Creating Active Directory OUs with PowerShell

Posted on February 3, 2016 by Jeff Hicks in Active Directory, PowerShell with 0 Comments

Tutorial Hero

Normally, I think of using PowerShell for ongoing and repetitive tasks. Using PowerShell scripts and tools creates a more efficient work environment. For rare tasks that you only need to do once, it doesn’t make sense to invest time in building a PowerShell-based solution, especially if doing the task manually isn’t that complicated. In my mind, creating an Active Directory organizational unit (OU) falls into that category. It’s rather trivial to open up Active Directory Users and Computers to create a new OU.

So why use PowerShell? One scenario is to quickly build a test environment that includes an Active Directory domain. With a PowerShell script you can create hundreds of OUs in seconds. Another scenario is if you need a control mechanism. Instead of manually creating a new OU in the traditional manner, you can spend a little extra time creating a PowerShell script to do it. This script can be reviewed, tested, and include as much documentation as you need.  The script becomes a resource document that indicates what was done and why. It may only be a few lines of PowerShell commands, but it serves as a record. So how do we do this?

First, you need the most current version of the Remote Server Administration Tools (RSAT) for your desktop. Everything I’m going to show you can and should be accomplished from your admin desktop. There’s no need to log on to a server. When you configure RSAT, make sure you include the Active Directory PowerShell module.

For now, I’m going to assume you are running your PowerShell session with credentials that have permissions to create an OU. The cmdlet, New-ADOrganizationalUnit, is pretty straightforward.

New-ADOrganizationalUnit Help (Image Credit: Jeff Hicks)

New-ADOrganizationalUnit Help (Image Credit: Jeff Hicks)

All you need to do is specify the name of the new OU.

By default, PowerShell will create the OU off of the domain root. You can use PowerShell to get the newly created OU.

Getting the new OU (Image Credit: Jeff Hicks)

Getting the new OU (Image Credit: Jeff Hicks)

Here’s the new OU in Active Directory Users and Computers.

The new OU in ADUC (Image Credit: Jeff Hicks)

The new OU in ADUC (Image Credit: Jeff Hicks)

Sponsored

By default, the cmdlet doesn’t write anything to the pipeline unless you use the –Passthru parameter. And if you want to create the OU in a location other than the domain root, you need to specify the distinguished name of the parent container.

Creating an OU in an alternate location (Image Credit: Jeff Hicks)

Creating an OU in an alternate location (Image Credit: Jeff Hicks)

Let’s say that you need to create many OUs. If you look at help for New-ADOrganizationalUnit, you’ll see that many of the parameters can be passed by property name. This means if you pipe in an object with a matching property name, the PowerShell will assign that value to the corresponding parameter.

The benefit is that I can take a spreadsheet like this:

Office locations (Image Credit: Jeff Hicks)

Office locations (Image Credit: Jeff Hicks)

Notice that the column headings correspond to parameter names. While you could write code to read the Excel spreadsheet, it’s much easier to export to a CSV and use that within PowerShell.

Testing the location CSV file (Image Credit: Jeff Hicks)

Testing the location CSV file (Image Credit: Jeff Hicks)

I can test using –Whatif, which is important because some of the locations are child OUs, and I need to make sure the parents are created first.

Testing new OUs with Whatif (Image Credit: Jeff Hicks)

Testing new OUs with Whatif (Image Credit: Jeff Hicks)

If I am satisfied, I can run the command to create the OU structure.

Creating new OUs from a CSV file (Image Credit: Jeff Hicks)

Creating new OUs from a CSV file (Image Credit: Jeff Hicks)

Within a matter of seconds, I created and configured 15 new organizational units. Here’s the final result in Active Directory Users and Computers:

New OUs (Image Credit: Jeff Hicks)

New OUs (Image Credit: Jeff Hicks)

Sponsored

In the next article, we’ll explore ways of modifying and removing OUs. In the meantime, I hope you’ll fire up your test environment and try these commands out. Need a test AD, go ahead and create one, and let me know how it goes.

Sponsored

Tagged with , ,