Building a Demo Active Directory: Part 2

Doctor Scripto

Summary: Build Windows PowerShell variables to design an organizational unit structure. Hey, Scripting Guy! Question Hey, Scripting Guy! Can Windows PowerShell provide a consistent way to build a demo structure in Active Directory that includes organizational units and security groups? —RL Hey, Scripting Guy! Answer Hello RL, Honorary Scripting Guy, Sean Kearney here, filling in for our good friend, Ed. Welcome to Part 2 of this series. To catch up, read Building a Demo Active Directory: Part 1. We absolutely can use Windows PowerShell in this way. A good friend of mine, Rick Claus from Microsoft, asked me this very same question. “Hey, Sean,” our good friend piped up after removing his Tilley. “I have to build demo environments all the time, and I would like an easier way to build the structure. I don’t suppose you know of a way to do this in Windows PowerShell, do you?” Of course, the minute he said, “PowerShell,” the answer was, “Yes, of course, O Green Hatted one, you can!” So our first challenge is to decide what our structure will look like. As a demo environment, we probably need a decent and simple structure…maybe a main unit, some offices, and a division in each office.

Contoso.local

            Offices

                        Seattle

                                    Accounting

                                    HR

                                    IT

                                    Exec

                        Ottawa

                                    Accounting

                                    HR

                                    IT

                                    Exec

                        New Orleans

                                    Accounting

                                    HR

                                    IT

                                    Exec Then within each division, we might want a security group. For our demo environment, we can build a simple set of names, such as:

NewOrleans-Accounting

Ottawa-IT

Seattle–HR First we’re going to name our Base OU. In this example, we’re simply going to call it “Offices”, but you can choose any name you like. I’d recommend something that actually makes sense. Calling your Base OU “FlyingWombats” might not make very much sense. But to each, his or her own…

$BaseOU=”Offices” Now we’re going to name six cities that will sit as children under this OU:

$CityOU=”Tokyo”,”Redmond”,”Ottawa”,”Madrid”,”New Orleans”,”Queensland” Now we’ll define the four divisions. Of course, it could be more, but we’re going to keep this quiet simple:

$DivisionOU=”Sales”,”Marketing”,”HR”,”Finance” So if you’re thinking out loud, I’ll bet you’re guessing, “Oh, this looks like an easy answer!” Well, really it is! So today we’ll be using the cmdlet in Active Directory called New-ADOrganizationalUnit. This will allow us to populate the OU’s in our Active Directory demo environment. To work with these cmdlets properly, we need to supply the distinguished name for the path in many cases. So first let’s define that. Our main root, of course, will be our domain name:

$Domain=”DC=Contoso,DC=local” Now we’ll define the path for our company OU where all the offices will exist:

$CompanyPath=”OU=$BaseOU,”+$Domain Now that all the prep work is set up, what shall we do? Let’s build a simple loop structure to build it up! First create the base organizational unit:

NEW-ADOrganizationalUnit -name $BaseOU -path $Domain Next we’ll step through our list of cities and create some OU’s based on them. Let’s also remember that we’ll be targeting the main CompanyPath as our starting point:

# Gather through list of Cities

Foreach ($City in $CityOU)

 {

 # Create OU for City

 NEW-ADOrganizationalUnit -path $CompanyPath -name $City So far, so good? Next we’ll step through our list of divisions and populate them. We need to adjust the path to incorporate each city as part of the path for the division:

 # Gather through list of Divisions

 Foreach($Division in $DivisionOU)

 

 {

            # Create Division within City

            NEW-ADOrganizationalUnit -path “OU=$City,$CompanyPath” -name $Division

 }

} With this loop completed, we now have a rudimentary structure that we can populate. But did I mention security groups? Why yes, I did. And that’s for another story tomorrow. I invite you to follow the Scripting Guys on Twitter and Facebook. If you have any questions, send email to scripter@microsoft.com, or post your questions on the Official Scripting Guys Forum. See you tomorrow. Until then, peace. Sean Kearney, Honorary Scripting Guy and Windows PowerShell MVP 

0 comments

Discussion is closed.

Feedback usabilla icon