Learn What IT Pros Need to Know About Windows 11 - August 24th at 1 PM ET! Learn What IT Pros Need to Know About Windows 11 - August 24th at 1 PM ET!
Active Directory|PowerShell

Creating Active Directory OUs with PowerShell

Tutorial Hero

Normally, I think of using PowerShell for ongoing and repetitive tasks. Using PowerShell scripts and tools creates a more efficient work environment. For rare tasks that you only need to do once, it doesn’t make sense to invest time in building a PowerShell-based solution, especially if doing the task manually isn’t that complicated. In my mind, creating an Active Directory organizational unit (OU) falls into that category. It’s rather trivial to open up Active Directory Users and Computers to create a new OU.

So why use PowerShell? One scenario is to quickly build a test environment that includes an Active Directory domain. With a PowerShell script you can create hundreds of OUs in seconds. Another scenario is if you need a control mechanism. Instead of manually creating a new OU in the traditional manner, you can spend a little extra time creating a PowerShell script to do it. This script can be reviewed, tested, and include as much documentation as you need.  The script becomes a resource document that indicates what was done and why. It may only be a few lines of PowerShell commands, but it serves as a record. So how do we do this?

First, you need the most current version of the Remote Server Administration Tools (RSAT) for your desktop. Everything I’m going to show you can and should be accomplished from your admin desktop. There’s no need to log on to a server. When you configure RSAT, make sure you include the Active Directory PowerShell module.

Sponsored Content

Read the Best Personal and Business Tech without Ads

Staying updated on what is happening in the technology sector is important to your career and your personal life but ads can make reading news, distracting. With Thurrott Premium, you can enjoy the best coverage in tech without the annoying ads.

For now, I’m going to assume you are running your PowerShell session with credentials that have permissions to create an OU. The cmdlet, New-ADOrganizationalUnit, is pretty straightforward.

New-ADOrganizationalUnit Help (Image Credit: Jeff Hicks)
New-ADOrganizationalUnit Help (Image Credit: Jeff Hicks)

All you need to do is specify the name of the new OU.

New-ADOrganizationalUnit -Name "Petri Users"

By default, PowerShell will create the OU off of the domain root. You can use PowerShell to get the newly created OU.
Get-ADOrganizationalUnit -Identity "OU=Petri Users,DC=globomantics,DC=Local"

Getting the new OU (Image Credit: Jeff Hicks)
Getting the new OU (Image Credit: Jeff Hicks)

Here’s the new OU in Active Directory Users and Computers.

The new OU in ADUC (Image Credit: Jeff Hicks)
The new OU in ADUC (Image Credit: Jeff Hicks)

By default, the cmdlet doesn’t write anything to the pipeline unless you use the –Passthru parameter. And if you want to create the OU in a location other than the domain root, you need to specify the distinguished name of the parent container.

New-ADOrganizationalUnit -Name Vendors -Path "OU=Employees,DC=Globomantics,DC=Local" -Description "Temporary vendor accounts" -PassThru

Creating an OU in an alternate location (Image Credit: Jeff Hicks)
Creating an OU in an alternate location (Image Credit: Jeff Hicks)

Let’s say that you need to create many OUs. If you look at help for New-ADOrganizationalUnit, you’ll see that many of the parameters can be passed by property name. This means if you pipe in an object with a matching property name, the PowerShell will assign that value to the corresponding parameter.

The benefit is that I can take a spreadsheet like this:

Office locations (Image Credit: Jeff Hicks)
Office locations (Image Credit: Jeff Hicks)

Notice that the column headings correspond to parameter names. While you could write code to read the Excel spreadsheet, it’s much easier to export to a CSV and use that within PowerShell.

Testing the location CSV file (Image Credit: Jeff Hicks)
Testing the location CSV file (Image Credit: Jeff Hicks)

I can test using –Whatif, which is important because some of the locations are child OUs, and I need to make sure the parents are created first.

Testing new OUs with Whatif (Image Credit: Jeff Hicks)
Testing new OUs with Whatif (Image Credit: Jeff Hicks)

If I am satisfied, I can run the command to create the OU structure.

import-csv s:\offices.csv | New-ADOrganizationalUnit –PassThru

Creating new OUs from a CSV file (Image Credit: Jeff Hicks)
Creating new OUs from a CSV file (Image Credit: Jeff Hicks)

Within a matter of seconds, I created and configured 15 new organizational units. Here’s the final result in Active Directory Users and Computers:

New OUs (Image Credit: Jeff Hicks)
New OUs (Image Credit: Jeff Hicks)

In the next article, we’ll explore ways of modifying and removing OUs. In the meantime, I hope you’ll fire up your test environment and try these commands out. Need a test AD, go ahead and create one, and let me know how it goes.

Related Topics:

BECOME A PETRI MEMBER:

Don't have a login but want to join the conversation? Sign up for a Petri Account

Register
Comments (1)

One response to “Creating Active Directory OUs with PowerShell”

  1. Bubblyg

    All the images in this post are not loading/missing. What's the format of the csv pls?

Leave a Reply

Register for Advanced Microsoft 365 Day!

GET-IT: Advanced Microsoft 365 1-Day Virtual Conference - Live August 24th!

Join us on Tuesday, August 24th and hear from Microsoft MVPs and industry experts about how to take advantage of Microsoft 365 at a technical level and dive deep into the features and functionality that will make your environment more secure and compliant.

RSVP Now

Sponsored By