{"id":598,"date":"2014-10-02T00:01:00","date_gmt":"2014-10-02T00:01:00","guid":{"rendered":"https:\/\/blogs.technet.microsoft.com\/heyscriptingguy\/2014\/10\/02\/use-powershell-to-create-local-groups\/"},"modified":"2014-10-02T00:01:00","modified_gmt":"2014-10-02T00:01:00","slug":"use-powershell-to-create-local-groups","status":"publish","type":"post","link":"https:\/\/devblogs.microsoft.com\/scripting\/use-powershell-to-create-local-groups\/","title":{"rendered":"Use PowerShell to Create Local Groups"},"content":{"rendered":"<p><b style=\"font-size:12px\">Summary<\/b><span style=\"font-size:12px\">: Microsoft Scripting Guy, Ed Wilson, talks about creating local groups.<\/span>\nMicrosoft Scripting Guy, Ed Wilson, is here. Creating a local group works exactly the same way as creating a local user account (see <a href=\"http:\/\/blogs.technet.comhttps:\/\/devblogs.microsoft.com\/scripting\/use-powershell-to-create-local-users\/\" target=\"_blank\">Use PowerShell to Create Local User Accounts<\/a>). The process involves the following steps:<\/p>\n<ol>\n<li>Create a connection to the local user account database by using the <b>[ADSI]<\/b> type accelerator and WinNT.<\/li>\n<li>Use the connection to call the <b>Create<\/b> method, and specify two values for the method call: <b>Group<\/b> in the first position and the name of the group in the second position.<\/li>\n<li>Call <b>SetInfo<\/b> to write the group back to the local account database.<\/li>\n<li>Specify a value for the description.<\/li>\n<li>Call <b>Setinfo<\/b> again to write the description to the group.<\/li>\n<\/ol>\n<p><b>&nbsp; Notes&nbsp;<\/b><\/p>\n<ul>\n<li>When creating a local group, you must open the Windows PowerShell console or the Windows PowerShell ISE with Admin rights<\/li>\n<li>When using WinNT, it must be capitalized exactly like this: WinNT.<\/li>\n<\/ul>\n<p>At this point, there are no Windows PowerShell cmdlets from Microsoft that make it easy to create a local user account or a local group. Although it is possible to use the Desired State Configuration (DSC ) provider&nbsp;and the local account provider, this requires Windows PowerShell&nbsp;4.0. There are a couple of modules written, such as my <a href=\"http:\/\/gallery.technet.microsoft.com\/scriptcenter\/Local-Account-Management-a777191b\/view\/Discussions#content\" target=\"_blank\">Local Account Management module<\/a>, which expose advanced functions to make this easier. Other than that, it is old-school ADSI to the rescue.<\/p>\n<h2>Create the connection to the local account database<\/h2>\n<p>The first thing I do is use the <b>ADSI<\/b> type accelerator and the WinNT provider to make a connection to the local account database on my computer. I store the returned object in a variable named <b>$cn<\/b> as shown here:<\/p>\n<p style=\"margin-left:30px\">$cn = [ADSI]&#8221;WinNT:\/\/edlt&#8221;<\/p>\n<h2>Call the create method to create the group<\/h2>\n<p>When I have my connection to the local account database, I can call the <b>Create<\/b><i> <\/i>method. This method does not show up via Tab expansion or <b>Get-Member<\/b>. But it is available, and it does work. When I call the <b>Create<\/b><i> <\/i>method, I supply two values. The first is the keyword <b>Group<\/b>, and the second is the name of the group. In the following example, I call the group <b>mygroup<\/b>:<\/p>\n<p style=\"margin-left:30px\">$group = $cn.Create(&#8220;Group&#8221;,&#8221;mygroup&#8221;)<\/p>\n<h2>Call SetInfo<\/h2>\n<p>Now I need to call the <b>SetInfo<\/b> method to write the object back to the local account database:<\/p>\n<p style=\"margin-left:30px\">PS C:&gt; $group.setinfo\n&nbsp;<\/p>\n<p style=\"margin-left:30px\">OverloadDefinitions&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;<\/p>\n<p style=\"margin-left:30px\">&#8212;&#8212;&#8212;&#8212;&#8212;&#8212;-&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;\nOnce again, note that the <b>SetInfo<\/b> method does not appear via Tab expansion. When I call this method, I must include empty parenthesis ( <b>() <\/b>)<b> <\/b>at the end of the method call, or else the syntax appears. Here is the command I use:<\/p>\n<p style=\"margin-left:30px\">$group.setinfo()<\/p>\n<h2>Add a description<\/h2>\n<p>Now I want to add a description to the group. This is optional, but I consider it a best practice from when I used to be a network administrator. I would often find groups and service accounts that were created with no description and no information as to why they were there or what they were used for. By adding a description, the group becomes self-documenting. When I see a group with a description of &ldquo;test group&rdquo; I can be pretty safe in deleting it. Even better is the description &ldquo;safe to delete.&rdquo; Here is the command:<\/p>\n<p style=\"margin-left:30px\">$group.description = &#8220;Test group&#8221;<\/p>\n<p style=\"margin-left:30px\">$group.SetInfo()\nThe complete script is shown here:<\/p>\n<p style=\"margin-left:30px\"># CreateLocalGroup.ps1\n&nbsp;<\/p>\n<p style=\"margin-left:30px\">$cn = [ADSI]&#8221;WinNT:\/\/edlt&#8221;<\/p>\n<p style=\"margin-left:30px\">$group = $cn.Create(&#8220;Group&#8221;,&#8221;mygroup&#8221;)<\/p>\n<p style=\"margin-left:30px\">$group.setinfo()<\/p>\n<p style=\"margin-left:30px\">$group.description = &#8220;Test group&#8221;<\/p>\n<p style=\"margin-left:30px\">$group.SetInfo()\nThat is all there is using Windows PowerShell to creating a local group. Obviously, I need to add members to the group, and that is what I will discuss tomorrow. I can also use standard Windows PowerShell techniques to test for things like if the group exists or to create multiple groups.\nI invite you to follow me on <a href=\"http:\/\/bit.ly\/scriptingguystwitter\" target=\"_blank\">Twitter<\/a> and <a href=\"http:\/\/bit.ly\/scriptingguysfacebook\" target=\"_blank\">Facebook<\/a>. If you have any questions, send email to me at <a href=\"http:\/\/blogs.technet.commailto:scripter@microsoft.com\" target=\"_blank\">scripter@microsoft.com<\/a>, or post your questions on the <a href=\"http:\/\/bit.ly\/scriptingforum\" target=\"_blank\">Official Scripting Guys Forum<\/a>. See you tomorrow. Until then, peace.\n<b>Ed Wilson, Microsoft Scripting Guy<\/b><span style=\"font-size:12px\">&nbsp;<\/span><\/p>\n","protected":false},"excerpt":{"rendered":"<p>Summary: Microsoft Scripting Guy, Ed Wilson, talks about creating local groups. Microsoft Scripting Guy, Ed Wilson, is here. Creating a local group works exactly the same way as creating a local user account (see Use PowerShell to Create Local User Accounts). The process involves the following steps: Create a connection to the local user account [&hellip;]<\/p>\n","protected":false},"author":596,"featured_media":87096,"comment_status":"open","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"_acf_changed":false,"footnotes":""},"categories":[1],"tags":[535,24,3,45],"class_list":["post-598","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-scripting","tag-local-accounts","tag-other-directory-services","tag-scripting-guy","tag-windows-powershell"],"acf":[],"blog_post_summary":"<p>Summary: Microsoft Scripting Guy, Ed Wilson, talks about creating local groups. Microsoft Scripting Guy, Ed Wilson, is here. Creating a local group works exactly the same way as creating a local user account (see Use PowerShell to Create Local User Accounts). The process involves the following steps: Create a connection to the local user account [&hellip;]<\/p>\n","_links":{"self":[{"href":"https:\/\/devblogs.microsoft.com\/scripting\/wp-json\/wp\/v2\/posts\/598","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/devblogs.microsoft.com\/scripting\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/devblogs.microsoft.com\/scripting\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/devblogs.microsoft.com\/scripting\/wp-json\/wp\/v2\/users\/596"}],"replies":[{"embeddable":true,"href":"https:\/\/devblogs.microsoft.com\/scripting\/wp-json\/wp\/v2\/comments?post=598"}],"version-history":[{"count":0,"href":"https:\/\/devblogs.microsoft.com\/scripting\/wp-json\/wp\/v2\/posts\/598\/revisions"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/devblogs.microsoft.com\/scripting\/wp-json\/wp\/v2\/media\/87096"}],"wp:attachment":[{"href":"https:\/\/devblogs.microsoft.com\/scripting\/wp-json\/wp\/v2\/media?parent=598"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/devblogs.microsoft.com\/scripting\/wp-json\/wp\/v2\/categories?post=598"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/devblogs.microsoft.com\/scripting\/wp-json\/wp\/v2\/tags?post=598"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}