DSCResources/MSFT_ADGroup/en-US/about_ADGroup.help.txt

.NAME
    ADGroup
 
.DESCRIPTION
    The ADGroup DSC resource will manage groups within Active Directory.
 
    ## Requirements
 
    * Target machine must be running Windows Server 2008 R2 or later.
    * The parameter `RestoreFromRecycleBin` requires that the feature Recycle
      Bin has been enabled prior to an object is deleted. If the feature
      Recycle Bin is disabled then the property `msDS-LastKnownRDN` is not
      added the deleted object.
 
.PARAMETER GroupName
    Key - String
    Name of the Active Directory group.
 
.PARAMETER GroupScope
    Write - String
    Allowed values: DomainLocal, Global, Universal
    Active Directory group scope. Default value is 'Global'.
 
.PARAMETER Category
    Write - String
    Allowed values: Security, Distribution
    Active Directory group category. Default value is 'Security'.
 
.PARAMETER Path
    Write - String
    Location of the group within Active Directory expressed as a Distinguished Name.
 
.PARAMETER Ensure
    Write - String
    Allowed values: Present, Absent
    Specifies if this Active Directory group should be present or absent. Default value is 'Present'.
 
.PARAMETER Description
    Write - String
    Description of the Active Directory group.
 
.PARAMETER DisplayName
    Write - String
    Display name of the Active Directory group.
 
.PARAMETER Credential
    Write - PSCredential
    Credentials used to enact the change upon.
 
.PARAMETER DomainController
    Write - String
    Active Directory domain controller to enact the change upon.
 
.PARAMETER Members
    Write - StringArray
    Active Directory group membership should match membership exactly.
 
.PARAMETER MembersToInclude
    Write - StringArray
    Active Directory group should include these members.
 
.PARAMETER MembersToExclude
    Write - StringArray
    Active Directory group should NOT include these members.
 
.PARAMETER MembershipAttribute
    Write - String
    Allowed values: SamAccountName, DistinguishedName, ObjectGUID, SID
    Active Directory attribute used to perform membership operations. Default value is 'SamAccountName'.
 
.PARAMETER ManagedBy
    Write - String
    Active Directory managed by attribute specified as a DistinguishedName.
 
.PARAMETER Notes
    Write - String
    Active Directory group notes field.
 
.PARAMETER RestoreFromRecycleBin
    Write - Boolean
    Try to restore the group from the recycle bin before creating a new one.
 
.PARAMETER DistinguishedName
    Read - String
    Returns the distinguished name of the Active Directory group.
 
.EXAMPLE 1
 
This configuration will create a new domain-local group
 
Configuration ADGroup_NewGroup_Config
{
    param
    (
        [parameter(Mandatory = $true)]
        [System.String]
        $GroupName,
 
        [ValidateSet('DomainLocal', 'Global', 'Universal')]
        [System.String]
        $Scope = 'Global',
 
        [ValidateSet('Security', 'Distribution')]
        [System.String]
        $Category = 'Security',
 
        [ValidateNotNullOrEmpty()]
        [System.String]
        $Description
    )
 
    Import-DscResource -Module ActiveDirectoryDsc
 
    Node localhost
    {
        ADGroup 'ExampleGroup'
        {
            GroupName = $GroupName
            GroupScope = $Scope
            Category = $Category
            Description = $Description
            Ensure = 'Present'
        }
    }
}
 
.EXAMPLE 2
 
This configuration will create a new domain-local group with three members.
 
Configuration ADGroup_NewGroupWithMembers_Config
{
    Import-DscResource -ModuleName ActiveDirectoryDsc
 
    node localhost
    {
        ADGroup 'dl1'
        {
            GroupName = 'DL_APP_1'
            GroupScope = 'DomainLocal'
            Members = 'john', 'jim', 'sally'
        }
    }
}
 
.EXAMPLE 3
 
This configuration will create a new domain-local group in contoso with
three members in different domains.
 
Configuration ADGroup_NewGroupMultiDomainMembers_Config
{
    Import-DscResource -ModuleName ActiveDirectoryDsc
 
    node localhost
    {
        ADGroup 'dl1'
        {
            GroupName = 'DL_APP_1'
            GroupScope = 'DomainLocal'
            MembershipAttribute = 'DistinguishedName'
            Members = @(
                'CN=john,OU=Accounts,DC=contoso,DC=com'
                'CN=jim,OU=Accounts,DC=subdomain,DC=contoso,DC=com'
                'CN=sally,OU=Accounts,DC=anothersub,DC=contoso,DC=com'
            )
        }
    }
}