Creating OU Structures with the Quest ActiveRoles Management Shell (PowerShell)

Posted: 16/10/2010 in Active Directory, PowerShell

Today I’m going to show an example of a quick script to create Organisational Units (OU). I wrote this script over a year ago when I needed to create an OU structure for a hosted Active Directory (AD) domain and it was successfully used to create thousands of OUs. I have chosen to use the Quest tools because this domain is 2008 and I didn’t have the option of using Microsoft’s new AD cmdlets.

The required structure was the following:

\---<Site Code>
 +---Computers
 +---Groups
 |   +---Resource Groups
 |   |   +---Printers
 |   |   \---Shares
 |   \---User Groups
 +---LFTs
 \---Users
 +---AdminStaff
 +---Pupils
 \---Staff

This particular hosted AD was going to be used by a large number of Schools. As above, the variable “Site Code” of each school will used as the name for the parent OU and each OU will have the “School Name” added as the description. I first created a CSV file with the necessary data, an example:

Site Code School Name
AFCPS Alford Primary School
ALLIN Allington and Sedgebrook CE Primary
AMTOF Amber Hill Toftstead Primary School
ANCAS Ancaster CE Primary School
BASSI Bassingham Primary School
BBCPS Brant Broughton CE and Methodist Primary School
BDJOI Bardney CE and Methodist Primary School
BKNAL Bucknall Primary School
BLYTO Blyton Cum Laughton CE Primary School
BMBER Baumber Primary School

I first need to load the above CSV files into a variable for easy access:

$DomainLookup = Import-Csv C:\Scripts\DomainLookup.csv

As I planned to only create half the OUs in the CSV file and I wanted the flexibility to create OUs ad-hoc I decided it would be best to make a scripted function that accepted data from the pipeline , here’s is the code:


function New-SchoolsOUs{

BEGIN {}

PROCESS 
	{
	$SchoolOU = 'domain1.sch.uk/Schools'
	New-QADObject -Type OrganizationalUnit -ParentContainer $SchoolOU -Name $_."Site Code" -Description $_."School Name" -OutVariable Parent
	New-QADObject -Type OrganizationalUnit -ParentContainer $Parent[0].dn -Name 'Groups' -Description $_."School Name" -OutVariable Groups
	New-QADObject -Type OrganizationalUnit -ParentContainer $Groups[0].dn -Name 'Resource Groups' -Description $_."School Name" -OutVariable ResourceGroups
	New-QADObject -Type OrganizationalUnit -ParentContainer $ResourceGroups[0].dn -Name 'Printers' -Description $_."School Name"
	New-QADObject -Type OrganizationalUnit -ParentContainer $ResourceGroups[0].dn -Name 'Shares' -Description $_."School Name"
	New-QADObject -Type OrganizationalUnit -ParentContainer $Groups[0].dn -Name 'User Groups' -Description $_."School Name"
	New-QADObject -Type OrganizationalUnit -ParentContainer $Parent[0].dn -Name 'LFTs' -Description $_."School Name"
	New-QADObject -Type OrganizationalUnit -ParentContainer $Parent[0].dn -Name 'Users' -Description $_."School Name" -OutVariable UsersOU
	New-QADObject -Type OrganizationalUnit -ParentContainer $UsersOU[0].dn -Name 'Pupils' -Description $_."School Name"
	New-QADObject -Type OrganizationalUnit -ParentContainer $UsersOU[0].dn -Name 'AdminStaff' -Description $_."School Name"
	New-QADObject -Type OrganizationalUnit -ParentContainer $UsersOU[0].dn -Name 'Staff' -Description $_."School Name"
	New-QADObject -Type OrganizationalUnit -ParentContainer $Parent[0].dn -Name 'Computers' -Description $_."School Name"
	}
	
END {}

}

This allows me the flexibility to for example create the first 5 Schools:

$DomainLookup[0..4] | New-SchoolsOUs

Or if needed Schools by name:

$DomainLookup | ? { $_.’Site Code’ -eq ‘BKNAL’ } | New-SchoolsOUs

Now I understand that the above function is quite specific for this task but I’m sure if you are in a similar situation you can edit it as you see fit.

Advertisements

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s