Packer.Images/scripts/ADDS/payload/scripts/02.Groups.ps1

#Requires -Modules 'ActiveDirectory'
Param(
    [Parameter(Mandatory)]
    [hashtable]$Parameter
)

# Only executed on primary or standalone Domain Controller
If (@('primary','standalone') -contains $Parameter['deployment.type']) {
    $GetContentSplat = @{
        Path = "$($PSScriptRoot)\$($MyInvocation.MyCommand)".Replace('.ps1', ".yml")
        Raw  = $True
    }
    $RawContent = Get-Content @GetContentSplat
    $ConvertFromYamlSplat = @{
        Yaml         = $RawContent
        AllDocuments = $True
    }
    $YamlDocuments = ConvertFrom-Yaml @ConvertFromYamlSplat

    # Check if the respective .yml file declared substitutions which need to be parsed
    If (($YamlDocuments.Count -gt 1) -and $YamlDocuments[-1].Variables) {
        ForEach ($Pattern in $YamlDocuments[-1].Variables) {
            $RawContent = $RawContent -replace "\{\{ ($($Pattern.Name)) \}\}", [string](Invoke-Expression -Command $Pattern.Expression)
        }
        # Perform conversion to Yaml again, now with parsed file contents
        $ConvertFromYamlSplat = @{
            Yaml         = $RawContent
            AllDocuments = $True
        }
        $YamlDocuments = ConvertFrom-Yaml @ConvertFromYamlSplat
        $Entries = $YamlDocuments[0..($YamlDocuments.Count - 2)]
    }
    Else {
        $Entries = $YamlDocuments
    }

    ForEach ($Group in $Entries.SecurityGroups) {
        $NewADGroupSplat = @{
            Name          = ($Group.DistinguishedName -split ',', 2)[0].Substring(3)
            Path          = ($Group.DistinguishedName -split ',', 2)[1] + (',{0}' -f (Get-ADRootDSE).rootDomainNamingContext)
            Description   = $Group.Description
            GroupCategory = 'Security'
            GroupScope    = $Group.Scope
            PassThru      = $True
            ErrorAction   = 'SilentlyContinue'
        }
        $NewADGroup = New-ADGroup @NewADGroupSplat

        If ([boolean]$Group.MemberOf) {
            ForEach ($ParentGroup in $Group.MemberOf) {
                $AddADGroupMemberSplat = @{
                    Identity    = $ParentGroup + (',{0}' -f (Get-ADRootDSE).rootDomainNamingContext)
                    Members     = $NewADGroup.DistinguishedName
                    ErrorAction = 'SilentlyContinue'
                }
                Add-ADGroupMember @AddADGroupMemberSplat
            }
        }
    }
}