SMB ACL Group Creation Script

Asks you for a root folder, then allows you to enter subfolders until you leave an entry empty. Next it asks for the server name. Will create all four permission types and also apply default server, domain, and enterprise admins to the full access group.

param(
[Parameter(Mandatory=$True)][String[]]$FolderName,
[Parameter(Mandatory=$True)][String[]]$ServerName,
[Parameter(Mandatory=$False)][String[]]$SubFolderOf,
[Parameter(Mandatory=$False)][String]$OrganizationUnit="OU=SMB,OU=Security Groups,DC=corp,DC=mutschlerhome,DC=com"
)

$ServerNameUpper = $ServerName.ToUpper()
$ServerName = $ServerName.ToLower()

$Name = "SMB_$($ServerNameUpper)_$($FolderName)"
$Description = "\\$($ServerName)\$FolderName"
if($SubFolderOf) {

    if( ($SubFolderOf.EndsWith("\")) ) {
        $SubFolderOf = $SubFolderOf.substring(0,($($SubFolderOf).Length-1))
    }
    $Description = "\\$($ServerName)\$($SubFolderOf)\$($FolderName)"
}

New-ADGroup –Name "$($Name)_Read" -Description "$($Description) [Read Only]" –groupscope DomainLocal –path $OrganizationUnit
New-ADGroup –Name "$($Name)_Modify" -Description "$($Description) [Modify]" –groupscope DomainLocal –path $OrganizationUnit
New-ADGroup –Name "$($Name)_Full" -Description "$($Description) [FullControl]" –groupscope DomainLocal –path $OrganizationUnit
New-ADGroup –Name "$($Name)_List" -Description "$($Description) [List Only]" –groupscope DomainLocal –path $OrganizationUnit

Add-ADGroupMember -Identity "$($Name)_Full" -Members "Domain Admins"
Add-ADGroupMember -Identity "$($Name)_Full" -Members "Enterprise Admins"
Add-ADGroupMember -Identity "$($Name)_Full" -Members "Server Admins"

Revision #2
Created 2023-11-10 04:19:20 UTC by Ryan
Updated 2025-03-12 17:08:21 UTC by Ryan