January 26th, 2010

Hey, Scripting Guy! How Can I Create Users and Organizational Units with Active Directory Domain Services Cmdlets?

Bookmark and Share

  Hey, Scripting Guy! Question

Hey, Scripting Guy! I am interested in using Active Directory Domain Services (AD DS) cmdlets to create users and organizational units. Is this a hard thing to do? I only ask this because I am an extremely busy network administrator who has barely had time to begin looking at Windows PowerShell. I do not have a lot of time to spend learning a bunch of cryptic commands. If it is really hard, I will need to take a pass on the information right now.

— DA

 

Hey, Scripting Guy! AnswerHello DA,

Microsoft Scripting Guy Ed Wilson here. I have thirty minutes before my one-on-one meeting with the Scripting Manager. Having a one-on-one with Steve is always the highlight of my day because he is funny, intelligent, and extremely passionate about the TechNet Script Center. I always emerge from our meetings with lots of ideas for new things to try. As an added bonus, Steve is also a writer who has written several certification books; therefore, he understands the writing process in a very real and personal manner. Before my meeting with Steve, I thought I would check the e-mail in the scripter@microsoft.com inbox, send out a few tweets on Twitter, make a fresh pot of Earl Gray tea, and crank up Pink Floyd on my Zune HD.

Now that I am mentally and physically set for my one-on-one, let me get prepared for the meeting. I know he will ask about the 2010 Scripting Games. So how are we doing there?

·         I spent much of yesterday creating three events for the 2010 Scripting Games.

·         We have a theme picked out: The Winter Olympics.

·         We have 10 event themes selected.

He will also ask about the new Weekend Scripter series.

·         Weekend Scripter starts on Saturday February 6, 2010, when we begin publishing seven days a week. (See? We really do love this stuff.)

·         The first Weekend Scripter blog post will be about writing a Windows PowerShell function to determine the volume of a space.

·         The second Weekend Scripter blog post (February 7, 2010) will be about figuring the center of a circle.

He will also ask me about how we are doing with Twitter. What can I say about Twitter?

·         We have been meeting some really passionate Windows PowerShell people on Twitter.

·         I have been invited to speak to one Windows PowerShell users group via Twitter.

·         I have found several moderators for The Official Scripting Guys Forum via Twitter.

·         I have answered dozens of questions from various users via Twitter.

·         I have received some really cool ideas for the 2010 Scripting Games via Twitter.

Cool, I am all set for my one-on-one. I still have some more time. Let me look through some of my pictures. I have been trying to collect all of my digital pictures into a single location in order to get a good backup of them. It is somewhat of a challenge when you own a dozen computers. I have 7 computers in my office right now. The rest of the computers are spread throughout the house. Unfortunately, through the years I have been very sloppy about organizing my digital pictures. One day I will write some scripts to help me with the pictures. Here is one cool picture I took during the time I was teaching a WMI class in Munich, Germany. One Saturday, I took the train to Salzburg, Austria. I took the following picture that day.

Image of Salzburg, Austria

 

DA, I am back from my one-on-one with the Scripting Manager. You will be glad to know that using the AD DS Windows PowerShell cmdlets can be extremely easy. For example, to create an organizational unit (OU) in Active Directory, all you need to do is to supply the name and the path. The behavior is exactly the same as creating a new user in Active Directory, which we discussed yesterday.

To create a new OU, use the New-ADOrganizationalUnit cmdlet:

New-ADOrganizationalUnit -Name HSG_TestOU -Path “dc=nwtraders,dc=com”

If you wish to create a child OU, you use the New-ADOrganizationalUnit cmdlet, but in the path, you list the location that will serve as the parent:

New-ADOrganizationalUnit -Name HSG_TestOU1 -Path “ou=HSG_TestOU,dc=nwtraders,dc=com”

If you wish to make several child OUs in the same location, press the up arrow to retrieve the previous command and edit the name of the child. You can press the HOME key to move to the beginning of the line, the END key to move to the end of the line, and the left and right arrow keys to quickly find your place on the line so you can edit it. A second child OU is created here:

New-ADOrganizationalUnit -Name HSG_TestOU2 -Path “ou=HSG_TestOU,dc=nwtraders,dc=com”

The newly created OUs are seen in the following image.

Image of newly created OUs

 

To create a computer account in one of the newly created child OUs, you must type the complete path to the OU that will house the new computer account. The New-ADComputer cmdlet is used to create new computer accounts in AD DS. In this example, the HSG_TestOU1 OU is a child of the HSG_TestOU OU; therefore, both OUs must appear in the path parameter. Keep in mind that the path that is supplied to the path parameter must be contained inside quotation marks, as seen here:

New-ADComputer -Name HSG_Test -Path “ou=HSG_TestOU1,ou=HSG_TestOU,dc=nwtraders,dc=com”

To create a user account, use the New-ADUser cmdlet, as seen here:

New-ADUser -Name HSG_TestChild -Path “ou=HSG_TestOU1,ou=HSG_TestOU,dc=nwtraders,dc=com”

Because there could be some redundant typing involved, you may wish to write a script to create the OUs at the same time the computer accounts and user accounts are created. A sample script that creates OUs, users, and computers is the UseADCmdletsToCreateOuComputerAndUser.ps1 script seen here.

UseADCmdletsToCreateOuComputerAndUser.ps1

Import-Module -Name ActiveDirectory
$Name = “HSG_ScriptTest”
$DomainName = “dc=nwtraders,dc=com”
$OUPath = “ou={0},{1}” -f $Name, $DomainName

New-ADOrganizationalUnit -Name $Name -Path $DomainName -ProtectedFromAccidentalDeletion $false

For($i = 0; $i -le 5; $i++)
{
 New-ADOrganizationalUnit -Name $Name$i -Path $OUPath -ProtectedFromAccidentalDeletion $false
}

For($i = 0 ; $i -le 5; $i++)
{
 New-ADComputer -Name  “HSGTestComputer$i” -Path $OUPath
 New-ADUser -Name “HSGTestUser$i” -Path $OUPath
}

The UseADCmdletsToCreateOuComputerAndUser.ps1 script begins by importing the ActiveDirectory module. It then creates the first OU. When testing a script, it is important to disable the deletion protection by using the –ProtectedFromAccidentalDeletion parameter. This will allow you to easily delete the OU and avoid having to go into the advanced view in Active Directory Users and Computers and changing the protected status on each OU.

After the HSG_ScriptTest OU is created, the other OUs, users, and computer accounts can be created inside the new location. It seems obvious that you cannot create a child OU inside the parent OU if the parent has not yet been created, but it is easy to make a logic error like this.

 

DA, that is all there is to using the Active Directory Domain Services Windows PowerShell cmdlets to create new OUs, computer accounts, and user accounts. Active Directory Week will continue tomorrow.

If you want to know exactly what we will be looking at tomorrow, follow us on Twitter or Facebook. If you have any questions, send e-mail to us at scripter@microsoft.com or post your questions on the Official Scripting Guys Forum. See you tomorrow. Until then, peace.

 

Ed Wilson and Craig Liebendorfer, Scripting Guys

 

Author

0 comments

Discussion are closed.

Feedback