#Requires -Modules 'ActiveDirectory' Param( [Parameter(Mandatory)] [hashtable]$Parameter ) # Only executed on primary or standalone Domain Controller If (@('primary','standalone') -contains $Parameter['deployment.type']) { $GetContentSplat = @{ Path = "$($PSScriptRoot)\$($MyInvocation.MyCommand)".Replace('.ps1', ".yml") Raw = $True } $RawContent = Get-Content @GetContentSplat $ConvertFromYamlSplat = @{ Yaml = $RawContent AllDocuments = $True } $YamlDocuments = ConvertFrom-Yaml @ConvertFromYamlSplat # Check if the respective .yml file declared substitutions which need to be parsed If (($YamlDocuments.Count -gt 1) -and $YamlDocuments[-1].Variables) { ForEach ($Pattern in $YamlDocuments[-1].Variables) { $RawContent = $RawContent -replace "\{\{ ($($Pattern.Name)) \}\}", [string](Invoke-Expression -Command $Pattern.Expression) } # Perform conversion to Yaml again, now with parsed file contents $ConvertFromYamlSplat = @{ Yaml = $RawContent AllDocuments = $True } $YamlDocuments = ConvertFrom-Yaml @ConvertFromYamlSplat $Entries = $YamlDocuments[0..($YamlDocuments.Count - 2)] } Else { $Entries = $YamlDocuments } ForEach ($Group in $Entries.SecurityGroups) { $NewADGroupSplat = @{ Name = ($Group.DistinguishedName -split ',', 2)[0].Substring(3) Path = ($Group.DistinguishedName -split ',', 2)[1] + (',{0}' -f (Get-ADRootDSE).rootDomainNamingContext) Description = $Group.Description GroupCategory = 'Security' GroupScope = $Group.Scope PassThru = $True ErrorAction = 'SilentlyContinue' } $NewADGroup = New-ADGroup @NewADGroupSplat If ([boolean]$Group.MemberOf) { ForEach ($ParentGroup in $Group.MemberOf) { $AddADGroupMemberSplat = @{ Identity = $ParentGroup + (',{0}' -f (Get-ADRootDSE).rootDomainNamingContext) Members = $NewADGroup.DistinguishedName ErrorAction = 'SilentlyContinue' } Add-ADGroupMember @AddADGroupMemberSplat } } } }