I'm preparing a script where some local groups need to be created then domain groups added to them. Also it'll create some folder structure and assing my local groups with the right permissions. I thought that rather than hardcodding all that it would be better to make it more general so if groups need to be changed or folder structure modified it can be easily done. Hence I decided to use it as a good opportunity to learn to work with functions to extend my beginner's PS skills.
I started with creating text files with what will be needed later. So I have folders.txt, LocalG.txt and DomainG_A.txt DomainG_B.txt all put in variables
###############################
$folders = Get-Content .\folders.txt
$LocalG = Get-Content .\LocalG.txt
$DomainG_A = Get-Content .\DomainG_A.txt
$DomainG_B = Get-Content .\DomainG_B.txt
####### Functions #################
# Test if folders exist and if not create them
Function TestFolders ($folders){
foreach($folder in $folders){
if((Test-Path $folder) -eq $False){
New-Item -Path $folder -ItemType Directory -Force
}
}
}
# Remove all ACLs from existing folder structure in case it's incorrect
Function RemoveACL ($folder) {
$acl = Get-Acl $folder
foreach($access in $acl.Access){
$acl.SetAclAccessRuleProtection($True, $True)
$acl.RemoveAccessRuleAll($access)
}
Set-Acl $folder $acl
}
# Create Local Groups
Function AddLocalGroups ($Groups){
foreach ($group in $Groups){
$cn = [ADSI]("WinNT://$env:computername")
$gp = $cn.Create("Group", "$group")
$gp.setInfo()
}
}
# Here I would like adding domain groups A and B to some of my local groups
Function AddTo_A_Group ($AGroups){
foreach($gp in $AGroups){
$gr = $gp.Replace('\','/') # as we will likely see domain\group format in the text file
$objGroup = [ADSI]"WinNT://$gr"
$objGroupA1 = [ADSI]("WinNT://Test Group 1 A")
$objGroupA1.PSBase.Invoke('Add',$objGroup.PSBase.Path)
$objGroupA2 = [ADSI]("WinNT://Test Group 2 A")
$objGroupA2.PSBase.Invoke('Add',$objGroup.PSBase.Path)
}
}
Function AddTo_B_Group ($BGroups){
foreach($gp in $BGroups){
$gr = $gp.Replace('\','/')
$objGroup = [ADSI]"WinNT://$gr"
$objGroupB1 = [ADSI]("WinNT://Test group 1 B")
$objGroupB1.PSBase.Invoke('Add',$objGroup.PSBase.Path)
$objGroupB2 = [ADSI]("WinNT://Test group 2 B")
$objGroupB2.PSBase.Invoke('Add',$objGroup.PSBase.Path)
}
} # surely this can be done better
# To add a group and assign e.g. read and execute permissions
Function ModifyACL($folder,$group){
$acl = Get-Acl $folder
$rule = New-Object System.Security.AccessControl.FileSystemRule -ArgumentList @(
$group.Name,
"ReadAndExecute",
"ContainerInherit, ObjectInherit",
"None",
"Allow"
)
$acl.AddAccessRule($rule)
Set-ACL $folder $acl
}
##################################
AddLocalGroups($LocalG) # create local groups based on the contents of LocalG.txt
AddTo_A_Group($DomainG_A) # add A domain groups to Local groups with A in their name
AddTo_B_Group($DomainG_B) # add B domain groups to Local groups with B in their name
foreach ($folder in $folders){
TestFolders($folder) # test if folders exists and create as needed
RemoveACL($folder) # remove all current permissions
foreach($group in $LocalG){
if($group -match "A"){ # for all groups with A in their name
ModifyACL($folder, $group) # add group and give it R&E permissions
}
}
}
Running the above Local groups get created and this is as far as it gets :)
When the script gets to AddTo_A_Group function it throws an exception calling Invoke with 2 arguments: Unknown name(0x80020006 (Disp_E_UNKNOWNNAME) on my $objGroupA.PSBase.Invoke('Add',$objGroup.PSBase.Path)
Some help would be much appreciated.
yaro