update

Creation-Groupe.ps1

@@ -1,40 +0,0 @@
-<#
-    .Example
-    $csv = Read-Host -Prompt "Please provide full path to Groups csv file"
-    .\Creation-Groupe.ps1 -CSVfile $csv -Verbose
-    PS C:\Tools> $csv = Read-Host -Prompt "Please provide full path to Groups csv file"
-    Please provide full path to Groups csv file: c:\tools\groups.csv
-    PS C:\Tools> .\Creation-Groupe.ps1 -CSVfile $csv -Verbose
-    VERBOSE: Creating new Group 'Tier0ReplicationMaintenance' under 'OU=Groups,OU=Tier0,OU=Admin,DC=azureblog,DC=pl'
-    VERBOSE: Creating new Group 'Tier1ServerMaintenance' under 'OU=Groups,OU=Tier1,OU=Admin,DC=azureblog,DC=pl'
-    VERBOSE: Creating new Group 'ServiceDeskOperators' under 'OU=Groups,OU=Tier2,OU=Admin,DC=azureblog,DC=pl'
-    VERBOSE: Creating new Group 'WorkstationMaintenance' under 'OU=Groups,OU=Tier2,OU=Admin,DC=azureblog,DC=pl'
-    VERBOSE: Group 'tier1admins'already exists.
-    VERBOSE: Group 'tier2admins'already exists.
-#>
-
-[CmdletBinding()]
-param(
-    [string] $CSVfile
-)
-$dNC = (Get-ADRootDSE).defaultNamingContext
-$groups = Import-Csv $CSVfile
-foreach ($group in $groups) {
-    $groupName = $group.Name
-    $groupOUPrefix = $group.OU
-    $destOU = $group.OU + "," + $dNC
-    $groupDN = "CN=" + $groupName + "," + $destOU
-    $checkForGroup = Get-ADGroup -filter 'Name -eq $groupName' -ErrorAction SilentlyContinue
-    If ($checkForGroup.count -eq 0 ) {
-        Write-Verbose "Creating new Group '$($Group.samAccountName)' under '$destOU'"
-        New-ADGroup -Name $Group.Name -SamAccountName $Group.samAccountName -GroupCategory $Group.GroupCategory -GroupScope $Group.GroupScope -DisplayName $Group.DisplayName -Path $destOU -Description $Group.Description
-        If ($Group.Membership -ne "") {
-            Write-Verbose "Adding Group Membership '$($Group.Membership)' for group '$($Group.samAccountName)'"
-            Add-ADPrincipalGroupMembership -Identity $Group.samAccountName -MemberOf $Group.Membership
-        }
-        $error.Clear()
-    } 
-    Else {
-        Write-Verbose "Group '$($Group.samAccountName)'already exists."
-    }
-}

Creation-OU.ps1

@@ -1,58 +0,0 @@
-<#
-    .Example
-    Atempt to create OU that not exists in the desired path
-    $OUs = @(
-    $(New-Object PSObject -Property @{Name = "Desktops"; ParentOU = "ou=Workstations" }),
-    $(New-Object PSObject -Property @{Name = "Kiosks"; ParentOU = "ou=Workstations" }),
-    $(New-Object PSObject -Property @{Name = "Laptops"; ParentOU = "ou=Workstations" }),
-    $(New-Object PSObject -Property @{Name = "Staging"; ParentOU = "ou=Workstations" })
-    )
-    .\Create-OU.ps1 -OUs $OUs -Verbose
-    PS C:\Tools> .\Create-OU.ps1 -OUs $OUs -Verbose
-    VERBOSE: Creating new OU 'OU=Desktops,ou=Workstations,DC=azureblog,DC=pl'
-    VERBOSE: Creating new OU 'OU=Kiosks,ou=Workstations,DC=azureblog,DC=pl'
-    VERBOSE: Creating new OU 'OU=Laptops,ou=Workstations,DC=azureblog,DC=pl'
-    VERBOSE: Creating new OU 'OU=Staging,ou=Workstations,DC=azureblog,DC=pl'
-    .Example
-    Atempt to create OU that already exists in the desired path
-    $OUs = @(
-    $(New-Object PSObject -Property @{Name = "Desktops"; ParentOU = "ou=Workstations" }),
-    $(New-Object PSObject -Property @{Name = "Kiosks"; ParentOU = "ou=Workstations" }),
-    $(New-Object PSObject -Property @{Name = "Laptops"; ParentOU = "ou=Workstations" }),
-    $(New-Object PSObject -Property @{Name = "Staging"; ParentOU = "ou=Workstations" })
-    )
-    .\Create-OU.ps1 -OUs $OUs -Verbose
-    PS C:\Tools> .\Create-OU.ps1 -OUs $OUs -Verbose
-    VERBOSE: OU 'Desktops' already exists under 'ou=Workstations,DC=azureblog,DC=pl'
-    VERBOSE: OU 'Kiosks' already exists under 'ou=Workstations,DC=azureblog,DC=pl'
-    VERBOSE: OU 'Laptops' already exists under 'ou=Workstations,DC=azureblog,DC=pl'
-    VERBOSE: OU 'Staging' already exists under 'ou=Workstations,DC=azureblog,DC=pl
-#>
-
-[CmdletBinding()]
-param(
-    [PSObject] $OUs
-)
-$dNC = (Get-ADRootDSE).defaultNamingContext
-$OUs | ForEach-Object {
-    $name = $_.Name
-    $parentOU = $_.ParentOU
-    
-    if ($ParentOU -eq '') {
-        $ouPath = "$dNC"
-        $testOUpath = "OU=$name,$dNC"
-    }
-    else {
-        $ouPath = "$parentOU,$dNC"
-        $testOUPath = "OU=$name,$parentOU,$dNC"
-    }
-    
-    $OUTest = (Get-ADOrganizationalUnit -Filter 'DistinguishedName -like $testOUpath' | Measure-Object).Count
-    if ($OUtest -eq 0) {
-        Write-Verbose "Creating new OU '$testOUPath'"
-        New-ADOrganizationalUnit -Name $name -Path $OUPath -ProtectedFromAccidentalDeletion:$true
-    }
-    else {
-        Write-Verbose "OU '$name' already exists under '$ouPath'"
-    }
-}

Groupes-Administrateur.csv

@@ -1,21 +1,21 @@
-Name,samAccountName,GroupCategory,GroupScope,DisplayName,OU,Description,Membership
-Tier 0 PAW Users,Tier0PAWUsers,Security,Global,Tier 0 PAW Users,"OU=Groups,OU=Tier0,OU=Admin",Members of this group are permitted to log onto Tier0 Privileged Access Workstations using normal accounts,
-Tier 0 PAW Maintenance,Tier0PAWMaint,Security,Global,Tier 0 PAW Maintenance,"OU=Groups,OU=Tier0,OU=Admin",Members of this group maintain and support Tier0 Privileged Access Workstations,
-Tier 0 Replication Maintenance,Tier0ReplicationMaintenance,Security,Global,Tier 0 Replication Maintenance,"OU=Groups,OU=Tier0,OU=Admin",Members of this group are Tier 0 Replication Maintenance,
-Tier 0 Servers,Tier0Servers,Security,Global,Tier 0 Servers,"OU=Groups,OU=Tier0,OU=Admin",Group that contain all Tier 0 servers,
-Tier 0 Sync Servers,Tier0SyncServers,Security,Global,Tier 0 Sync Servers,"OU=Groups,OU=Tier0,OU=Admin",Group that contain all Tier 0 synchronisation servers,
-Tier 0 Physical Access,Tier0PhysicalAccess,Security,Global,Tier 0 PhysicalAccess,"OU=Groups,OU=Tier0,OU=Admin",Group that contain users allowed to access physical domain controller,
-Tier 0 Physical DC,Tier0PhysicalDC,Security,Global,Tier 0 PhysicalDC,"OU=Groups,OU=Tier0,OU=Admin",Group that contain physical domain controller computer object,
-Tier 0 Service Accounts,Tier0serviceaccounts,Security,Global,Tier 0 Service Accounts,"OU=Groups,OU=Tier0,OU=Admin",Group that contain all Tier 0 svc accouts,
-Tier 0 PAW Computers,Tier0PAWComputers,Security,Global,Tier 0 PAW Computers,"OU=Groups,OU=Tier0,OU=Admin",Group with members of the tier 0 devices servers and domaincontrollers,
-Tier 1 Admins,tier1admins,Security,Global,Tier 1 Admins,"OU=Groups,OU=Tier1,OU=Admin",Members of this group are Tier 1 Administrators,
-Tier 1 Server Maintenance,Tier1ServerMaintenance,Security,Global,Tier 1 Server Maintenance,"OU=Groups,OU=Tier1,OU=Admin",Members of this group perform Tier 1 Server Maintenance,
-Tier 1 PAW Users,Tier1PAWUsers,Security,Global,Tier 1 PAW Users,"OU=Groups,OU=Tier1,OU=Admin",Members of this group are permitted to log onto Tier1 Privileged Access Workstations using normal accounts,
-Tier 1 PAW Computers,Tier1PAWComputers,Security,Global,Tier 1 PAW Computers,"OU=Groups,OU=Tier1,OU=Admin",Group with members of the Tier 1 devices and servers,
-Tier 1 PAW Maintenance,Tier1PAWMaint,Security,Global,Tier1 PAW Maintenance,"OU=Groups,OU=Tier1,OU=Admin",Members of this group maintain and support Tier0 Privileged Access Workstations,
-Tier 1 Servers,Tier1Servers,Security,Global,Tier 1 Servers,"OU=Groups,OU=Tier1,OU=Admin",Group that contain all Tier 1 servers,
-Tier 1 Service Accounts,Tier1serviceaccounts,Security,Global,Tier 1serviceaccounts,"OU=Groups,OU=Tier1,OU=Admin",Group that contain all Tier 1 svc accouts,
-Tier 2 Admins,tier2admins,Security,Global,Tier 2 Admins,"OU=Groups,OU=Tier2,OU=Admin",Members of this group are Tier 2 Administrators,
-Tier 2 Service Desk Operators,Tier2ServiceDeskOperators,Security,Global,Tier 2 Service Desk Operators,"OU=Groups,OU=Tier2,OU=Admin",Members of this group are Service Desk Operators,
-Tier 2 Workstation Maintenance,Tier2WorkstationMaintenance,Security,Global,Tier 2 Workstation Maintenance,"OU=Groups,OU=Tier2,OU=Admin",Members of this group perform Workstation Maintenance,
-Tier 2 Service Accounts,Tier2serviceaccounts,Security,Global,Tier 2 Service Accounts,"OU=Groups,OU=Tier2,OU=Admin",Group that contain all Tier 2 svc accouts,
+Name;samAccountName;GroupCategory;GroupScope;DisplayName;OU;Description;Membership
+Tier 0 PAW Users;Tier0PAWUsers;Security;Global;Tier 0 PAW Users;"OU=Groupes,OU=Tier0,OU=Admins,OU=SocieteA";Members OU=Groupes,OU=of this group are permitted to log onto Tier0 Privileged Access Workstations using normal accounts;
+Tier 0 PAW Maintenance;Tier0PAWMaint;Security;Global;Tier 0 PAW Maintenance;"OU=Groupes,OU=Tier0,OU=Admins,OU=SocieteA";Members of this group maintain and support Tier0 Privileged Access Workstations;
+Tier 0 Replication Maintenance;Tier0ReplicationMaintenance;Security;Global;Tier 0 Replication Maintenance;"OU=Groupes,OU=Tier0,OU=Admins,OU=SocieteA";Members of this group are Tier 0 Replication Maintenance;
+Tier 0 Servers;Tier0Servers;Security;Global;Tier 0 Servers;"OU=Groupes,OU=Tier0,OU=Admins,OU=SocieteA";Group that contain all Tier 0 servers;
+Tier 0 Sync Servers;Tier0SyncServers;Security;Global;Tier 0 Sync Servers;"OU=Groupes,OU=Tier0,OU=Admins,OU=SocieteA";Group that contain all Tier 0 synchronisation servers;
+Tier 0 Physical Access;Tier0PhysicalAccess;Security;Global;Tier 0 PhysicalAccess;"OU=Groupes,OU=Tier0,OU=Admins,OU=SocieteA";Group that contain users allowed to access physical domain controller;
+Tier 0 Physical DC;Tier0PhysicalDC;Security;Global;Tier 0 PhysicalDC;"OU=Groupes,OU=Tier0,OU=Admins,OU=SocieteA";Group that contain physical domain controller computer object;
+Tier 0 Service Accounts;Tier0serviceaccounts;Security;Global;Tier 0 Service Accounts;"OU=Groupes,OU=Tier0,OU=Admins,OU=SocieteA";Group that contain all Tier 0 svc accouts;
+Tier 0 PAW Computers;Tier0PAWComputers;Security;Global;Tier 0 PAW Computers;"OU=Groupes,OU=Tier0,OU=Admins,OU=SocieteA";Group with members of the tier 0 devices servers and domaincontrollers;
+Tier 1 Admins;tier1admins;Security;Global;Tier 1 Admins;"OU=Groupes,OU=Tier1,OU=Admins,OU=SocieteA";Members of this group are Tier 1 Administrators;
+Tier 1 Server Maintenance;Tier1ServerMaintenance;Security;Global;Tier 1 Server Maintenance;"OU=Groupes,OU=Tier1,OU=Admins,OU=SocieteA";Members of this group perform Tier 1 Server Maintenance;
+Tier 1 PAW Users;Tier1PAWUsers;Security;Global;Tier 1 PAW Users;"OU=Groupes,OU=Tier1,OU=Admins,OU=SocieteA";Members of this group are permitted to log onto Tier1 Privileged Access Workstations using normal accounts;
+Tier 1 PAW Computers;Tier1PAWComputers;Security;Global;Tier 1 PAW Computers;"OU=Groupes,OU=Tier1,OU=Admins,OU=SocieteA";Group with members of the Tier 1 devices and servers;
+Tier 1 PAW Maintenance;Tier1PAWMaint;Security;Global;Tier1 PAW Maintenance;"OU=Groupes,OU=Tier1,OU=Admins,OU=SocieteA";Members of this group maintain and support Tier0 Privileged Access Workstations;
+Tier 1 Servers;Tier1Servers;Security;Global;Tier 1 Servers;"OU=Groupes,OU=Tier1,OU=Admins,OU=SocieteA";Group that contain all Tier 1 servers;
+Tier 1 Service Accounts;Tier1serviceaccounts;Security;Global;Tier 1serviceaccounts;"OU=Groupes,OU=Tier1,OU=Admins,OU=SocieteA";Group that contain all Tier 1 svc accouts;
+Tier 2 Admins;tier2admins;Security;Global;Tier 2 Admins;"OU=Groupes,OU=Tier2,OU=Admins,OU=SocieteA";Members of this group are Tier 2 Administrators;
+Tier 2 Service Desk Operators;Tier2ServiceDeskOperators;Security;Global;Tier 2 Service Desk Operators;"OU=Groupes,OU=Tier2,OU=Admins,OU=SocieteA";Members of this group are Service Desk Operators;
+Tier 2 Workstation Maintenance;Tier2WorkstationMaintenance;Security;Global;Tier 2 Workstation Maintenance;"OU=Groupes,OU=Tier2,OU=Admins,OU=SocieteA";Members of this group perform Workstation Maintenance;
+Tier 2 Service Accounts;Tier2serviceaccounts;Security;Global;Tier 2 Service Accounts;"OU=Groupes,OU=Tier2;OU=Admins,OU=SocieteA";Group that contain all Tier 2 svc accouts;

Groupes-Standard.csv

@@ -1,5 +1,5 @@
-Name,samAccountName,GroupCategory,GroupScope,DisplayName,OU,Description,Membership
-Test Group 1,testgroup1,Security,Global,Test Group 1,"ou=Security Groups,OU=Groups",Group with random members,
-Test Group 2,testgroup2,Security,Global,Test Group 2,"ou=Security Groups,OU=Groups",Group with random members,
-Test Group 3,testgroup3,Security,Global,Test Group 3,"ou=Security Groups,OU=Groups",Group with random members,
-Test Group 4,testgroup4,Security,Global,Test Group 4,"ou=Security Groups,OU=Groups",Group with random members,
+Name;samAccountName;GroupCategory;GroupScope;DisplayName;OU;Description;Membership
+Test Group 1;testgroup1;Security;Global;Test Group 1;"ou=Groupes Security,OU=Ressources,OU=Groupes,OU=SocieteA";Group with random members;
+Test Group 2;testgroup2;Security;Global;Test Group 2;"ou=Groupes Security,OU=Ressources,OU=Groupes,OU=SocieteA";Group with random members;
+Test Group 3;testgroup3;Security;Global;Test Group 3;"ou=Groupes Security,OU=Ressources,OU=Groupes,OU=SocieteA";Group with random members;
+Test Group 4;testgroup4;Security;Global;Test Group 4;"ou=Groupes Security,OU=Ressources,OU=Groupes,OU=SocieteA";Group with random members;

OU-Computer-Permissions.csv

@@ -0,0 +1,4 @@
+Group;OuPrefix
+Tier2WorkstationMaintenance;OU=Quarantine,ou=SocieteA
+Tier2WorkstationMaintenance;OU=Workstations,ou=SocieteA
+Tier1ServerMaintenance;OU=Tier 1 Servers,ou=SocieteA

OU-GPO-Permissions.csv

@@ -0,0 +1,2 @@
+Group;OuPrefix
+Tier1ServerMaintenance;OU=Tier 1 Servers,ou=SocieteA

OU-Group-Permissions.csv

@@ -0,0 +1,3 @@
+Group;OuPrefix
+Tier1Admins;OU=Groupes,ou=Tier1,ou=Admins,ou=SocieteA
+Tier2Admins;OU=Groupes,ou=Tier2,ou=Admins,ou=SocieteA

OU-Replication-Permissions.csv

@@ -0,0 +1,2 @@
+Group
+Tier0ReplicationMaintenance

OU-Standard.csv

@@ -0,0 +1,59 @@
+Name;ParentOU;Description;IsBlocked
+SocieteA;;Base de la sociéte,No
+Admins;SocieteA;;No
+Tier 1 Servers;SocieteA;;No
+Groupes;SocieteA;;No
+WorkStations;SocieteA;;No
+Serveurs;SocieteA;;No
+Users;SocieteA;;No
+Quarantine;SocieteA;;No
+Tier0;Admins,ou=SocieteA;;No
+Tier1;Admins,ou=SocieteA;;No
+Tier2;Admins,ou=SocieteA;;No
+Accounts;Tier0,ou=Admins,ou=SocieteA;;No
+Groupes;Tier0,ou=Admins,ou=SocieteA;;No
+Service Accounts;Tier0,ou=Admins,ou=SocieteA;;No
+Devices;Tier0,ou=Admins,ou=SocieteA;;Yes
+Tier0 Serveurs;Tier0,ou=Admins,ou=SocieteA;;No
+Accounts;Tier1,ou=Admins,ou=SocieteA;;No
+Groupes;Tier1,ou=Admins,ou=SocieteA;;No
+Service Accounts;Tier1,ou=Admins,ou=SocieteA;;No
+Devices;Tier1,ou=Admins,ou=SocieteA;;Yes
+Tier1 Serveurs;Tier1,ou=Admins,ou=SocieteA;;No
+Accounts;Tier2,ou=Admins,ou=SocieteA;;No
+Groupes;Tier2,ou=Admins,ou=SocieteA;;No
+Service Accounts;Tier2,ou=Admins,ou=SocieteA;;No
+Devices;Tier2,ou=Admins,ou=SocieteA;;Yes
+Application;Tier 1 Servers,ou=SocieteA;;No
+Collaboration;Tier 1 Servers,ou=SocieteA;;No
+Database;Tier 1 Servers,ou=SocieteA;;No
+Messaging;Tier 1 Servers,ou=SocieteA;;No
+Staging;Tier 1 Servers,ou=SocieteA;;No
+Contacts;Groupes,ou=SocieteA;;No
+Softwares;Groupes,ou=SocieteA;;No
+Partages;Groupes,ou=SocieteA;;No
+Providers;Groupes,ou=SocieteA;;No
+Ressources;Groupes,ou=SocieteA;;No
+Groupes Distribution;Contacts,ou=Groupes,ou=SocieteA;;No
+Groupes Security;Contacts,ou=Groupes,ou=SocieteA;;No
+Groupes Distribution;Softwares,ou=Groupes,ou=SocieteA;;No
+Groupes Security;Softwares,ou=Groupes,ou=SocieteA;;No
+Groupes Distribution;Partages,ou=Groupes,ou=SocieteA;;No
+Groupes Security;Partages,ou=Groupes,ou=SocieteA;;No
+Groupes Distribution;Ressources,ou=Groupes,ou=SocieteA;;No
+Groupes Security;Ressources,ou=Groupes,ou=SocieteA;;No
+Desktops;WorkStations,ou=SocieteA;;No
+Kiosks;WorkStations,ou=SocieteA;;No
+Laptops;WorkStations,ou=SocieteA;;No
+Staging;WorkStations,ou=SocieteA;;No
+Dev;Serveurs,ou=SocieteA;;No
+Rec;Serveurs,ou=SocieteA;;No
+Staging;Serveurs,ou=SocieteA;;No
+Production;Serveurs,ou=SocieteA;;No
+_Disabled Users;Users,ou=SocieteA;;No
+_To Deleted;Users,ou=SocieteA;;No
+_In Arrived;Users,ou=SocieteA;;No
+Providers;Users,ou=SocieteA;;No
+Service_A;Users,ou=SocieteA;;No
+Service_B;Users,ou=SocieteA;;No
+Service_C;Users,ou=SocieteA;;No

OU-User-Permissions.csv

@@ -0,0 +1,6 @@
+Group;OuPrefix
+Tier2ServiceDeskOperators;OU=Users,OU=SocieteA
+Tier1Admins;OU=Accounts,ou=Tier1,ou=Admins,ou=SocieteA
+Tier1Admins;OU=Service Accounts,ou=Tier1,ou=Admins,ou=SocieteA
+Tier2Admins;OU=Accounts,ou=Tier2,ou=Admins,ou=SocieteA
+Tier2Admins;OU=Service Accounts,ou=Tier2,ou=Admins,ou=SocieteA

OU-Workstation-Permissions.csv

@@ -0,0 +1,4 @@
+Group;OuPrefix
+Tier2ServiceDeskOperators;OU=Workstations,OU=SocieteA
+Tier1Admins;OU=Devices,ou=Tier1,ou=Admins,ou=SocieteA
+Tier2Admins;OU=Devices,ou=Tier2,ou=Admins,ou=SocieteA

Step-01-Creation-OU.ps1

@@ -0,0 +1,42 @@
+<#
+
+#>
+
+cls
+
+#throw "This is not a robus script"
+$location = Get-Location
+Set-Location C:\Tools
+
+Import-Module ActiveDirectory
+
+$Fichier = "OU-Standard.csv"
+
+$OUs = Import-Csv -Path $Fichier -Delimiter ";"
+
+$dNC = (Get-ADRootDSE).defaultNamingContext
+
+$OUs | ForEach-Object {
+    $name = $_.Name
+    $parentOU = $_.ParentOU
+    $Description = $_.Description
+
+    If ($ParentOU -eq '') {
+        $ouPath = "$dNC"
+        $testOUpath = "OU=$name,$dNC"
+    }
+    Else {
+        $ouPath = "OU=$parentOU,$dNC"
+        $testOUPath = "OU=$name,OU=$parentOU,$dNC"
+    }
+
+    $OUTest = (Get-ADOrganizationalUnit -Filter 'DistinguishedName -like $testOUpath' | Measure-Object).Count
+
+    If ($OUtest -eq 0) {
+        Write-host "Creation nouvelle OU '$testOUPath'"
+        New-ADOrganizationalUnit $name -Path $OUPath -ProtectedFromAccidentalDeletion:$false -Description $Description
+    }
+    Else {
+        Write-host "OU '$name' existe deja '$ouPath'"
+    }
+}

Step-02-Creation-Groupe.ps1

@@ -0,0 +1,68 @@
+<#
+    .Exemple
+
+#>
+
+cls
+
+#throw "This is not a robus script"
+$location = Get-Location
+Set-Location C:\Tools
+
+Import-Module ActiveDirectory
+
+$FichierAdmin = "Groupes-Administrateur.csv"
+$FichierStandard = "Groupes-Standard.csv"
+
+$GroupAdmins = Import-Csv -Path $FichierAdmin -Delimiter ";"
+$GroupStandards = Import-Csv -Path $FichierStandard -Delimiter ";"
+
+$dNC = (Get-ADRootDSE).defaultNamingContext
+
+Foreach ($group in $GroupAdmins) {
+    $groupName = $group.Name
+    $groupOUPrefix = $group.OU
+    $destOU = $group.OU + "," + $dNC
+    $groupDN = "CN=" + $groupName + "," + $destOU
+
+    $checkForGroup = Get-ADGroup -filter 'Name -eq $groupName' -ErrorAction SilentlyContinue
+    
+    If ($checkForGroup.count -eq 0 ) {
+        Write-Verbose "Creating new Group '$($Group.samAccountName)' under '$destOU'"
+
+        New-ADGroup -Name $Group.Name -SamAccountName $Group.samAccountName -GroupCategory $Group.GroupCategory -GroupScope $Group.GroupScope -DisplayName $Group.DisplayName -Path $destOU -Description $Group.Description
+
+        If ($Group.Membership -ne "") {
+            Write-Verbose "Adding Group Membership '$($Group.Membership)' for group '$($Group.samAccountName)'"
+            Add-ADPrincipalGroupMembership -Identity $Group.samAccountName -MemberOf $Group.Membership
+        }
+        $error.Clear()
+    } 
+    Else {
+        Write-Verbose "Group '$($Group.samAccountName)'already exists."
+    }
+}
+
+Foreach ($group in $GroupStandards) {
+    $groupName = $group.Name
+    $groupOUPrefix = $group.OU
+    $destOU = $group.OU + "," + $dNC
+    $groupDN = "CN=" + $groupName + "," + $destOU
+
+    $checkForGroup = Get-ADGroup -filter 'Name -eq $groupName' -ErrorAction SilentlyContinue
+
+    If ($checkForGroup.count -eq 0 ) {
+        Write-host "Creating new Group '$($Group.samAccountName)' under '$destOU'"
+
+        New-ADGroup -Name $Group.Name -SamAccountName $Group.samAccountName -GroupCategory $Group.GroupCategory -GroupScope $Group.GroupScope -DisplayName $Group.DisplayName -Path $destOU -Description $Group.Description
+
+        If ($Group.Membership -ne "") {
+            Write-host "Adding Group Membership '$($Group.Membership)' for group '$($Group.samAccountName)'"
+            Add-ADPrincipalGroupMembership -Identity $Group.samAccountName -MemberOf $Group.Membership
+        }
+        $error.Clear()
+    } 
+    Else {
+        Write-host "Group '$($Group.samAccountName)'already exists."
+    }
+}

Step-03-Set-OUUserPermissions.ps1

@@ -1,23 +1,27 @@
 <#
-    .Example
-    $List = @(
-        $(New-Object PSObject -Property @{Group = "ServiceDeskOperators"; OUPrefix = "OU=User Accounts"})
-    )
-    .\Set-OUUserPermissions.ps1 -list $list -Verbose 
+
 #>
 
-[CmdletBinding()]
-param(
-    [Parameter(Mandatory = $True)][PSOBject] $List
+cls
+
+#throw "This is not a robus script"
+$location = Get-Location
+Set-Location C:\Tools
 
-)
 Import-Module ActiveDirectory
 
+$Fichier = "OU-User-Permissions.csv"
+
+$List = Import-Csv -Path $Fichier -Delimiter ";"
+
 $rootdse = Get-ADRootDSE
 $domain = Get-ADDomain
 $guidmap = @{ }
+
 Get-ADObject -SearchBase ($rootdse.SchemaNamingContext) -LDAPFilter "(schemaidguid=*)" -Properties lDAPDisplayName, schemaIDGUID | ForEach-Object { $guidmap[$_.lDAPDisplayName] = [System.GUID]$_.schemaIDGUID }
+
 $extendedrightsmap = @{ }
+
 Get-ADObject -SearchBase ($rootdse.ConfigurationNamingContext) -LDAPFilter "(&(objectclass=controlAccessRight)(rightsguid=*))" -Properties displayName, rightsGuid | ForEach-Object { $extendedrightsmap[$_.displayName] = [System.GUID]$_.rightsGuid }
 
 $List | ForEach-Object {
@@ -25,7 +29,9 @@ $List | ForEach-Object {
     $Group = $_.Group
     $ouPath = "$OUPrefix,$($domain.DistinguishedName)"
     $ou = Get-ADOrganizationalUnit -Identity $OUPAth
+
     $adGroup = New-Object System.Security.Principal.SecurityIdentifier (Get-ADGroup -Identity $Group).SID
+
     $acl = Get-ACL -Path "AD:$($ou.DistinguishedName)"
     $acl.AddAccessRule((New-Object System.DirectoryServices.ActiveDirectoryAccessRule $adGroup, "CreateChild", "Allow", $guidmap["user"], "ALL"))
     $acl.AddAccessRule((New-Object System.DirectoryServices.ActiveDirectoryAccessRule $adGroup, "ReadProperty", "Allow", "Descendents", $guidmap["user"]))
@@ -35,6 +41,7 @@ $List | ForEach-Object {
     $acl.AddAccessRule((New-Object System.DirectoryServices.ActiveDirectoryAccessRule $adGroup, "WriteProperty", "Allow", $guidmap["lockoutTime"], "Descendents", $guidmap["user"]))
     $acl.AddAccessRule((New-Object System.DirectoryServices.ActiveDirectoryAccessRule $adGroup, "ReadProperty", "Allow", $guidmap["pwdLastSet"], "Descendents", $guidmap["user"]))
     $acl.AddAccessRule((New-Object System.DirectoryServices.ActiveDirectoryAccessRule $adGroup, "WriteProperty", "Allow", $guidmap["pwdLastSet"], "Descendents", $guidmap["user"]))
-    Write-Verbose "Configuring User Permissions on '$ouPath' for group '$Group'"
+
+    Write-host "Configuring User Permissions on '$ouPath' for group '$Group'"
     Set-ACL -ACLObject $acl -Path ("AD:\" + ($ou.DistinguishedName))
 }

Step-04-Set-OUWorkstationPermissions.ps1

@@ -1,26 +1,32 @@
 <#
-    .Example
-    $List = @(
-        $(New-Object PSObject -Property @{Group = "ServiceDeskOperators"; OUPrefix = "OU=Workstations"})
-    .\Set-OUWorkstationPermissions.ps1 -list $list -Verbose
+
 #>
 
-[CmdletBinding()]
-param(
-    [Parameter(Mandatory = $True)][PSOBject] $List
-)
+cls
+
+#throw "This is not a robus script"
+$location = Get-Location
+Set-Location C:\Tools
+
 Import-Module ActiveDirectory
 
+$Fichier = "OU-Workstation-Permissions.csv"
+
+$List = Import-Csv -Path $Fichier -Delimiter ";"
+
 $rootdse = Get-ADRootDSE
 $domain = Get-ADDomain
 $guidmap = @{ }
 Get-ADObject -SearchBase ($rootdse.SchemaNamingContext) -LDAPFilter "(schemaidguid=*)" -Properties lDAPDisplayName, schemaIDGUID | ForEach-Object { $guidmap[$_.lDAPDisplayName] = [System.GUID]$_.schemaIDGUID }
+
 $List | ForEach-Object {
     $ouPrefix = $_.OUPrefix
     $Group = $_.Group
     $ouPath = "$OUPrefix,$($domain.DistinguishedName)"
     $ou = Get-ADOrganizationalUnit -Identity $OUPAth
+
     $adGroup = New-Object System.Security.Principal.SecurityIdentifier (Get-ADGroup -Identity $Group).SID
+
     $acl = Get-ACL -Path "AD:$($ou.DistinguishedName)"
     $acl.AddAccessRule((New-Object System.DirectoryServices.ActiveDirectoryAccessRule $adGroup, "CreateChild", "Allow", $guidmap["Computer"], "All"))
     $acl.AddAccessRule((New-Object System.DirectoryServices.ActiveDirectoryAccessRule $adGroup, "ReadProperty", "Allow", "Descendents", $guidmap["Computer"]))
@@ -29,6 +35,7 @@ $List | ForEach-Object {
     $acl.AddAccessRule((New-Object System.DirectoryServices.ActiveDirectoryAccessRule $adGroup, "ReadProperty", "Allow", $guidmap["msFVE-KeyPackage"], "Descendents", $guidmap["msFVE-RecoveryInformation"]))
     $acl.AddAccessRule((New-Object System.DirectoryServices.ActiveDirectoryAccessRule $adGroup, "ReadProperty", "Allow", $guidmap["msFVE-RecoveryPassword"], "Descendents", $guidmap["msFVE-RecoveryInformation"]))
     $acl.AddAccessRule((New-Object System.DirectoryServices.ActiveDirectoryAccessRule $adGroup, "ReadProperty", "Allow", $guidmap["msFVE-VolumeGuid"], "Descendents", $guidmap["msFVE-RecoveryInformation"]))
-    Write-Verbose "Configuring Workstation Permissions on '$ouPath' for group '$Group'"
+
+    Write-host "Configuring Workstation Permissions on '$ouPath' for group '$Group'"
     Set-ACL -ACLObject $acl -Path ("AD:\" + ($ou.DistinguishedName))
 } 

Step-05-Set-OUGroupPermissions.ps1

@@ -1,18 +1,19 @@
 <#
-    .Example
-    $List = @(
-        $(New-Object PSObject -Property @{Group = "Tier1Admins"; OUPrefix = "OU=Groups,ou=Tier1,ou=Admin"})
-    )
-    .\Set-OUGroupPermissions.ps1 -list $list -Verbose 
+
 #>
 
-[CmdletBinding()]
-param(
-    [Parameter(Mandatory = $True)][PSOBject] $List
+cls
+
+#throw "This is not a robus script"
+$location = Get-Location
+Set-Location C:\Tools
 
-)
 Import-Module ActiveDirectory
 
+$Fichier = "OU-Group-Permissions.csv"
+
+$List = Import-Csv -Path $Fichier -Delimiter ";"
+
 $rootdse = Get-ADRootDSE
 $domain = Get-ADDomain
 $guidmap = @{ }
@@ -25,11 +26,14 @@ $List | ForEach-Object {
     $Group = $_.Group
     $ouPath = "$OUPrefix,$($domain.DistinguishedName)"
     $ou = Get-ADOrganizationalUnit -Identity $OUPAth
+    
     $adGroup = New-Object System.Security.Principal.SecurityIdentifier (Get-ADGroup -Identity $Group).SID
+    
     $acl = Get-ACL -Path "AD:$($ou.DistinguishedName)"
     $acl.AddAccessRule((New-Object System.DirectoryServices.ActiveDirectoryAccessRule $adGroup, "CreateChild", "Allow", $guidmap["group"], "ALL"))
     $acl.AddAccessRule((New-Object System.DirectoryServices.ActiveDirectoryAccessRule $adGroup, "ReadProperty", "Allow", "Descendents", $guidmap["group"]))
     $acl.AddAccessRule((New-Object System.DirectoryServices.ActiveDirectoryAccessRule $adGroup, "WriteProperty", "Allow", "Descendents", $guidmap["group"]))
-    Write-Verbose "Configuring Group Permissions on '$ouPath' for group '$Group'"
+    
+    Write-Host "Configuring Group Permissions on '$ouPath' for group '$Group'"
     Set-ACL -ACLObject $acl -Path ("AD:\" + ($ou.DistinguishedName))
 }

Step-06-Set-OUComputerPermissions.ps1

@@ -1,21 +1,19 @@
 <#
-    .Example 
-    $List = @(
-        $(New-Object PSObject -Property @{Group = "WorkstationMaintenance"; OUPrefix = "OU=Computer Quarantine"}),
-        $(New-Object PSObject -Property @{Group = "WorkstationMaintenance"; OUPrefix = "OU=Workstations"}),
-        $(New-Object PSObject -Property @{Group = "PAWMaint"; OUPrefix = "OU=Devices,OU=Tier 0,OU=Admin"}),
-        $(New-Object PSObject -Property @{Group = "Tier1ServerMaintenance"; OUPrefix = "OU=Tier 1 Servers"})
-    )
-    .\Set-OUComputerPermissions.ps1 -list $list -Verbose
 
 #>
 
-[CmdletBinding()]
-param(
-    [Parameter(Mandatory = $True)][PSOBject] $List
-)
+cls
+
+#throw "This is not a robus script"
+$location = Get-Location
+Set-Location C:\Tools
+
 Import-Module ActiveDirectory
 
+$Fichier = "OU-Computer-Permissions.csv"
+
+$List = Import-Csv -Path $Fichier -Delimiter ";"
+
 $rootdse = Get-ADRootDSE
 $domain = Get-ADDomain
 $guidmap = @{ }
@@ -26,11 +24,14 @@ $List | ForEach-Object {
     $Group = $_.Group
     $ouPath = "$OUPrefix,$($domain.DistinguishedName)"
     $ou = Get-ADOrganizationalUnit -Identity $OUPAth
+
     $adGroup = New-Object System.Security.Principal.SecurityIdentifier (Get-ADGroup -Identity $Group).SID
+
     $acl = Get-ACL -Path "AD:$($ou.DistinguishedName)"
     $acl.AddAccessRule((New-Object System.DirectoryServices.ActiveDirectoryAccessRule $adGroup, "CreateChild,DeleteChild", "Allow", $guidmap["Computer"], "All"))
     $acl.AddAccessRule((New-Object System.DirectoryServices.ActiveDirectoryAccessRule $adGroup, "ReadProperty", "Allow", "Descendents", $guidmap["Computer"]))
     $acl.AddAccessRule((New-Object System.DirectoryServices.ActiveDirectoryAccessRule $adGroup, "WriteProperty", "Allow", "Descendents", $guidmap["Computer"]))
-    Write-Verbose "Configuring Computer Permissions on '$ouPath' for group '$Group'"
+
+    Write-Host "Configuring Computer Permissions on '$ouPath' for group '$Group'"
     Set-ACL -ACLObject $acl -Path ("AD:\" + ($ou.DistinguishedName))
 }

Step-07-Set-OUReplicationPermissions.ps1

@@ -1,18 +1,19 @@
 <#
-    .Example
-    $List = @(
-        $(New-Object PSObject -Property @{Group = "Tier0ReplicationMaintenance"; OUPrefix = "" })
-    )
-    .\Set-OUReplicationPermissions.ps1 -list $list -Verbose
+
 #>
 
-[CmdletBinding()]
-param(
-    [Parameter(Mandatory = $True)][PSOBject] $List
+cls
+
+#throw "This is not a robus script"
+$location = Get-Location
+Set-Location C:\Tools
 
-)
 Import-Module ActiveDirectory
 
+$Fichier = "OU-Replication-Permissions.csv"
+
+$List = Import-Csv -Path $Fichier -Delimiter ";"
+
 $rootdse = Get-ADRootDSE
 $domain = Get-ADDomain
 $guidmap = @{ }
@@ -27,25 +28,31 @@ $schemaNC = $rootdse.SchemaNamingContext
 $forestDnsZonesDN = "DC=ForestDnsZones," + $rootdse.RootDomainNamingContext
 $sitesDN = "CN=Sites," + $configCN
 $config = @($configCN, $schemaNC, $forestDnsZonesDN, $sitesDN)
+
 $List | ForEach-Object {
     $group = $_.Group
-    if ($_.OUPrefix -eq ""){
+
+    If ($_.OUPrefix -eq "") {
         $aclPath = $domain.DistinguishedName
     }
-    else {
+    Else {
         $aclPath = $_.OUPrefix + "," + $domain.DistinguishedName
     }
+
     $adGroup = New-Object System.Security.Principal.SecurityIdentifier (Get-ADGroup -Identity $group).SID
-    foreach ($configEntry in $config) {
+
+    Foreach ($configEntry in $config) {
         $acl = Get-ACL -Path($configEntry)
         $acl.AddAccessRule((New-Object System.DirectoryServices.ActiveDirectoryAccessRule $adGroup, "ExtendedRight", "Allow", $extendedrightsmap["Manage Replication Topology"], "Descendents"))
         $acl.AddAccessRule((New-Object System.DirectoryServices.ActiveDirectoryAccessRule $adGroup, "ExtendedRight", "Allow", $extendedrightsmap["Replicating Directory Changes"], "Descendents"))
         $acl.AddAccessRule((New-Object System.DirectoryServices.ActiveDirectoryAccessRule $adGroup, "ExtendedRight", "Allow", $extendedrightsmap["Replicating Directory Changes All"], "Descendents"))
         $acl.AddAccessRule((New-Object System.DirectoryServices.ActiveDirectoryAccessRule $adGroup, "ExtendedRight", "Allow", $extendedrightsmap["Replication Synchronization"], "Descendents"))
-        if ($configEntry -like "CN=Configuration*" -or $configEntry -like "CN=Schema*") {
+        
+        If ($configEntry -like "CN=Configuration*" -or $configEntry -like "CN=Schema*") {
             $acl.AddAccessRule((New-Object System.DirectoryServices.ActiveDirectoryAccessRule $adGroup, "ExtendedRight", "Allow", $extendedrightsmap["Monitor active directory Replication"], "Descendents"))
         }
-        Write-Verbose "Configuring Replication Maintenance Role Delegation on '$configEntry' for group '$group'"
+
+        Write-Host "Configuring Replication Maintenance Role Delegation on '$configEntry' for group '$group'"
         Set-ACL -ACLObject $acl -Path ("AD:\" + $aclPath)
     }
 }

Step-08-Set-OUGPOPermissions.ps1

@@ -1,19 +1,19 @@
 <#
 
-    .Example
-    $List = @(
-        $(New-Object PSObject -Property @{Group = "Tier1ServerMaintenance"; OUPrefix = "OU=Tier 1 Servers"})
-    )
-    .\Set-OUGPOPermissions.ps1 -list $list -Verbose
-
 #>
 
-[CmdletBinding()]
-param(
-    [Parameter(Mandatory = $True)][PSOBject] $List
-)
+cls
+
+#throw "This is not a robus script"
+$location = Get-Location
+Set-Location C:\Tools
+
 Import-Module ActiveDirectory
 
+$Fichier = "OU-GPO-Permissions.csv"
+
+$List = Import-Csv -Path $Fichier -Delimiter ";"
+
 $rootdse = Get-ADRootDSE
 $domain = Get-ADDomain
 $guidmap = @{ }
@@ -26,10 +26,13 @@ $List | ForEach-Object {
     $Group = $_.Group
     $ouPath = "$OUPrefix,$($domain.DistinguishedName)"
     $ou = Get-ADOrganizationalUnit -Identity $OUPAth
+    
     $adGroup = New-Object System.Security.Principal.SecurityIdentifier (Get-ADGroup -Identity $Group).SID
+
     $acl = Get-ACL -Path "AD:$($ou.DistinguishedName)"
     $acl.AddAccessRule((New-Object System.DirectoryServices.ActiveDirectoryAccessRule $adGroup, "ReadProperty,WriteProperty", "Allow", $guidmap["gplink"], "All"))
     $acl.AddAccessRule((New-Object System.DirectoryServices.ActiveDirectoryAccessRule $adGroup, "ReadProperty", "Allow", $guidmap["gpoptions"], "All"))
-    Write-Verbose "Configuring GPO Permissions on '$ouPath' for group '$Group'"
+
+    Write-Host "Configuring GPO Permissions on '$ouPath' for group '$Group'"
     Set-ACL -ACLObject $acl -Path ("AD:\" + ($ou.DistinguishedName))
 }