Use ARS and/or powershell to create groups - nested & add members automatically?

We use the lousy nested structure for shared folder ntfs permissions where a domain local group contains a universal which contains a global and the global has the users.  I want to find a way to create the 3 groups required when a new folder is setup, then add users to the global group.

Also, does anyone have any good references on the latest best practices for share permissions? I know when/why dl groups are used, but why use the nesting scheme for every file share on 20+ file servers?

Parents
No Data
Reply
  • Hi,

    here is a PoSh script sample to create group structure:

    $users = "John Smith", "Sarah Connor"

    $group = "My Group"

    $ou = "My OU"

    Connect-QADService -proxy

    $groupG = New-QADGroup ($group+" G") -ParentContainer $ou -GroupType Security -GroupScope Global

    $groupU = New-QADGroup ($group+"U") -ParentContainer $ou -GroupType Security -GroupScope Universal

    $groupDL = New-QADGroup ($group+" DL") -ParentContainer $ou -GroupType Security -GroupScope DomainLocal

    Add-QADGroupMember $groupG $users

    Add-QADGroupMember $groupU $groupG

    Add-QADGroupMember $groupDL $groupU

Children
No Data