Active Directory|PowerShell

Creating Active Directory OUs with PowerShell

Tutorial Hero

Normally, I think of using PowerShell for ongoing and repetitive tasks. Using PowerShell scripts and tools creates a more efficient work environment. For rare tasks that you only need to do once, it doesn’t make sense to invest time in building a PowerShell-based solution, especially if doing the task manually isn’t that complicated. In my mind, creating an Active Directory organizational unit (OU) falls into that category. It’s rather trivial to open up Active Directory Users and Computers to create a new OU.

So why use PowerShell? One scenario is to quickly build a test environment that includes an Active Directory domain. With a PowerShell script you can create hundreds of OUs in seconds. Another scenario is if you need a control mechanism. Instead of manually creating a new OU in the traditional manner, you can spend a little extra time creating a PowerShell script to do it. This script can be reviewed, tested, and include as much documentation as you need.  The script becomes a resource document that indicates what was done and why. It may only be a few lines of PowerShell commands, but it serves as a record. So how do we do this?

First, you need the most current version of the Remote Server Administration Tools (RSAT) for your desktop. Everything I’m going to show you can and should be accomplished from your admin desktop. There’s no need to log on to a server. When you configure RSAT, make sure you include the Active Directory PowerShell module.

Sponsored Content

What is “Inside Microsoft Teams”?

“Inside Microsoft Teams” is a webcast series, now in Season 4 for IT pros hosted by Microsoft Product Manager, Stephen Rose. Stephen & his guests comprised of customers, partners, and real-world experts share best practices of planning, deploying, adopting, managing, and securing Teams. You can watch any episode at your convenience, find resources, blogs, reviews of accessories certified for Teams, bonus clips, and information regarding upcoming live broadcasts. Our next episode, “Polaris Inc., and Microsoft Teams- Reinventing how we work and play” will be airing on Oct. 28th from 10-11am PST.

For now, I’m going to assume you are running your PowerShell session with credentials that have permissions to create an OU. The cmdlet, New-ADOrganizationalUnit, is pretty straightforward.

New-ADOrganizationalUnit Help (Image Credit: Jeff Hicks)
New-ADOrganizationalUnit Help (Image Credit: Jeff Hicks)

All you need to do is specify the name of the new OU.

New-ADOrganizationalUnit -Name "Petri Users"

By default, PowerShell will create the OU off of the domain root. You can use PowerShell to get the newly created OU.
Get-ADOrganizationalUnit -Identity "OU=Petri Users,DC=globomantics,DC=Local"

Getting the new OU (Image Credit: Jeff Hicks)
Getting the new OU (Image Credit: Jeff Hicks)

Here’s the new OU in Active Directory Users and Computers.

The new OU in ADUC (Image Credit: Jeff Hicks)
The new OU in ADUC (Image Credit: Jeff Hicks)

By default, the cmdlet doesn’t write anything to the pipeline unless you use the –Passthru parameter. And if you want to create the OU in a location other than the domain root, you need to specify the distinguished name of the parent container.

New-ADOrganizationalUnit -Name Vendors -Path "OU=Employees,DC=Globomantics,DC=Local" -Description "Temporary vendor accounts" -PassThru

Creating an OU in an alternate location (Image Credit: Jeff Hicks)
Creating an OU in an alternate location (Image Credit: Jeff Hicks)

Let’s say that you need to create many OUs. If you look at help for New-ADOrganizationalUnit, you’ll see that many of the parameters can be passed by property name. This means if you pipe in an object with a matching property name, the PowerShell will assign that value to the corresponding parameter.

The benefit is that I can take a spreadsheet like this:

Office locations (Image Credit: Jeff Hicks)
Office locations (Image Credit: Jeff Hicks)

Notice that the column headings correspond to parameter names. While you could write code to read the Excel spreadsheet, it’s much easier to export to a CSV and use that within PowerShell.

Testing the location CSV file (Image Credit: Jeff Hicks)
Testing the location CSV file (Image Credit: Jeff Hicks)

I can test using –Whatif, which is important because some of the locations are child OUs, and I need to make sure the parents are created first.

Testing new OUs with Whatif (Image Credit: Jeff Hicks)
Testing new OUs with Whatif (Image Credit: Jeff Hicks)

If I am satisfied, I can run the command to create the OU structure.

import-csv s:\offices.csv | New-ADOrganizationalUnit –PassThru

Creating new OUs from a CSV file (Image Credit: Jeff Hicks)
Creating new OUs from a CSV file (Image Credit: Jeff Hicks)

Within a matter of seconds, I created and configured 15 new organizational units. Here’s the final result in Active Directory Users and Computers:

New OUs (Image Credit: Jeff Hicks)
New OUs (Image Credit: Jeff Hicks)

In the next article, we’ll explore ways of modifying and removing OUs. In the meantime, I hope you’ll fire up your test environment and try these commands out. Need a test AD, go ahead and create one, and let me know how it goes.

Related Topics:

BECOME A PETRI MEMBER:

Don't have a login but want to join the conversation? Sign up for a Petri Account

Register
Comments (1)

One response to “Creating Active Directory OUs with PowerShell”

Leave a Reply

External Sharing and Guest User Access in Microsoft 365 and Teams

This eBook will dive into policy considerations you need to make when creating and managing guest user access to your Teams network, as well as the different layers of guest access and the common challenges that accompany a more complicated Microsoft 365 infrastructure.

You will learn:

  • Who should be allowed to be invited as a guest?
  • What type of guests should be able to access files in SharePoint and OneDrive?
  • How should guests be offboarded?
  • How should you determine who has access to sensitive information in your environment?

Sponsored by: