-
-
Notifications
You must be signed in to change notification settings - Fork 280
/
Copy pathCreateGroup.ps1
133 lines (107 loc) · 5.02 KB
/
CreateGroup.ps1
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
Function CreateGroup {
<#
.SYNOPSIS
Creates a Group in an active directory environment based on random data
.DESCRIPTION
Starting with the root container this tool randomly places users in the domain.
.PARAMETER Domain
The stored value of get-addomain is used for this. It is used to call the PDC and other items in the domain
.PARAMETER OUList
The stored value of get-adorganizationalunit -filter *. This is used to place users in random locations.
.PARAMETER UserList
The stored value of get-aduser -filter *. This is used to place make random users owners/managers of groups.
.PARAMETER ScriptDir
The location of the script. Pulling this into a parameter to attempt to speed up processing.
.EXAMPLE
.NOTES
Unless required by applicable law or agreed to in writing, software
distributed under the License is distributed on an "AS IS" BASIS,
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
See the License for the specific language governing permissions and
limitations under the License.
Author's blog: https://www.secframe.com
#>
[CmdletBinding()]
param
(
[Parameter(Mandatory = $false,
Position = 1,
HelpMessage = 'Supply a result from get-addomain')]
[Object[]]$Domain,
[Parameter(Mandatory = $false,
Position = 2,
HelpMessage = 'Supply a result from get-adorganizationalunit -filter *')]
[Object[]]$OUList,
[Parameter(Mandatory = $false,
Position = 3,
HelpMessage = 'Supply a result from get-aduser -filter *')]
[Object[]]$UserList,
[Parameter(Mandatory = $false,
Position = 4,
HelpMessage = 'Supply the script directory for where this script is stored')]
[string]$ScriptDir
)
if(!$PSBoundParameters.ContainsKey('Domain')){
if($args[0]){$setDC = $args[0].pdcemulator}
else{$setDC = (Get-ADDomain).pdcemulator}
}else {$setDC = $Domain.pdcemulator}
if (!$PSBoundParameters.ContainsKey('OUList')){
if($args[1]){
$OUsAll = $args[1]
}
else{
$OUsAll = get-adobject -Filter {objectclass -eq 'organizationalunit'} -ResultSetSize 300
}
}else {
$OUsAll = $OUList
}
if (!$PSBoundParameters.ContainsKey('UserList')){
if($args[1]){
$UserList = $args[2]
}
else{
$UserList = get-aduser -ResultSetSize 2500 -Server $setDC -Filter *
}
}else {
$UserList = $UserList
}
if (!$PSBoundParameters.ContainsKey('ScriptDir')){
if($args[2]){
$groupscriptPath = $args[2]}
else{
$groupscriptPath = "$((Get-Location).path)\AD_Groups_Create\"
}
}else{
$groupscriptPath = $ScriptDir
}
$ownerinfo = get-random $userlist
$Description = "User Group Created by Badblood github.com/davidprowe/badblood"
<#
================================
OU LOCATION
================================
$OUsAll = get-adobject -Filter {objectclass -eq 'organizationalunit'} -ResultSetSize 300
will work on adding objects to containers later $ousall += get-adobject -Filter {objectclass -eq 'container'} -ResultSetSize 300|where-object -Property objectclass -eq 'container'|where-object -Property distinguishedname -notlike "*}*"|where-object -Property distinguishedname -notlike "*DomainUpdates*"
#>
$ouLocation = (get-random $OUsAll).distinguishedname
$Groupnameprefix = ''
$Groupnameprefix = ($ownerinfo.samaccountname).substring(0,2)
$application = try{(get-content($groupscriptPath + '\hotmail.txt')|get-random).substring(0,9)} catch{(get-content($groupscriptPath + '\hotmail.txt')|get-random).substring(0,3) }
$functionint = 1..100|Get-random
if($functionint -le 25){$function = 'admingroup'}else{$function = 'distlist'}
$GroupNameFull = $Groupnameprefix + '-'+$Application+ '-'+$Function
<#
Append name if dupe /
#>
$i = 1
$checkAcct = $null
do {
try{$checkAcct = get-adgroup $GroupNameFull}
catch{
$GroupNameFull = $GroupNameFull + $i
}
$i++
}while($null -ne $checkAcct)
try{New-ADGroup -Server $setdc -Description $Description -Name $GroupNameFull -Path $ouLocation -GroupCategory Security -GroupScope Global -ManagedBy $ownerinfo.distinguishedname}
catch{}
}