Hi everyone,
I have a task of copying all the Global Security groups in to Domain Local Security group with added DL_ prefix. I have around 2500 groups so the best way is to use powershell.
So the workflow should look like this:
-->Take Global Security group from Active Directory
-->Make a copy of that group butt with following attributes
-->new group has to be Domain Local Security group
-->name of that group must be the same as Global Security group name but with two letters (DL) added as prefix
example: Global Security group SpecialOps is copied to Domain Local group called DL_SpecialOps
Adding members from Global to Domain local is not necessary.
For now I have this but it is not working, so can someone please correct this script.
Get-ADGroup-Filter'GroupScope -eq "Global" -and GroupCategory -eq "Security"'-Properties*|ForEach-Object{ $globalGroup = $_ $container = $globalGroup.DistinguishedName-replace '^cn=.+?(?<!\\),' $localGroupCN ="$($globalGroup.Name)_Local" $localGroupSam ="$($globalGroup.SamAccountName)_Local"if(Get-ADGroup-Filter"SamAccountName -eq '$localGroupSam'"){# Local group already exists; you may want to handle this condition in some way.# as written, it just falls through and tries to add the global group's memberships.}else{ $params =@{Name= $localGroupCNSamAccountName= $localGroupSamGroupCategory='Security'GroupScope='DomainLocal'Description= $globalGroup.DescriptionDisplayName= $globalGroup.DisplayNameManagedBy= $globalGroup.ManagedByPath= $container}try{New-ADGroup@params-ErrorActionStop}catch{Write-Error-ErrorRecord $_return}}Get-ADGroupMember-Identity $globalGroup |Add-ADPrincipalGroupMembership-MemberOf $localGroupSamGet-ADPrincipalGroupMembership-Identity $globalGroup |Add-ADGroupMember-Members $localGroupSam}
Thank you.