Create new OU in AD using PowerShell
Scenario:
Create new OU in AD using PowerShell
This time we will see a very simple script that performs changes in Active Directory. The script allows you to perform one single task, which is to create a new Organizational Unit in Active Directory. Although this can be done with just a single command, the reason behind this script is a little bit different. You might find that there was no need to write this script and that it is not useful, but you can consider it only for educational purposes or as a concept to perform other tasks.
The logic behind the writing of the script was that none of the IT Administrators will be under Domain Admins Group at any time. So some changes, that might need Domain Admin permissions, IT Administrator they are able to add themselves in Domain Admins group and perform the changes. After that the IT Administrator need to remove himself from the Group. So based on this, the below script has been created. In general, the below script adds the IT Administrator in Domain Admins group, create the Organizational Unit in Active Directory and then removes the IT Administrator from Domain Admins group again.
Let see in more details
First we define the information that will be shown on the screen for the user to add in the Domain Admins group. This user should be the same with the user running the script. Then we have a switch group with numbers. Each number represents each of the users shown in the information that we have already shown on the screen. In the example below the numbers are from 1 to 5. If the user inputs a different number then the script will inform the user that he wrote a wrong number and need to run the script again. If the number is correct we have a switch that will perform a task accordingly. This task is to add the specific user that has been selected in Domain Admins group.
Then we will start the process to create the new Organizational Unit. The script expects from the administrator to give the name of the Organizational Unit. After the user has input the name of the Organizational Unit, the script will give an example of the path that admin needs to create the new Organization Unit and asks the administrator to give the path. If the administrator will not give any path then the Organizational Unit will be created under the root path, which is already configured as domain.com. After the administrator has provided all the information, the script will create the Organizational Unit under the specific path and will inform the administrator that task has been completed. At this point the main task of the script is completed.
Run the script again
Then the script will ask the administrator if he wants to create another organizational unit. We use a do..while loop for this as it accepts only “y” and “n” as an answer. If the answer is anything else than y/n it will keep asking the administrator to provide the correct answer providing also information that the answer is wrong and what are the acceptable answers. As you may have noticed, the main task is enclosed under a do while loop again so we can run the task multiple times without running the script over and over again. If the answer is “y”, the script will go through the main task again. If the answer is “n” then the script will exist the loop and will remove the admin, that has been selected before, from Domain Admins group.
You can download the script here or copy it from below.
Hope you like it. If you have any questions or anything else please let me know in the comments below.
Related Links:
- Read-Host – Microsoft Docs
- Add-ADGroupMember – Microsoft Docs
- Write-Host – Microsoft Docs
- New-ADOrganizationalUnit – Microsoft Docs
- Remove-ADGroupMember – Microsoft Docs
Solution / Script:
$again = "y"
$userinput = "wrong"
$userinfo = @"
List of names:
1. User One
2. User Two
3. User Three
4. User Four
5. User Five
"@
Write-Host = $userinfo
$currentuser = Read-Host 'Please select the number that represents your name'
switch ($currentuser){
1 {Add-ADGroupMember -Identity "Domain Admins" "User1"
Write-Host @"
User One added in Domain Admins Group
"@
}
2 {Add-ADGroupMember -Identity "Domain Admins" "User2"
Write-Host @"
User Two added in Domain Admins Group
"@
}
3 {Add-ADGroupMember -Identity "Domain Admins" "User3"
Write-Host @"
User Three added in Domain Admins Group
"@
}
4 {Add-ADGroupMember -Identity "Domain Admins" "User4"
Write-Host @"
User Four added in Domain Admins Group
"@
}
5 {Add-ADGroupMember -Identity "Domain Admins" "User5"
Write-Host @"
User Five added in Domain Admins Group
"@
}
default {"You have entered a wrong number. Run the scipt again"; Exit}
}
while ($again -eq "y") {
$ou = Read-Host 'Please provide the name of the OU that you need to create (without spaces)'
Write-Host @"
Path format: OU=ParentofNewOU,OU=AnotherParent,DC=domain,DC=com
"@
$oupath = Read-Host 'Please provide the path of the new OU if it is NOT under root path. (Default is root path)'
if ($oupath -eq "") {$oupath = "DC=domain,DC=com"}
New-ADOrganizationalUnit "$ou" -Path "$oupath"
Write-Host "$ou OU has been created under $oupath."
do {
$answer = Read-Host -Prompt 'Do you want to run it again? (y/n)'
If (($answer -eq "n") -or ($answer -eq "y")){
$userinput = "correct"
}
else{
$userinput = "wrong"
Write-Host @"
You have entered a wrong answer.
Please enter y [YES] or n [NO]
"@
}
} while ($userinput -eq "wrong")
$again = $answer
}
switch ($currentuser){
1 { Remove-ADGroupMember -Identity "Domain Admins" "User One"
Write-Host "User One removed in Domain Admins Group"}
2 { Remove-ADGroupMember -Identity "Domain Admins" "User Two"
Write-Host "User Two removed in Domain Admins Group"}
3 { Remove-ADGroupMember -Identity "Domain Admins" "User Three"
Write-Host "User Three removed in Domain Admins Group"}
4 { Remove-ADGroupMember -Identity "Domain Admins" "User Four"
Write-Host "User Four removed in Domain Admins Group"}
5 { Remove-ADGroupMember -Identity "Domain Admins" "User Five"
Write-Host "User Five removed in Domain Admins Group"}
default {"You have entered a wrong number. Run the scipt again"; Exit}
}
[…] on February 22, 2018by admin submitted by /u/SConstantinou [link] [comments] No comments […]