You have just started learning something new and you are now about to bulid up a test environment with Windows Server ? For a good test environment, you will need a Domain-Controller and some OUs, Groups and users to play with. In this blog post I will provide a script for download that enables you to create these objects in just a few seconds, so you can start instantly.
The Script
Run the code below on your Domain-Controller, best in ISE oder Visual Studio Code.
Define OUs, groups and users of your choice in line 14-16. The script is neutral. You do not need to enter a domain name, only rename the objects if desired.
<#
Author: Patrick Gruenauer | Microsoft PowerShell MVP [2018-2024]
Web: sid-500.com
This script is intended for use in a Test environment. It creates OUs,
Groups and Users.
#>
# If necessary, bypass the execution policy.
Set-ExecutionPolicy -Scope Process -ExecutionPolicy Bypass -Force -Confirm:$false
# Define OUs, Groups and Users and Attributes here
$OUs = 'HR','Technicians','CEOs','Groups'
$Groups = 'HR','Technicians','CEOs'
$HR = 'Hans Womanizer','Markus Haul','Birgit Immerfroh','Franz Bizeps'
$Technician = 'Bernd Bullseye','Michael Hightower','Markus PowerShell'
$CEO = 'Peter Travesty','Tatjana Schlank'
$City = 'Vienna','Berlin','New York'
# User Password
$userpw = Read-Host "Enter a password for the users"
# Creating litte helpers ...
$root = $env:USERDNSDOMAIN.Split('.')[1]
$sub = $env:USERDNSDOMAIN.Split('.')[0]
# Create OUs
Foreach ($o in $OUs) {
New-ADOrganizationalUnit -Name $o -Verbose
}
# Create Groups
Foreach ($g in $Groups) {
New-ADGroup -Name $g `
-Path "OU=Groups,DC=$sub,DC=$root" `
-GroupScope Universal -GroupCategory Security -Verbose
}
# Create users and store them in the corresponding OU.
# Add users to groups corresponding to the OU.
foreach ($h in $HR) {
$split = $h.split(' ')
$sam = ($split[0].Substring(0,1) + '.' + $split[1]).ToLower()
$upn = ($split[0].Substring(0,1) + '.' + $split[1] + '@' +
$env:USERDNSDOMAIN).ToLower()
New-ADUser `
-Name $h `
-GivenName $split[0] `
-Surname $split[1] `
-DisplayName $h `
-Enabled $true `
-AccountPassword (ConvertTo-SecureString -AsPlainText $userpw -Force) `
-SamAccountName $sam `
-UserPrincipalName $upn `
-Path "OU=HR,DC=$sub,DC=$root" `
-EmailAddress $upn `
-Department 'HR' `
-City (Get-Random -InputObject $City[0..3]) `
-Verbose
}
foreach ($t in $Technician) {
$split = $t.split(' ')
$sam = ($split[0].Substring(0,1) + '.' + $split[1]).ToLower()
$upn = ($split[0].Substring(0,1) + '.' + $split[1] + '@' +
$env:USERDNSDOMAIN).ToLower()
New-ADUser `
-Name $t `
-GivenName $split[0] `
-Surname $split[1] `
-DisplayName $t `
-Enabled $true `
-AccountPassword (ConvertTo-SecureString -AsPlainText $userpw -Force) `
-SamAccountName $sam `
-UserPrincipalName $upn `
-Path "OU=Technicians,DC=$sub,DC=$root" `
-EmailAddress $upn `
-Department 'Technicians' `
-City (Get-Random -InputObject $City[0..3]) `
-Verbose
}
foreach ($c in $CEO) {
$split = $c.split(' ')
$sam = ($split[0].Substring(0,1) + '.' + $split[1]).ToLower()
$upn = ($split[0].Substring(0,1) + '.' + $split[1] + '@' +
$env:USERDNSDOMAIN).ToLower()
New-ADUser `
-Name $c `
-GivenName $split[0] `
-Surname $split[1] `
-DisplayName $c `
-Enabled $true `
-AccountPassword (ConvertTo-SecureString -AsPlainText $userpw -Force) `
-SamAccountName $sam `
-UserPrincipalName $upn `
-Path "OU=CEOs,DC=$sub,DC=$root" `
-EmailAddress $upn `
-Department 'CEOs' `
-City (Get-Random -InputObject $City[0..3]) `
-Verbose
}
# Add OU Users to Group
$CEOg = "OU=CEOs,DC=$sub,DC=$root"
$hrg = "OU=HR,DC=$sub,DC=$root"
$techg = "OU=Technicians,DC=$sub,DC=$root"
$HRg = "OU=HR,DC=$sub,DC=$root"
Get-ADUser -Filter * -SearchBase $CEOg |
ForEach-Object {Add-ADGroupMember -Identity CEOs -Members $_ -Verbose}
Get-ADUser -Filter * -SearchBase $hrg |
ForEach-Object {Add-ADGroupMember -Identity HR -Members $_ -Verbose}
Get-ADUser -Filter * -SearchBase $techg |
ForEach-Object {Add-ADGroupMember -Identity Technicians -Members $_ -Verbose}
Get-ADUser -Filter * -SearchBase $HRg |
ForEach-Object {Add-ADGroupMember -Identity HR -Members $_ -Verbose}
Start-Process dsa.msc
Thank you for reading this article and enjoy your new Active Directory test environment.
Categories: PowerShell, Windows Server
Have you thought about adapting to desired state configuration?
LikeLike
Desired state is an option I don’t use in Active Directory. Think it’s outdated!? Don’t know just didn’t heared much about it lately.
LikeLike
I think that it can configure a dev environment. I haven’t tried. But I think I want to. Nice script though.
LikeLike
Thank you
LikeLike