mczerniawski/LAPS_CreateGroups.ps1

## LAPS_CreateGroups.ps1
$Share_GPOInstalls_RGroupProps = @{
    Name = 'GPOInstalls_R'
    SamAccountName = 'GPOInstalls_R'
    Description = 'Members allowed to read from Share GPOInstalls'
    DisplayName = 'GPOInstalls_R'
    GroupCategory = 'Security'
    GroupScope= 'Universal'
    Path = 'OU=AD,OU=Security Groups,DC=contoso,DC=com'
}
New-ADGroup @Share_GPOInstalls_RGroupProps

$Share_GPOInstalls_RWGroupProps = @{
    Name = 'GPOInstalls_RW'
    SamAccountName = 'GPOInstalls_RW'
    Description = 'Members with full access to Share GPOInstalls'
    DisplayName = 'GPOInstalls_RW'
    GroupCategory = 'Security'
    GroupScope= 'Universal'
    Path = 'OU=AD,OU=Security Groups,DC=contoso,DC=com'
}
New-ADGroup @Share_GPOInstalls_RWGroupProps


Add-ADGroupMember -Identity $Share_GPOInstalls_RGroupProps.SamAccountName -Members 'Domain users'
Add-ADGroupMember -Identity $Share_GPOInstalls_RWGroupProps.SamAccountName -Members 'Domain admins'

$ServerGroupProps = @{
    Name = 'LAPSServer_Read'
    SamAccountName = 'LAPSServers_Read'
    Description = 'Members allowed to read LAPS attributes for Servers'
    DisplayName = 'LAPSServers_Read'
    GroupCategory = 'Security'
    GroupScope= 'Universal'
    Path = 'OU=AD,OU=Security Groups,DC=contoso,DC=com'
}
New-ADGroup @ServerGroupProps

$WorkstationGroupProps = @{
    Name = 'LAPSWorkstation_Read'
    SamAccountName = 'LAPSWorkstation_Read'
    Description = 'Members allowed to read LAPS attributes for Workstations'
    DisplayName = 'LAPSWorkstation_Read'
    GroupCategory = 'Security'
    GroupScope= 'Universal'
    Path = 'OU=AD,OU=Security Groups,DC=contoso,DC=com'
}
New-ADGroup @WorkstationGroupProps
	$Share_GPOInstalls_RGroupProps = @{
	Name = 'GPOInstalls_R'
	SamAccountName = 'GPOInstalls_R'
	Description = 'Members allowed to read from Share GPOInstalls'
	DisplayName = 'GPOInstalls_R'
	GroupCategory = 'Security'
	GroupScope= 'Universal'
	Path = 'OU=AD,OU=Security Groups,DC=contoso,DC=com'
	}
	New-ADGroup @Share_GPOInstalls_RGroupProps

	$Share_GPOInstalls_RWGroupProps = @{
	Name = 'GPOInstalls_RW'
	SamAccountName = 'GPOInstalls_RW'
	Description = 'Members with full access to Share GPOInstalls'
	DisplayName = 'GPOInstalls_RW'
	GroupCategory = 'Security'
	GroupScope= 'Universal'
	Path = 'OU=AD,OU=Security Groups,DC=contoso,DC=com'
	}
	New-ADGroup @Share_GPOInstalls_RWGroupProps


	Add-ADGroupMember -Identity $Share_GPOInstalls_RGroupProps.SamAccountName -Members 'Domain users'
	Add-ADGroupMember -Identity $Share_GPOInstalls_RWGroupProps.SamAccountName -Members 'Domain admins'

	$ServerGroupProps = @{
	Name = 'LAPSServer_Read'
	SamAccountName = 'LAPSServers_Read'
	Description = 'Members allowed to read LAPS attributes for Servers'
	DisplayName = 'LAPSServers_Read'
	GroupCategory = 'Security'
	GroupScope= 'Universal'
	Path = 'OU=AD,OU=Security Groups,DC=contoso,DC=com'
	}
	New-ADGroup @ServerGroupProps

	$WorkstationGroupProps = @{
	Name = 'LAPSWorkstation_Read'
	SamAccountName = 'LAPSWorkstation_Read'
	Description = 'Members allowed to read LAPS attributes for Workstations'
	DisplayName = 'LAPSWorkstation_Read'
	GroupCategory = 'Security'
	GroupScope= 'Universal'
	Path = 'OU=AD,OU=Security Groups,DC=contoso,DC=com'
	}
	New-ADGroup @WorkstationGroupProps