Skip to content

Latest commit

 

History

History
253 lines (210 loc) · 4.98 KB

AddsOrgUnitsAndGroups.adoc

File metadata and controls

253 lines (210 loc) · 4.98 KB

DSC Resource 'AddsOrgUnitsAndGroups'

AddsOrgUnitsAndGroups adds Groups and Organizational Units to an existing domain.

Source

DSC Resource

Documentation
Table 1. Attributes of category 'AddsOrgUnitsAndGroups'
Parameter Attribute DataType Description Allowed Values

DomainDn

String

Distinguished Name (DN) of the domain.

OrgUnits

Hashtable[]

List of Organizational Units (OUs) within Active Directory

Groups

Hashtable[]

List of groups within Active Directory.
Table 2. Selected Attributes of category 'AddsOrgUnitsAndGroups/OrgUnits'
Parameter Attribute DataType Description Allowed Values

Name

Key

String

The name of the Organizational Unit (OU).

Path

Key

String

The name of the Organizational Unit (OU).

Default: DomainDn

ChildOu

Object[]

List of Child Organizational Units.
For each Child OU the parameter Name must be specified.
Table 3. Selected Attributes of category 'AddsOrgUnitsAndGroups/Groups'
Parameter Attribute DataType Description Allowed Values

GroupName

Key

String

Name of the Active Directory group.

GroupScope

String

Active Directory group scope.

  • DomainLocal

  • Global (default)

  • Universal (ignored)

Category

String

Active Directory group category.

  • Distribution

  • Security (default)

Path

String

Location of the group within Active Directory expressed as a Distinguished Name (DN).

The DomainDn is appended automatically for DomainLocal and Global group scopes.

Ensure

String

Specifies if this Active Directory group should be present or absent.

  • Absent

  • Present (default)

Description

String

Description of the Active Directory group.

DisplayName

String

Display name of the Active Directory group.

Credential

PSCredential

The credential to be used to perform the operation on Active Directory.

DomainController

String

Active Directory domain controller to enact the change upon.

Members

String[]

Active Directory group membership should match membership exactly.

MembersToInclude

String[]

Active Directory group should include these members.

MembersToExclude

String[]

Active Directory group should NOT include these members.

MembershipAttribute

String

Active Directory attribute used to perform membership operations.

  • SamAccountName (default)

  • DistinguishedName

  • ObjectGUID

  • SID

ManagedBy

String

Active Directory managed by attribute specified as a DistinguishedName.

Notes

String

Active Directory group notes field.

RestoreFromRecycleBin

Boolean

Try to restore the group from the recycle bin before creating a new one.
Example
AddsOrgUnitsAndGroups:
  DomainDN: DC=contoso,DC=com
  OrgUnits:
    - Name: Admin
      Path: DC=contoso,DC=com
      ChildOu:
        - Name: Groups
        - Name: Computers
    - Name: Autofill
      ChildOu:
        - Name: Groups
        - Name: Computers
  Groups:
      # change attributes of BuiltIn groups
    - GroupName: Administrators
      Description: BuiltIn Account
      # create new groups
    - GroupName: App_123_Read
      Path: OU=Groups,OU=Admin
      GroupScope: DomainLocal
    - GroupName: App_123_Write
      Path: OU=Groups,OU=Admin
      GroupScope: Global
Recommended Lookup Options in Datum.yml (Excerpt)
lookup_options:

  AddsOrgUnitsAndGroups:
    merge_hash: deep
  AddsOrgUnitsAndGroups\OrgUnits:
    merge_baseType_array: Unique
    merge_hash_array: DeepTuple
    merge_options:
      tuple_keys:
        - Name
        - Path
  AddsOrgUnitsAndGroups\Groups:
    merge_baseType_array: Unique
    merge_hash_array: DeepTuple
    merge_options:
      tuple_keys:
        - GroupName