Tips-Of-Mine/AD_Tiering_mode
2
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
AD_Tiering_mode/Tiering_steps.ps1
hcornet 92d8156af0 update
2023-11-28 10:03:24 +01:00

132 lines
6.3 KiB
PowerShell
Raw Blame History

throw "This is not a robus script"
$location = Get-Location
Set-Location C:\Tools
Import-Module ActiveDirectory
$dNC = (Get-ADRootDSE).defaultNamingContext
#region Create Top Level OU's
$OUs = @(
$(New-Object PSObject -Property @{Name = "Admin"; ParentOU = "" }),
$(New-Object PSObject -Property @{Name = "Groups"; ParentOU = "" }),
$(New-Object PSObject -Property @{Name = "Tier 1 Servers"; ParentOU = "" }),
$(New-Object PSObject -Property @{Name = "Workstations"; ParentOU = "" }),
$(New-Object PSObject -Property @{Name = "User accounts"; ParentOU = "" }),
$(New-Object PSObject -Property @{Name = "Quarantine"; ParentOU = "" })
)
.\Create-OU.ps1 -OUs $OUs -Verbose
#endRegion
#region Create Sub Admin OU's
$OUs = @(
$(New-Object PSObject -Property @{Name = "Tier0"; ParentOU = "ou=Admin" }),
$(New-Object PSObject -Property @{Name = "Tier1"; ParentOU = "ou=Admin" }),
$(New-Object PSObject -Property @{Name = "Tier2"; ParentOU = "ou=Admin" }),
$(New-Object PSObject -Property @{Name = "Accounts"; ParentOU = "ou=Tier0,ou=Admin" }),
$(New-Object PSObject -Property @{Name = "Groups"; ParentOU = "ou=Tier0,ou=Admin" }),
$(New-Object PSObject -Property @{Name = "Service Accounts"; ParentOU = "ou=Tier0,ou=Admin" }),
$(New-Object PSObject -Property @{Name = "Devices"; ParentOU = "ou=Tier0,ou=Admin" }),
$(New-Object PSObject -Property @{Name = "Tier0 Servers"; ParentOU = "ou=Tier0,ou=Admin" }),
$(New-Object PSObject -Property @{Name = "Accounts"; ParentOU = "ou=Tier1,ou=Admin" }),
$(New-Object PSObject -Property @{Name = "Groups"; ParentOU = "ou=Tier1,ou=Admin" }),
$(New-Object PSObject -Property @{Name = "Service Accounts"; ParentOU = "ou=Tier1,ou=Admin" }),
$(New-Object PSObject -Property @{Name = "Devices"; ParentOU = "ou=Tier1,ou=Admin" }),
$(New-Object PSObject -Property @{Name = "Accounts"; ParentOU = "ou=Tier2,ou=Admin" }),
$(New-Object PSObject -Property @{Name = "Groups"; ParentOU = "ou=Tier2,ou=Admin" }),
$(New-Object PSObject -Property @{Name = "Service Accounts"; ParentOU = "ou=Tier2,ou=Admin" }),
$(New-Object PSObject -Property @{Name = "Devices"; ParentOU = "ou=Tier2,ou=Admin" })
)
.\Create-OU.ps1 -OUs $OUs -Verbose
#endRegion
#region Create Sub Groups OU's
$OUs = @(
$(New-Object PSObject -Property @{Name = "Security Groups"; ParentOU = "ou=Groups" }),
$(New-Object PSObject -Property @{Name = "Distribution Groups"; ParentOU = "ou=Groups" }),
$(New-Object PSObject -Property @{Name = "Contacts"; ParentOU = "ou=Groups" })
)
.\Create-OU.ps1 -OUs $OUs -Verbose
$OUs = @(
$(New-Object PSObject -Property @{Name = "Application"; ParentOU = "ou=Tier 1 Servers" }),
$(New-Object PSObject -Property @{Name = "Collaboration"; ParentOU = "ou=Tier 1 Servers" }),
$(New-Object PSObject -Property @{Name = "Database"; ParentOU = "ou=Tier 1 Servers" }),
$(New-Object PSObject -Property @{Name = "Messaging"; ParentOU = "ou=Tier 1 Servers" }),
$(New-Object PSObject -Property @{Name = "Staging"; ParentOU = "ou=Tier 1 Servers" })
)
.\Create-OU.ps1 -OUs $OUs -Verbose
$OUs = @(
$(New-Object PSObject -Property @{Name = "Desktops"; ParentOU = "ou=Workstations" }),
$(New-Object PSObject -Property @{Name = "Kiosks"; ParentOU = "ou=Workstations" }),
$(New-Object PSObject -Property @{Name = "Laptops"; ParentOU = "ou=Workstations" }),
$(New-Object PSObject -Property @{Name = "Staging"; ParentOU = "ou=Workstations" })
)
.\Create-OU.ps1 -OUs $OUs -Verbose
#endRegion
#region Create Sub User Accounts OU's
$OUs = @(
$(New-Object PSObject -Property @{Name = "Enabled Users"; ParentOU = "ou=User Accounts" }),
$(New-Object PSObject -Property @{Name = "Disabled Users"; ParentOU = "ou=User Accounts" })
)
.\Create-OU.ps1 -OUs $OUs -Verbose
#endRegion
#Region Block inheritance for PAW OUs
Set-GpInheritance -Target "OU=Devices,OU=Tier0,OU=Admin,$dnc" -IsBlocked Yes | Out-Null
Set-GpInheritance -Target "OU=Devices,OU=Tier1,OU=Admin,$dnc" -IsBlocked Yes | Out-Null
Set-GpInheritance -Target "OU=Devices,OU=Tier2,OU=Admin,$dnc" -IsBlocked Yes | Out-Null
#endRegion
#Region create Groups
$csv = Read-Host -Prompt "Please provide full path to Admin Groups csv file"
.\Create-Group.ps1 -CSVfile $csv -Verbose
$csv = Read-Host -Prompt "Please provide full path to Standard Groups csv file"
.\Create-Group.ps1 -CSVfile $csv -Verbose
#endRegion
#Region Create OU Delegation
$List = @(
$(New-Object PSObject -Property @{Group = "Tier2ServiceDeskOperators"; OUPrefix = "OU=User Accounts" }),
$(New-Object PSObject -Property @{Group = "Tier1Admins"; OUPrefix = "OU=Accounts,ou=Tier1,ou=Admin" }),
$(New-Object PSObject -Property @{Group = "Tier1Admins"; OUPrefix = "OU=Service Accounts,ou=Tier1,ou=Admin" }),
$(New-Object PSObject -Property @{Group = "Tier2Admins"; OUPrefix = "OU=Accounts,ou=Tier2,ou=Admin" }),
$(New-Object PSObject -Property @{Group = "Tier2Admins"; OUPrefix = "OU=Service Accounts,ou=Tier2,ou=Admin" })
)
.\Set-OUUserPermissions.ps1 -list $list -Verbose
$List = @(
$(New-Object PSObject -Property @{Group = "Tier2ServiceDeskOperators"; OUPrefix = "OU=Workstations" }),
$(New-Object PSObject -Property @{Group = "Tier1Admins"; OUPrefix = "OU=Devices,ou=Tier1,ou=Admin" }),
$(New-Object PSObject -Property @{Group = "Tier2Admins"; OUPrefix = "OU=Devices,ou=Tier2,ou=Admin" })
)
.\Set-OUWorkstationPermissions.ps1 -list $list -Verbose
$List = @(
$(New-Object PSObject -Property @{Group = "Tier1Admins"; OUPrefix = "OU=Groups,ou=Tier1,ou=Admin"}),
$(New-Object PSObject -Property @{Group = "Tier2Admins"; OUPrefix = "OU=Groups,ou=Tier2,ou=Admin"})
)
.\Set-OUGroupPermissions.ps1 -list $list -Verbose
$List = @(
$(New-Object PSObject -Property @{Group = "Tier2Tier2WorkstationMaintenance"; OUPrefix = "OU=Quarantine" }),
$(New-Object PSObject -Property @{Group = "Tier2WorkstationMaintenance"; OUPrefix = "OU=Workstations" }),
$(New-Object PSObject -Property @{Group = "Tier1ServerMaintenance"; OUPrefix = "OU=Tier 1 Servers" })
)
.\Set-OUComputerPermissions.ps1 -list $list -Verbose
$List = @(
$(New-Object PSObject -Property @{Group = "Tier0ReplicationMaintenance"; OUPrefix = "" })
)
.\Set-OUReplicationPermissions.ps1 -list $list -Verbose
$List = @(
$(New-Object PSObject -Property @{Group = "Tier1ServerMaintenance"; OUPrefix = "OU=Tier 1 Servers" })
)
.\Set-OUGPOPermissions.ps1 -list $list -Verbose
#endRegion
Set-Location $location
Reference in New Issue View Git Blame Copy Permalink