Tips-Of-Mine/AD_Tiering_mode
2
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

update

Browse Source
This commit is contained in:
Hubert Cornet
2023-11-29 16:39:09 +01:00
parent 9f02aa3a91
commit d82954d30c
3 changed files with 491 additions and 106 deletions
Download Patch File Download Diff File Expand all files Collapse all files

114
Tiering_steps.ps1
View File

@ -1,4 +1,4 @@
throw "This is not a robus script"
#throw "This is not a robus script"
$location = Get-Location
Set-Location C:\Tools
@ -7,125 +7,29 @@ $dNC = (Get-ADRootDSE).defaultNamingContext
#region Create Top Level OU's
$OUs = @(
$(New-Object PSObject -Property @{Name = "Admin"; ParentOU = "" }),
$(New-Object PSObject -Property @{Name = "Groups"; ParentOU = "" }),
$(New-Object PSObject -Property @{Name = "Tier 1 Servers"; ParentOU = "" }),
$(New-Object PSObject -Property @{Name = "Workstations"; ParentOU = "" }),
$(New-Object PSObject -Property @{Name = "User accounts"; ParentOU = "" }),
$(New-Object PSObject -Property @{Name = "Quarantine"; ParentOU = "" })
)
.\Create-OU.ps1 -OUs $OUs -Verbose
./Step-01-Creation-OU.ps1
#endRegion
#region Create Sub Admin OU's
$OUs = @(
$(New-Object PSObject -Property @{Name = "Tier0"; ParentOU = "ou=Admin" }),
$(New-Object PSObject -Property @{Name = "Tier1"; ParentOU = "ou=Admin" }),
$(New-Object PSObject -Property @{Name = "Tier2"; ParentOU = "ou=Admin" }),
$(New-Object PSObject -Property @{Name = "Accounts"; ParentOU = "ou=Tier0,ou=Admin" }),
$(New-Object PSObject -Property @{Name = "Groups"; ParentOU = "ou=Tier0,ou=Admin" }),
$(New-Object PSObject -Property @{Name = "Service Accounts"; ParentOU = "ou=Tier0,ou=Admin" }),
$(New-Object PSObject -Property @{Name = "Devices"; ParentOU = "ou=Tier0,ou=Admin" }),
$(New-Object PSObject -Property @{Name = "Tier0 Servers"; ParentOU = "ou=Tier0,ou=Admin" }),
$(New-Object PSObject -Property @{Name = "Accounts"; ParentOU = "ou=Tier1,ou=Admin" }),
$(New-Object PSObject -Property @{Name = "Groups"; ParentOU = "ou=Tier1,ou=Admin" }),
$(New-Object PSObject -Property @{Name = "Service Accounts"; ParentOU = "ou=Tier1,ou=Admin" }),
$(New-Object PSObject -Property @{Name = "Devices"; ParentOU = "ou=Tier1,ou=Admin" }),
$(New-Object PSObject -Property @{Name = "Accounts"; ParentOU = "ou=Tier2,ou=Admin" }),
$(New-Object PSObject -Property @{Name = "Groups"; ParentOU = "ou=Tier2,ou=Admin" }),
$(New-Object PSObject -Property @{Name = "Service Accounts"; ParentOU = "ou=Tier2,ou=Admin" }),
$(New-Object PSObject -Property @{Name = "Devices"; ParentOU = "ou=Tier2,ou=Admin" })
)
.\Create-OU.ps1 -OUs $OUs -Verbose
./Step-02-Creation-Groupe.ps1
#endRegion
#region Create Sub Groups OU's
$OUs = @(
$(New-Object PSObject -Property @{Name = "Security Groups"; ParentOU = "ou=Groups" }),
$(New-Object PSObject -Property @{Name = "Distribution Groups"; ParentOU = "ou=Groups" }),
$(New-Object PSObject -Property @{Name = "Contacts"; ParentOU = "ou=Groups" })
)
.\Create-OU.ps1 -OUs $OUs -Verbose
$OUs = @(
$(New-Object PSObject -Property @{Name = "Application"; ParentOU = "ou=Tier 1 Servers" }),
$(New-Object PSObject -Property @{Name = "Collaboration"; ParentOU = "ou=Tier 1 Servers" }),
$(New-Object PSObject -Property @{Name = "Database"; ParentOU = "ou=Tier 1 Servers" }),
$(New-Object PSObject -Property @{Name = "Messaging"; ParentOU = "ou=Tier 1 Servers" }),
$(New-Object PSObject -Property @{Name = "Staging"; ParentOU = "ou=Tier 1 Servers" })
)
.\Create-OU.ps1 -OUs $OUs -Verbose
$OUs = @(
$(New-Object PSObject -Property @{Name = "Desktops"; ParentOU = "ou=Workstations" }),
$(New-Object PSObject -Property @{Name = "Kiosks"; ParentOU = "ou=Workstations" }),
$(New-Object PSObject -Property @{Name = "Laptops"; ParentOU = "ou=Workstations" }),
$(New-Object PSObject -Property @{Name = "Staging"; ParentOU = "ou=Workstations" })
)
.\Create-OU.ps1 -OUs $OUs -Verbose
./Step-03-Set-OUUserPermissions.ps1
#endRegion
#region Create Sub User Accounts OU's
$OUs = @(
$(New-Object PSObject -Property @{Name = "Enabled Users"; ParentOU = "ou=User Accounts" }),
$(New-Object PSObject -Property @{Name = "Disabled Users"; ParentOU = "ou=User Accounts" })
)
.\Create-OU.ps1 -OUs $OUs -Verbose
./Step-04-Set-OUWorkstationPermissions.ps1
#endRegion
#Region Block inheritance for PAW OUs
Set-GpInheritance -Target "OU=Devices,OU=Tier0,OU=Admin,$dnc" -IsBlocked Yes | Out-Null
Set-GpInheritance -Target "OU=Devices,OU=Tier1,OU=Admin,$dnc" -IsBlocked Yes | Out-Null
Set-GpInheritance -Target "OU=Devices,OU=Tier2,OU=Admin,$dnc" -IsBlocked Yes | Out-Null
./Step-05-Set-OUGroupPermissions.ps1
#endRegion
#Region create Groups
$csv = Read-Host -Prompt "Please provide full path to Admin Groups csv file"
.\Create-Group.ps1 -CSVfile $csv -Verbose
$csv = Read-Host -Prompt "Please provide full path to Standard Groups csv file"
.\Create-Group.ps1 -CSVfile $csv -Verbose
#endRegion
#Region Create OU Delegation
$List = @(
$(New-Object PSObject -Property @{Group = "Tier2ServiceDeskOperators"; OUPrefix = "OU=User Accounts" }),
$(New-Object PSObject -Property @{Group = "Tier1Admins"; OUPrefix = "OU=Accounts,ou=Tier1,ou=Admin" }),
$(New-Object PSObject -Property @{Group = "Tier1Admins"; OUPrefix = "OU=Service Accounts,ou=Tier1,ou=Admin" }),
$(New-Object PSObject -Property @{Group = "Tier2Admins"; OUPrefix = "OU=Accounts,ou=Tier2,ou=Admin" }),
$(New-Object PSObject -Property @{Group = "Tier2Admins"; OUPrefix = "OU=Service Accounts,ou=Tier2,ou=Admin" })
)
.\Set-OUUserPermissions.ps1 -list $list -Verbose
$List = @(
$(New-Object PSObject -Property @{Group = "Tier2ServiceDeskOperators"; OUPrefix = "OU=Workstations" }),
$(New-Object PSObject -Property @{Group = "Tier1Admins"; OUPrefix = "OU=Devices,ou=Tier1,ou=Admin" }),
$(New-Object PSObject -Property @{Group = "Tier2Admins"; OUPrefix = "OU=Devices,ou=Tier2,ou=Admin" })
)
.\Set-OUWorkstationPermissions.ps1 -list $list -Verbose
$List = @(
$(New-Object PSObject -Property @{Group = "Tier1Admins"; OUPrefix = "OU=Groups,ou=Tier1,ou=Admin"}),
$(New-Object PSObject -Property @{Group = "Tier2Admins"; OUPrefix = "OU=Groups,ou=Tier2,ou=Admin"})
)
.\Set-OUGroupPermissions.ps1 -list $list -Verbose
$List = @(
$(New-Object PSObject -Property @{Group = "Tier2Tier2WorkstationMaintenance"; OUPrefix = "OU=Quarantine" }),
$(New-Object PSObject -Property @{Group = "Tier2WorkstationMaintenance"; OUPrefix = "OU=Workstations" }),
$(New-Object PSObject -Property @{Group = "Tier1ServerMaintenance"; OUPrefix = "OU=Tier 1 Servers" })
)
.\Set-OUComputerPermissions.ps1 -list $list -Verbose
$List = @(
$(New-Object PSObject -Property @{Group = "Tier0ReplicationMaintenance"; OUPrefix = "" })
)
.\Set-OUReplicationPermissions.ps1 -list $list -Verbose
$List = @(
$(New-Object PSObject -Property @{Group = "Tier1ServerMaintenance"; OUPrefix = "OU=Tier 1 Servers" })
)
.\Set-OUGPOPermissions.ps1 -list $list -Verbose
./Step-06-Set-OUComputerPermissions.ps1
./Step-07-Set-OUReplicationPermissions.ps1
./Step-08-Set-OUGPOPermissions.ps1
#endRegion
Set-Location $location