Adds a group object to an Active Directory domain.
Add-DRAGroup -GroupScope <String> -GroupType <String> [-DynamicFilterIncludeChildren <SwitchParameter>] [-DynamicFilterLDAPQuery <String>] [-DynamicFilterRootContainer <String>] -Properties <Hashtable> -Domain <String> [-DRARestServer <String>] [-DRARestPort <Int32>] [-IgnoreCertificateErrors <SwitchParameter>] [-Force <SwitchParameter>] [-Timeout <Int32>] [<CommonParameters>]
The Add-DRAGroup cmdlet adds a group object to a domain managed by DRA. The requesting user must have the Create Group power. You can create a traditional group where you add each member individually or you can create a dynamic group whose membership is determined by a filter. See the examples for more information. To see the complete list of available properties, perform a Get-Member command on the object returned from any DRAGroup command.
Attribute / Description |
Parameters / Values |
||||
---|---|---|---|---|---|
Required |
Position |
Default Value |
Accept Pipeline input? |
Accept wildcard characters? |
|
GroupScope <String> Specifies the Active Directory scope of the group you are adding. Valid values are Domain local, Global, or Universal. |
true |
named |
true (ByPropertyName) |
false |
|
GroupType <String> Specifies the Active Directory type of the group you are adding. Valid values are Distribution or Security. |
true |
named |
true (ByPropertyName) |
false |
|
DynamicFilterIncludeChildren [<SwitchParameter>] Allows the request to bypass any SSL certificate errors, such as the InvalidOperation error that occurs when the REST Service is bound to a self-signed certificate. |
true |
named |
false |
false |
|
DynamicFilterLDAPQuery [<String>] Allows the request to bypass any SSL certificate errors, such as the InvalidOperation error that occurs when the REST Service is bound to a self-signed certificate. |
true |
named |
false |
false |
|
DynamicFilterRootContainer [<String>] Allows the request to bypass any SSL certificate errors, such as the InvalidOperation error that occurs when the REST Service is bound to a self-signed certificate. |
true |
named |
false |
false |
|
Properties <Hashtable> A hashtable of property values. The key is the name of a defined attribute in the REST interface. For example: -Properties @{Attribute1DRADisplayName="my value"; Attribute2DRADisplayName=value} Multiple values are specified as a comma-separated list.For example: -Properties @{Attribute1DRADisplayName=value1, value2} If the property name contains non-alphanumeric characters it needs to be quoted.For example: -Properties @{"Attribute1-DRA-DisplayName"=value} If the property value contains a quote it needs to be escaped with a backtick (`).For example: -Properties @{Attribute1DRADisplayName="`"sample`" value"} |
true |
named |
|
true (ByPropertyName) |
false |
Identifier <String> The name or distinguished name of an existing Active Directory object. When the name is specified, an additional call to the DRA Server is needed to obtain the distinguished name for the object. |
true |
named |
true (ByPropertyName) |
false |
|
Domain <String> The domain of the object in fqdn format. For example: mydomain.corp |
true |
named |
|
true (ByPropertyName) |
false |
DRARestServer [<String>] The name of the computer running the DRA Rest Service. The requested DRA operation will execute on this server. If the parameter is not specified, the value defaults to 'localhost'. |
false |
named |
|
true (ByPropertyName |
false |
DRARestPort [<Int32>] The port where the DRA REST Service listens for requests. If the parameter is not specified, the value defaults to 8755. |
false |
named |
8755 |
true (ByPropertyName |
false |
IgnoreCertificateErrors [<SwitchParameter>] Allows the request to bypass any SSL certificate errors, such as the InvalidOperation error that occurs when the REST Service is bound to a self-signed certificate. |
false |
named |
false |
false |
|
Force [<SwitchParameter>] Suppresses any request for user input and supplies a 'yes' response. For example: -Force with a delete request will perform the delete without presenting the confirmation request to the user. |
false |
named |
|
false |
false |
Timeout [<Int32>] The number of seconds to wait before the request to the DRA REST server times out. To specify an infinite timeout, you can set this parameter to -1. |
false |
named |
100 seconds |
true (ByPropertyName) |
false |
<CommonParameters> Verbose, Debug, ErrorAction, ErrorVariable, WarningAction, WarningVariable, OutBuffer, PipelineVariable, and OutVariable. For more information, see About CommonParameters. |
|
|
|
|
|
NOTE:For more information, type "Get-Help Add-DRAGroup -detailed". For technical information, type "Get-Help Add-DRAGroup -full".
Example 16-2 1
PS C:\>Add-DRAGroup -Domain MyDomain.corp -Properties @{FriendlyParentPath="MyDomain.corp/Accounting";Name="GROUP123";Description="PS Desc 001";ManagedBy="CN=George,CN=Users,DC=MYDOMAIN,DC=corp";samAccountName="COMP123sam"} -GroupType "Distribution" -GroupScope "Universal"
This example creates the group GROUP123 in Active Directory using the Name and DRA FriendlyParentPath properties. The group will be created in the domain MyDomain.corp in the Accounting OU. There are three properties set on this group: Description, ManagedBy and samAccountName. The group will be a universal distribution group.
Example 16-3 2
PS C:\>Add-DRAGroup -Domain MyDomain.corp -Properties @{FriendlyParentPath="MyDomain.corp/Accounting";Name="GROUP123";Description="PS Desc 001";ManagedBy="CN=George,CN=Users,DC=MYDOMAIN,DC=corp";samAccountName="COMP123sam"} -GroupType "Distribution" -GroupScope "Universal"
This example creates the group GROUP123 in Active Directory using the Name and DRA FriendlyParentPath properties. The group will be created in the domain MyDomain.corp in the Accounting OU. There are three properties set on this group: Description, ManagedBy, and samAccountName. The group will be a universal distribution group.
Example 16-4 3
PS C:\>Add-DRAGroup -Domain MyDomain.corp -Properties @{DistinguishedName="CN=GROUP123,OU=Accounting,DC=MyDomain,DC=corp";Description="Group for powershell"} -GroupType "Security" -GroupScope "Global"
This example creates a group named GROUP123 in Active Directory using the DRA DistinguishedName property. The group will be created in the domain MyDomain.corp in the Accounting OU. Description is the only property set on this group. The group will be a global security group.
Example 16-5 4
PS C:\>Add-DRAGroup -Domain MyDomain.corp -DynamicFilterRootContainer "OU=OU01,DC=MyDom,DC=corp" -DynamicFilterLDAPQuery "(&(objectClass=user)(objectCategory=person))" -DynamicFilterIncludeChildren -Properties @{distinguishedName="CN=GROUP123,OU=Accounting,DC=MyDomain,DC=corp"; WhiteList="CN=Add Me,OU=XXX,DC=MyDom,DC=corp", "CN=Add Me2,OU=YYY,DC=MyDom,DC=corp"; BlackList="CN=Skip Me,OU=OU01,DC=MyDom,DC=corp", "CN=SkipMe2,OU=OU01,DC=MyDom,DC=corp"}
This command creates a dynamic group by specifying the DynamicFilterLDAPQuery and DynamicFilterRootContainer parameters. DynamicFilterIncludeChildren indicates that the group includes objects from the DynamicFilterRootContainer and all of its children. Group members will also include the two accounts listed in the WhiteList property, even though the accounts do not match the filter criteria. The two BlackList accounts will be excuded from the group, even though they are users in the DynamicFilterRootContainer.
Example 16-6 5
PS C:\>Add-DRAGroup -Domain MyDomain.corp -Properties@{FriendlyName="MyDomain.corp/Accounting/GROUP123";Description="Group for powershell";ManagedBy="CN=George,CN=Users,DC=MYDOMAIN,DC=corp"} -GroupType "Security" -GroupScope "Domain local"
This example creates a group named GROUP123 in Active Directory using the DRA FriendlyName property. The group will be created in the domain MyDomain.corp in the Accounting OU. There are two properties set on this group: Description and ManagedBy. The group will be a domain local security group.