PowerShell

Test-Environment: Building an Active Directory OU structure with Groups and Users with PowerShell Automation

By on ( 5 Comments )

You have just started learning something new and you are now about to bulid up a test environment with Windows Server ? For a good test environment, you will need a Domain-Controller and some OUs, Groups and users to play with. In this blog post I will provide a script for download that enables you to create these objects in just a few seconds, so you can start instantly.

The Script

Run the code below on your Domain-Controller, best in ISE oder Visual Studio Code.

Define OUs, groups and users of your choice in line 14-16. The script is neutral. You do not need to enter a domain name, only rename the objects if desired.

<# 
Author: Patrick Gruenauer | Microsoft PowerShell MVP [2018-2022]
Web: sid-500.com
This script is intended for use in a test environment. It creates OUs, 
Groups and Users. 
#>

# If necessary, bypass the execution policy.

Set-ExecutionPolicy -Scope Process -ExecutionPolicy Bypass -Force `
-Confirm:$false

# Define OUs, Groups and Users and Attributes here

$OUs =          'HR','Technicians','CEOs','Marketing','Groups','Workstations' 
$Groups =       'HR','Technicians','CEOs','Marketing'
$HRUsers =      'Hans Womanizer','Tatjana Schlank','Birgit Langbein',
                'Franz Bizeps'
$Technicians =  'Bernd Bullseye','Michael Hightower','Patrick Cumbersome'
$CEOs =         'Peter Travesty','Markus Haul'
$Marketing =    'Hannah Linux','Maria Azure','Susanne Amazon'
$City =         'Vienna','Berlin','New York'

# User Password 

$userpw =       '1234user!'

# Creating litte helpers ...
$root = $env:USERDNSDOMAIN.Split('.')[1]
$sub = $env:USERDNSDOMAIN.Split('.')[0]

# Create OUs

Foreach ($o in $OUs) {

New-ADOrganizationalUnit -Name $o -Verbose

}

# Create Groups

Foreach ($g in $Groups) {

New-ADGroup -Name $g `
-Path "OU=Groups,DC=$sub,DC=$root" `
-GroupScope Universal -GroupCategory Security -Verbose

}

# Create users and store them in the corresponding OU. 
# Add users to groups corresponding to the OU.

foreach ($h in $HRUsers) {

$split =    $h.split(' ')
$sam =      ($split[0].Substring(0,1) + '.' + $split[1]).ToLower()
$upn =      ($split[0].Substring(0,1) + '.' + $split[1] + '@' + 
            $env:USERDNSDOMAIN).ToLower()

New-ADUser `
-Name $h `
-GivenName $split[0] `
-Surname $split[1] `
-DisplayName $h `
-Enabled $true `
-AccountPassword (ConvertTo-SecureString -AsPlainText $userpw -Force) `
-SamAccountName $sam `
-UserPrincipalName $upn `
-Path "OU=HR,DC=$sub,DC=$root" `
-EmailAddress $upn `
-Department 'HR' `
-City (Get-Random -InputObject $City[0..3]) `
-Verbose

}

foreach ($t in $Technicians) {

$split =    $t.split(' ')
$sam =      ($split[0].Substring(0,1) + '.' + $split[1]).ToLower()
$upn =      ($split[0].Substring(0,1) + '.' + $split[1] + '@' + 
            $env:USERDNSDOMAIN).ToLower()

New-ADUser `
-Name $t `
-GivenName $split[0] `
-Surname $split[1] `
-DisplayName $t `
-Enabled $true `
-AccountPassword (ConvertTo-SecureString -AsPlainText $userpw -Force) `
-SamAccountName $sam `
-UserPrincipalName $upn `
-Path "OU=Technicians,DC=$sub,DC=$root" `
-EmailAddress $upn `
-Department 'Technicians' `
-City (Get-Random -InputObject $City[0..3]) `
-Verbose

}

foreach ($c in $CEOs) {

$split =    $c.split(' ')
$sam =      ($split[0].Substring(0,1) + '.' + $split[1]).ToLower()
$upn =      ($split[0].Substring(0,1) + '.' + $split[1] + '@' + 
            $env:USERDNSDOMAIN).ToLower()

New-ADUser `
-Name $c `
-GivenName $split[0] `
-Surname $split[1] `
-DisplayName $c `
-Enabled $true `
-AccountPassword (ConvertTo-SecureString -AsPlainText $userpw -Force) `
-SamAccountName $sam `
-UserPrincipalName $upn `
-Path "OU=CEOs,DC=$sub,DC=$root" `
-EmailAddress $upn `
-Department 'CEOs' `
-City (Get-Random -InputObject $City[0..3]) `
-Verbose

}

foreach ($m in $Marketing) {

$split =    $m.split(' ')
$sam =      ($split[0].Substring(0,1) + '.' + $split[1]).ToLower()
$upn =      ($split[0].Substring(0,1) + '.' + $split[1] + '@' + 
            $env:USERDNSDOMAIN).ToLower()

New-ADUser `
-Name $m `
-GivenName $split[0] `
-Surname $split[1] `
-DisplayName $m `
-Enabled $true `
-AccountPassword (ConvertTo-SecureString -AsPlainText $userpw -Force) `
-SamAccountName $sam `
-UserPrincipalName $upn `
-Path "OU=Marketing,DC=$sub,DC=$root" `
-EmailAddress $upn `
-Department 'Marketing' `
-City (Get-Random -InputObject $City[0..3]) `
-Verbose

}


# Add OU Users to Group

$ceosg = "OU=CEOs,DC=$sub,DC=$root"
$hrg = "OU=HR,DC=$sub,DC=$root"
$techg = "OU=Technicians,DC=$sub,DC=$root"
$marketingg = "OU=Marketing,DC=$sub,DC=$root"

Get-ADUser -Filter * -SearchBase $ceosg | 
ForEach-Object `
{Add-ADGroupMember -Identity CEOs -Members $_ -Verbose}

Get-ADUser -Filter * -SearchBase $hrg | 
ForEach-Object `
{Add-ADGroupMember -Identity HR -Members $_ -Verbose}

Get-ADUser -Filter * -SearchBase $techg | 
ForEach-Object `
{Add-ADGroupMember -Identity Technicians -Members $_ -Verbose}

Get-ADUser -Filter * -SearchBase $marketingg | 
ForEach-Object `
{Add-ADGroupMember -Identity Marketing -Members $_ -Verbose}

Start-Process dsa.msc

Thank you for reading this article and enjoy your new Active Directory test environment.

Categories: PowerShell, Windows Server

Tagged as: , , ,

Published by Patrick Gruenauer

Microsoft MVP on PowerShell [2018-2023], IT-Trainer, IT-Consultant, MCSE: Cloud Platform and Infrastructure, Cisco Certified Academy Instructor.

5 replies »

  1. Pingback: PowerShell SnippetRace 47-2021 | PowerShell Usergroup Austria

Leave a Reply

Fill in your details below or click an icon to log in:

Gravatar
WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Cancel

Connecting to %s

This site uses Akismet to reduce spam. Learn how your comment data is processed.