameters if you like, check out the New-ADGroup Help for more info.