Summary: Build Windows PowerShell variables to design an organizational unit structure.
Hey, Scripting Guy!
Can Windows PowerShell provide a consistent way to build a demo structure in Active Directory that includes organizational units and security groups?
Honorary Scripting Guy, Sean Kearney here, filling in for our good friend, Ed.
Welcome to Part 2 of this series. To catch up, read Building a Demo Active Directory: Part 1.
We absolutely can use Windows PowerShell in this way. A good friend of mine, Rick Claus from Microsoft, asked me this very same question. “Hey, Sean,” our good friend piped up after removing his Tilley. “I have to build demo environments all the time, and I would like an easier way to build the structure. I don’t suppose you know of a way to do this in Windows PowerShell, do you?”
Of course, the minute he said, “PowerShell,” the answer was, “Yes, of course, O Green Hatted one, you can!”
So our first challenge is to decide what our structure will look like. As a demo environment, we probably need a decent and simple structure…maybe a main unit, some offices, and a division in each office.
Then within each division, we might want a security group. For our demo environment, we can build a simple set of names, such as:
First we’re going to name our Base OU. In this example, we’re simply going to call it “Offices”, but you can choose any name you like. I’d recommend something that actually makes sense. Calling your Base OU “FlyingWombats” might not make very much sense. But to each, his or her own…
Now we’re going to name six cities that will sit as children under this OU:
Now we’ll define the four divisions. Of course, it could be more, but we’re going to keep this quiet simple:
So if you’re thinking out loud, I’ll bet you’re guessing, “Oh, this looks like an easy answer!” Well, really it is!
So today we’ll be using the cmdlet in Active Directory called New-ADOrganizationalUnit. This will allow us to populate the OU’s in our Active Directory demo environment.
To work with these cmdlets properly, we need to supply the distinguished name for the path in many cases. So first let’s define that. Our main root, of course, will be our domain name:
Now we’ll define the path for our company OU where all the offices will exist:
Now that all the prep work is set up, what shall we do? Let’s build a simple loop structure to build it up! First create the base organizational unit:
NEW-ADOrganizationalUnit -name $BaseOU -path $Domain
Next we’ll step through our list of cities and create some OU’s based on them. Let’s also remember that we’ll be targeting the main CompanyPath as our starting point:
# Gather through list of Cities
Foreach ($City in $CityOU)
# Create OU for City
NEW-ADOrganizationalUnit -path $CompanyPath -name $City
So far, so good? Next we’ll step through our list of divisions and populate them. We need to adjust the path to incorporate each city as part of the path for the division:
# Gather through list of Divisions
Foreach($Division in $DivisionOU)
# Create Division within City
NEW-ADOrganizationalUnit -path "OU=$City,$CompanyPath" -name $Division
With this loop completed, we now have a rudimentary structure that we can populate. But did I mention security groups? Why yes, I did. And that’s for another story tomorrow.
I invite you to follow the Scripting Guys on Twitter and Facebook. If you have any questions, send email to firstname.lastname@example.org, or post your questions on the Official Scripting Guys Forum. See you tomorrow. Until then, peace.
Sean Kearney, Honorary Scripting Guy and Windows PowerShell MVP