« Russian Channel 9 goes Silverlight
AD cmdlets in the voting booth »

Bulk group type & scope change

Published September 26, 2007 Active Directory , AD , AD cmdlets , cmdlets , Examples , one-liner , oneliner , PowerShell Comments

How do you bulk change group scope and type in PowerShell? This came up in the newsgroup today so I thought I would blog about the solution as well.

Suppose you want to change the scope of all Global Distribution groups in your domain to Universal. Getting the groups is easy – you just use Get-QADGroup with the appropriate parameters. However, AD cmdlets 1.0.4 still don’t have the Set-QADGroup cmdlet (which is coming soon ;) ) so as usual we can cheat here by using Set-QADObject cmdlet and ObjectAttributes parameter which give access to any AD objects and attributes.

Because of this workaround we’ll need to supply the appropriate value for the new type and scope. This table will help you pick the one you need:

Value GroupType
2 Global distribution group
4 Domain local distribution group
8 Universal distribution group
-2147483646 Global security group
-2147483644 Domain local security group
-2147483640 Universal security group

So for example taking all global distribution groups and making them universal is a matter of running this one-liner:

Get-QADGroup -GroupType Distribution -GroupScope Global | Set-QADObject -ObjectAttributes @{grouptype=8}

A couple of notes:

  • By default, Get-QADGroup will only retrieve the first 1000 of groups matching the criteria. If you have more you might want to change the default size limit. Setting it to 0 will remove all limitations: -SizeLimit 0.
  • Not all groups can be converted to all types.

Tags: , , , , , , ,

About these ads

5 Responses to “Bulk group type & scope change”

Feed for this Entry Trackback Address
  1. 1 David Foreman March 12, 2009 at 3:31 pm

    Dmitry,
    I ran into a really strange Problem. I’m using get-QADgrp to select groups so that I can use it in a database. Wehn I first use the command I performed an export-csv with the fields I was looking for and pulled it into excel and the results were as expected: Scope came back with either universal – Global – Local and type came back with Security or Distribution.

    Here is where it gets weird – when I did the same command only this time instead of the expectant “names” I’m getting numbers but not the same numbers you have referance. I’m geting 1-3??? as far as I can tell there is no corelation… Any sugestions.

    Reply
  2. 2 Dmitry Sotnikov March 12, 2009 at 8:51 pm

    David,

    This is very weird. Could you post this, the exact code you are using, and the sample results (obviously with your domain names and group names obfuscated) to our AD PowerShell forum at http://www.powergui.org/forum.jspa?forumID=173 ?

    I would really like our team to troubleshoot this with you.

    Dmitry

    Reply
  3. 3 David Foreman March 17, 2009 at 1:38 pm

    Dmitry, Sorry about the delay, I’ve been working on a time deadline and I have 4 scripts all to get a picture of our AD Groups / Shares information.

    Here is the code I’m using it is pretty simple really.

    get-qadgroup -searchroot domain/ou -sizelimit 0 |select-object groupname, dn, description, notes, email, creationdate, groupscope, grouptype, modification date | export-csv -path H:\group-list.csv

    When I open this file in a Excell spreadsheet. I get the expected reults: group type security or distribution,
    Groups scope: domain local, Global, Universal

    Now, when I run the same code but instead write to a access database the result is the numbers as describe above. Here is that code:

    # this builds a set for Group groupname-Object-description-notes out of the groups in the HB OU – df
    # get-qadgroup -searchroot Domain/OU -sizelimit 0 |select-object name, dn, description, notes | export-csv -path H:\group-list.csv
    $objGroup = get-qadgroup -searchroot Domain/OU -sizelimit 0
    ####
    #this is the Part that writes directly to an access database.
    #
    # First part create varibles of data Base
    $strDB = “h:\Security-grp-shares1.accdb”
    $strTable = “tblGrpSec”
    $strAccessQuery = “Select * from $strTable”
    # next set of varibles define all the parameters for opening access database
    $adOpenStatic = 3
    $adLockOptimistic = 3
    $objConnection = New-Object -ComObject ADODB.Connection
    $objRecordSet = new-object -ComObject ADODB.Recordset
    $objConnection.Open(“Provider = Microsoft.ACE.OLEDB.12.0; `
    Data Source= $strDB”)
    $objRecordSet.Open($strAccessQuery, `
    $objConnection, $adOpenStatic, $adLockOptimistic)

    write-host -foreGroundColor yellow “Obtaining share info …”

    foreach ($Group in $objGroup)
    {
    $grpName = $Group.GroupName
    $grpDN = $Group.DN
    $grpDesc = $Group.Description
    $grpNotes = $Group.Notes
    $grpType = $Group.GroupType
    $grpScope = $Group.GroupScope
    $grpCreDate = $Group.CreationDate
    $grpModDate = $Group.ModificationDate
    $grpEmail = $Group.Email

    $objRecordSet.addnew()
    $objRecordSet.Fields.item(“grpName”) = $grpName
    $objRecordSet.Fields.item(“grpDN”) = $grpDN
    $objRecordSet.Fields.item(“grpDesc”) = $grpDesc
    $objRecordSet.Fields.item(“grpNotes”) = $grpNotes
    $objRecordSet.Fields.item(“grpType”) = $grpType
    $objRecordSet.Fields.item(“grpScope”) = $grpScope
    $objRecordSet.Fields.item(“grpCreDate”) = $grpCreDate
    $objRecordSet.Fields.item(“grpModDate”) = $grpModDate
    $objRecordSet.Fields.item(“grpEmail”) = $grpEmail
    $objRecordSet.Update()
    write-host -foregroundColor yellow “/\” -noNewLine
    }

    $objRecordSet.Close()
    $objConnection.Close()

    Reply
  4. 4 Dmitry Sotnikov March 17, 2009 at 2:07 pm

    I am not a database guru but I bet type transformation is going wrong somewhere.

    Try doing:

    $grpType = $Group.GroupType.ToString()

    instead of just $grpType = $Group.GroupType

    This should make type transformation explicit.

    Dmitry

    Reply
  5. 5 RajeshGowda March 6, 2011 at 8:10 am

    -2147483643 – Builtin groups

    Reply

Leave a Reply

Fill in your details below or click an icon to log in:

Gravatar
WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Cancel

Connecting to %s

« Russian Channel 9 goes Silverlight
AD cmdlets in the voting booth »

 Subscribe in a reader

Subscribe by email

Add to Technorati Favorites

My Recent Tweets

RSS My company’s blog

  • Fun at HostingCon 2013
    The smell of the hosting industry’s finest is in the air, and of course we sent some of the Jelastic team to attend and proudly exhibit at HostingCon 2013 this week in Austin, Texas.  From what I have been reading, there are more than 50 scheduled sessions from Sales and Marketing, Technology, Issues and Trends and [...]The post Fun at HostingCon 2013 appear […]
  • Secure Access to Your Jetty Web Application
    Today’s post focuses on the web application security related features of Jetty app server. After reading this article you should be able to configure security realms to provide authentication and access control for your Jetty web application, as well as to grant access to your app for dedicated IP-addresses only. Before we start let’s examine what Jetty real […]
  • Software Stacks Market Share: May 2013
    We are back to update you with the latest trends in software stacks popularity for May 2013. This time we decided to collect the numbers in a different way to get more accurate statistics. As you remember previously we counted the number of the environments, where each software stack was used. We’ve changed the reporting [...]The post Software Stacks Market […]
  • Setting Up a Cronjob in Jelastic Cloud
    Cronjob allows you to configure regularly scheduled tasks so that the jobs can be run automatically at a pre-set point of time. It repeats itself and does not need any regular manual instructions. Cron automates your system and can be used for quite different purposes. This wonderful tool is a standard part of all sysadmins toolkit. Also cronjob has a [...]T […]
  • How to Deploy Joget Cluster into the Cloud
    Joget Workflow is an open source platform that allows you to build enterprise web applications easily, due to its rich set of tools. It is also a rapid application development platform that provides complete agile development capabilities, including consisting of processes, forms, lists, CRUD and UI; not just back-end EAI/orchestration/integration or the tas […]
  • Liferay Cluster in the Cloud
    Liferay Portal is one of the most popular Java CMSs in the world due to its impressive ease-of-use. Since we published the tutorial on Liferay deployment to the cloud we have seen an extremely positive reaction from its community. Also we have received multiple requests from Liferay fans asking about clustering, replication and fail-over capabilities in the […]
  • Mark Zbikowski Veteran Microsoft Architect Joins Jelastic
    Jelastic already has an impressive team of advisers including Serguei Beloussov, the founder of Parallels. We also have technical geniuses who endorse and use Jelastic including the father of Java James Gosling, David Blevins who founded the TomEE project, and Michael “Monty” Widenius, the author of the original version of the open-source MySQL database and […]

Legal

The posts on this blog are provided “as is” with no warranties and confer no rights. The opinions expressed on this site are mine and mine alone, and do not necessarily represent those of my former employer - Quest Software, or my current employer - Jelastic or anyone else for that matter. All trademarks acknowledged.

© 2007-2013 Dmitry Sotnikov

Pages

September 2007
M T W T F S S
« Aug   Oct »
 12
3456789
10111213141516
17181920212223
24252627282930
Follow

Get every new post delivered to your Inbox.

Join 67 other followers

%d bloggers like this: