I recently had a SharePoint migration where they were using users directly in the SharePoint default Visitors, Members, Owners groups. Because this gets hard to manage we opted to get AD groups setup and added to SharePoint groups for easier management. Because this was a lot of groups we used powershell to create all of the groups and add the necessary members.
#Script
function Write-ToLog($msg)
{
$logDate = Get-Date -UFormat "%m%d%Y"
$path = "AD_NewGroup_Log-" + $logDate + ".log"
$msg | Out-File $path -append
}
function Write-ToScreen($msg)
{
#$newLine = "`n"
$currentTime = Get-Date -UFormat "%H:%M:%S"
$msg = $currentTime + " :: INF :: " + $msg + $newLine
Write-ToLog($msg)
Write-Host -ForegroundColor Yellow $msg
}
function Write-ActionToScreen($msg)
{
#$newLine = "`n"
$currentTime = Get-Date -UFormat "%H:%M:%S"
$msg = $currentTime + " :: ACT :: " + $msg + $newLine
Write-ToLog($msg)
Write-Host -ForegroundColor Green $msg
}
# Import AD module
Write-ActionToScreen "Importing Active Directory module"
Import-Module ActiveDirectory
# Retrieve list of groups to be created from CSV file
Write-ActionToScreen "Importing CSV file"
$groups = Import-Csv .\Groups_Members.csv
# Designate which OU these groups will be created in
Write-ActionToScreen "Settting OU location"
$ou = "OU=SharePoint,DC=Lab,DC=Local"
# Check to see if OU exists and create groups, add members
Write-ActionToScreen "Testing OU path and starting group creation"
if ((Test-Path AD:\$ou) -eq $true)
{
Write-ToScreen "Verified that OU DOES exist"
foreach ($group in $groups)
{
Write-ActionToScreen "Creating new group $($group.GroupName)"
New-ADGroup -Name $group.GroupName -SamAccountName ($group.GroupName).trim() -DisplayName $group.GroupName -Description $group.Description -GroupCategory Security -GroupScope Global -Path $ou
Write-ToScreen "Finished creating group $($group.GroupName)"
Write-ActionToScreen "Getting group members"
$users = @(($group.Members).split(";"))
foreach ($u in $users)
{
Write-ActionToScreen "Adding $u to $($group.GroupName)"
Add-ADGroupMember -Identity $group.GroupName -Members $u
Write-ToScreen "Finished adding $u to group $($group.GroupName)"
}
}
}
else
{
Write-ToScreen "OU does not exist in AD tree. Please make sure your OU variable is pointing a to a valid OU"
}
#CSV
Here is a sample import file that was used. Users are separated by ‘;’ .
GroupName,Description,Members
SP_SiteName_Owners,SharePoint Security Group,tuser1;tuser2
SP_SiteName_Contrib,SharePoint Security Group,tuser1;tuser2
No comments:
Post a Comment