A recent client of Kloud, wanted to have the chance to create new organizational units, and groups, automatically, with a unique ID (GUID) for each organizational unit. The groups created needed to share the GUID of the OU.
In this blog, I will demonstrate how you could achieve the aforementioned, through a simple PowerShell script, naturally.
Before you start however, you may have to run PowerShell (run as Administrator), and execute the following cmdlet:
Set-ExecutionPolicy RemoteSigned
This is to allow PowerShell scripts to run on the computer.
How to define GUID?
To define the GUID in PowerShell, we use the [GUID] type accelerator: [guid]::NewGuid()
Defining the OU, and Groups.
First part of the script consists of the following parameters:
[code language=”PowerShell”]
param()
#Define GUID
$Guid = [guid]::NewGuid()
[/code]
This is to define the GUID, in which a unique ID resembling this “0fda3c39-c5d8-424f-9bac-654e2cf045ed” will be added to the OU, and groups within that OU.
[code language=”PowerShell”]
#Define OU Name
$OUName = (Read-Host Input OU name’;) + ‘-‘ + $Guid
[/code]
Defining the name of the OU. This needs an administrator’s input.
[code language=”PowerShell”]
#Define Managers Group Name
$MGroupPrefix = (Read-Host -Prompt ‘Input Managers Group name’)
if ($MGroupPrefix) {write-host ‘The specified Managers Name will be used.’ -foreground ‘yellow’}
else {
$MGroupPrefix = ‘Managers’;
Write-Host ‘Default Managers Group name will be used.’ -foreground ‘yellow’
}
$MGroupPrefix = $MGroupPrefix + ‘-‘ + $Guid
$MGroupPrefix
[/code]
This is to define the name of the “First Group”, it will also be followed by a “-“ and a GUID.
If the Administrator selects a name, then, the selected name will be used.
[code language=”PowerShell”]
#Define Supervisors Group Name
$SGroupPrefix = (Read-Host -Prompt ‘Input Supervisors Group name’)
if ($SGroupPrefix) {write-host ‘The specified Supervisors Group name will be used.’ -foreground ‘yellow’}
else {
$SGroupPrefix = ‘Supervisors’
Write-Host ‘Default Supervisors name will be used.’ -foreground ‘yellow’
}
$SGroupPrefix = $SGroupPrefix + ‘-‘ + $Guid
$SGroupPrefix
[/code]
This will define the second group name “Supervisors”, again, it will be followed by “-” and a GUID.
In this section however, I didn’t specify a name to demonstrate how the default name “Supervisors” + “-” + GUID come into place, as define in “else” function. Simply press “enter”.
Defining the OU Name, group name, and path
[code language=”PowerShell”]
#Defining Main OU Name, OUs, and path
$OUPath = ‘OU=Departments,DC=contoso,DC=lab’
$GroupsOUName = ‘Groups’
$GroupOUPath = ‘OU=’ + $OUName + ‘,OU=Departments,DC=contoso,DC=lab’
$UsersOUName = ‘Users’
$UsersOUPath = ‘OU=’ + $OUName + ‘,OU=Dpartments,DC=contoso,DC=lab’
[/code]
The above parameters define the OU Path in which the main OU will be created, e.g. Finance.
It will also create two other OUs, “Groups” and Users” in the specified path.
Defining the Groups (that will be created in “Groups” OU), the group names and path.
[code language=”PowerShell”]
#Defining Groups, groups name and path
$MGroupPath = ‘OU=Groups, OU=’ + $OUName + ‘,OU=Departments,DC=contoso,DC=lab’
$MGroupSamAccountName = ‘Managers-‘ + $Guid
$MGroupDisplayName = ‘Managers’
$SGroupPath = ‘OU=Groups, OU=’ + $OUName + ‘,OU=Departments,DC=contoso,DC=lab’
$SGroupSamAccountName = ‘Supervisors-‘ + $Guid
$SGroupDisplayName = ‘Supervisors’
[/code]
The above parameters define the Groups path, the SamAccountName and Display Name, that have been created in the main OU, e.g. Finance.
Creating the Organizational units, and groups.
As you may have noticed, everything that we have defined above is just parameters. Nothing will be created without calling the cmdlets.
[code language=”PowerShell”]
#Creating Tenant OU, Groups & Users OU, and Admins Groups
Import-Module ActiveDirectory
New-ADOrganizationalUnit -Name $OUName -Path $OUPath
New-ADOrganizationalUnit -Name $GroupsOUName -Path $GroupOUPath
New-ADOrganizationalUnit -Name $UsersOUName -Path $UsersOUPath
New-ADGroup -Name $FirstGroupPrefix -SamAccountName $FirstGroupSamAccountName -GroupCategory Security -GroupScope Global -DisplayName $FirstGroupDisplayName -Path $FirstGroupPath -Description ‘Members of this group are Managers of $OUName’
New-ADGroup -Name $SecondGroupPrefix -SamAccountName $SecondGroupSamAccountName -GroupCategory Security -GroupScope Global -DisplayName $SecondGroupDisplayName -Path $SecondGroupPath -Description Members of this group are Supervisors of $OUName’
[/code]
Once completed you will have the following OU/Department
And in Groups OU, you will have two groups, Managers (as defined in the previous step) and “SupervisorsGroup” the default name, as the Administrator did not specify a name for the Group.
Notice how the GUID is shared across the Departments, and the Groups.
Putting it all together:
Note: The SYNOPSIS, DESCRIPTION, EXAMPLE, and NOTES are used for get-help.
[code language=”PowerShell”]
<#
.SYNOPSIS
This is a Powershell script to create Organizations Units (OU), and groups.
.DESCRIPTION
The script will create:
1) An OU, defined by the administrator. The OU name is define by the administrator, followed by a unique ID generated through GUID. It will be created in a specific OU path.
2) Two OUs consisting of ‘Groups’ and ‘Users’.
3) Two Groups; ‘First Group’ and ‘Second Group’ These names are the default names followed with GUID. An administrator can define Group names as desired. GUID will be added by default.
.Departments
./CreateOUs.ps1
.NOTES
This PowerShell script should be ran as administrator.
#>
param()
#Define GUID
$Guid = [guid]::NewGuid()
#Define OU Name
$OUName = (Read-Host ‘Input OU name’) + ‘-‘ + $Guid
#Define First Group Name
$MGroupPrefix = (Read-Host -Prompt ‘Input Managers Group name’)
if ($MGroupPrefix) {write-host ‘The specified Managers Name will be used.’ -foreground ‘yellow’}
else {
$MGroupPrefix = ‘Managers’
Write-Host ‘Default Managers Group name will be used’ -foreground ‘yellow’
}
$MGroupPrefix = $MGroupPrefix + ‘-‘ + $Guid
$MGroupPrefix
#Define Second Group Name
$SGroupPrefix = (Read-Host -Prompt ‘Input Supervisors Group name’)
if ($SGroupPrefix) {write-host ‘The specified Supervisors Group name will be used.’ -foreground ‘yellow’}
else {
$SGroupPrefix = ‘SupervisorsGroup’
Write-Host ‘Default SupervisorsGroup name will be used’ -foreground ‘yellow’
}
$SGroupPrefix = $SGroupPrefix + ‘-‘ + $Guid
$SGroupPrefix
#Defining Main OU Name, OUs, and path
$OUPath = ‘OU=Departments,DC=contoso,DC=lab’
$GroupsOUName = ‘Groups’
$GroupOUPath = ‘OU=’ + $OUName + ‘,OU=Departments,DC=contoso,DC=lab’
$UsersOUName = ‘Users’
$UsersOUPath = ‘OU=’ + $OUName + ‘,OU=Departments,DC=contoso,DC=lab’
#Defining Groups, groups name and path
$MGroupPath = ‘OU=Groups, OU=’ + $OUName + ‘,OU=Departments,DC=contoso,DC=lab’
$MGroupSamAccountName = ‘Managers-‘ + $Guid
$MGroupDisplayName = ‘Managers’
$SGroupPath = ‘OU=Groups, OU=’ + $OUName + ‘,OU=Departments,DC=contoso,DC=lab’
$SGroupSamAccountName = ‘Supervisors-‘ + $Guid
$SGroupDisplayName = ‘Supervisors’
#Creating Tenant OU, Groups &amp; Users OU, and Admins Groups
Import-Module ActiveDirectory
New-ADOrganizationalUnit -Name $OUName -Path $OUPath
New-ADOrganizationalUnit -Name $GroupsOUName -Path $GroupOUPath
New-ADOrganizationalUnit -Name $UsersOUName -Path $UsersOUPath
New-ADGroup -Name $MGroupPrefix -SamAccountName $MGroupSamAccountName -GroupCategory Security -GroupScope Global -DisplayName $MGroupDisplayName -Path $MGroupPath -Description ‘Members of this group are Managers of $OUName’
New-ADGroup -Name $SGroupPrefix -SamAccountName $SGroupSamAccountName -GroupCategory Security -GroupScope Global -DisplayName $SGroupDisplayName -Path $SGroupPath -Description ‘Members of this group are Supervisors of $OUName’
[/code]