Hi everyone.
I have already posted a task here about cloning all AD global groups to AD Domain Local groups, and some members here have helped me correct my script so now it runs normally. Now I need to extend that script and after the cloning is done, I have to add all corespondent Global groups to their Domain Local group match.
I have expanded script that I had and that is working, but for now it does not add those Global groups to their corresponded Domain Local.
Can someone please examine my script and tell me what I am doing wrong?
$groups = Get-ADGroup `
-Filter 'GroupScope -eq "Global" -and GroupCategory -eq "Security"' `
-Properties Description,DisplayName,ManagedBy
ForEach ($group in $groups) {
$params = @{
Path = $group.DistinguishedName -replace '^cn=.+?(?<!\\),'
Name = "DL_$($group.Name)"
SamAccountName = "DL_$($group.SamAccountName)"
Description = "$($group.Description)"
DisplayName = "$($group.DisplayName)"
ManagedBy = $group.ManagedBy
GroupCategory = "Security"
GroupScope = "DomainLocal"
}
Try {
Get-ADGroup -Identity "DL_$($group.SamAccountName)" | Out-Null
}
Catch {
New-ADGroup @params
}
Get-ADGroup -Identity $globalGroup | Add-ADPrincipalGroupMembership -MemberOf $localGroupSam
Get-ADPrincipalGroupMembership -Identity $globalGroup | Add-ADPrincipalGroupMembership -Members $localGroupSam
}