Home Windows Server Active Directory Managing Organisation Units with Microsoft Powershell

Managing Organisation Units with Microsoft Powershell

By
Simon Lee
-
837
0
Reading Time: 4 minutes

In this blog post, I will cover the principles of creating Organisational Units using Microsoft Powershell.

Pre-Note: This post, presumes that you have an active directory server already configured and an understanding of PowerShell active directory modules.
If you want to learn about deploying Active Directory [Check Here]

Ok so first step, if you are using a remote server, you will want to check that you have the following RSAT-AD Management Tools installed.

Get-WindowsFeature | Where 'Name' -like '*RSAT-AD*'

To install the AD RSAT Tools we can use the following command.

Get-WindowsFeature | Where Name -like *RSAT-AD* | Install-WindowsFeature -Verbose

Next, we need to import the ActiveDirectory Powershell Module into the current session.

Import-Module -Name 'ActiveDirectory'

As we only need a specific set of commands for the post, we can use the Where-Object and filter the Active Directory COmmands to just to *Organisational*.

Get-Command -Module 'ActiveDirectory' | Where Name -like '*Organizational*'

This is the current ad.hypervlab.co.uk Domain with Pre-Configured Organisational Units.

To Create a new Organisational Unit we need the root of the domain.
DC=ad,DC=hypervlab,DC=co,DC=uk and then the root OU which we want to create additional OUs under.

So to create an Organisation Unit in the root of the domain we can use the following command below.

NOTE: When using Windows Server 2016 Functional Level, it now looks like that all Organisational Units are protected from accidental deletion.

New-ADOrganizationalUnit -Name 'Pwsh-OU' -Path 'DC=ad,DC=hypervlab,DC=co,DC=uk'

Now Refreshing the Active Directory Users and Computers we can see the OU we created.

Creating Multiple OUs

One of the reasons why I learnt PowerShell was to help with automation when building new lab environments from time to time, I’ve worked on various scripts to help me save time, and occasionally use them in production environments. In the example below is a script which shows how can go from a green active directory to having a complete OU Structure deployed within a matter of minutes. 

# Import Active Directory Module
Import-Module -Name ActiveDirectory

# Top Level 
New-ADOrganizationalUnit -Name "HYPERVLAB" 

# Sub Top Level 
New-ADOrganizationalUnit -Name "User Accounts" -Path "OU=HYPERVLAB,DC=ad,DC=hypervlab,DC=co,DC=uk" 
New-ADOrganizationalUnit -Name "Company Directors" -Path "OU=User Accounts,OU=HYPERVLAB,DC=ad,DC=hypervlab,DC=co,DC=uk" 
New-ADOrganizationalUnit -Name "Human Resources" -Path "OU=User Accounts,OU=HYPERVLAB,DC=ad,DC=hypervlab,DC=co,DC=uk" 
New-ADOrganizationalUnit -Name "Account Managers" -Path "OU=User Accounts,OU=HYPERVLAB,DC=ad,DC=hypervlab,DC=co,DC=uk" 
New-ADOrganizationalUnit -Name "Company Directors" -Path "OU=User Accounts,OU=HYPERVLAB,DC=ad,DC=hypervlab,DC=co,DC=uk" 

# Sub Top Level 
New-ADOrganizationalUnit -Name "Workstations" -Path "OU=HYPERVLAB,DC=ad,DC=hypervlab,DC=co,DC=uk" 
New-ADOrganizationalUnit -Name "Floor_1" -Path "OU=Workstations,OU=HYPERVLAB,DC=ad,DC=hypervlab,DC=co,DC=uk" 
New-ADOrganizationalUnit -Name "Floor_2" -Path "OU=Workstations,OU=HYPERVLAB,DC=ad,DC=hypervlab,DC=co,DC=uk" 

# Sub Top Level 
New-ADOrganizationalUnit -Name "Infrastucture" -Path "OU=HYPERVLAB,DC=ad,DC=hypervlab,DC=co,DC=uk" 
New-ADOrganizationalUnit -Name "Service Accounts" -Path "OU=Infrastucture,OU=HYPERVLAB,DC=ad,DC=hypervlab,DC=co,DC=uk" 
New-ADOrganizationalUnit -Name "Virtual Hosts" -Path "OU=Infrastucture,OU=HYPERVLAB,DC=ad,DC=hypervlab,DC=co,DC=uk" 
New-ADOrganizationalUnit -Name "Physical Servers" -Path "OU=Infrastucture,OU=HYPERVLAB,DC=ad,DC=hypervlab,DC=co,DC=uk" 
New-ADOrganizationalUnit -Name "Virtual Servers" -Path "OU=Infrastucture,OU=HYPERVLAB,DC=ad,DC=hypervlab,DC=co,DC=uk" 
New-ADOrganizationalUnit -Name "Remote Desktop Cluster" -Path "OU=Infrastucture,OU=HYPERVLAB,DC=ad,DC=hypervlab,DC=co,DC=uk" 

# Sub Top Level 
New-ADOrganizationalUnit -Name "Security Groups" -Path "OU=HYPERVLAB,DC=ad,DC=hypervlab,DC=co,DC=uk" 
New-ADOrganizationalUnit -Name "Security" -Path "OU=Security Groups,OU=HYPERVLAB,DC=ad,DC=hypervlab,DC=co,DC=uk" 
New-ADOrganizationalUnit -Name "Distribution" -Path "OU=Security Groups,OU=HYPERVLAB,DC=ad,DC=hypervlab,DC=co,DC=uk"

Removing an Organisational Unit with Powershell

To Remove an Organisational UNit with Powershell, firstly we need to remove the delete protection parameter. The graphic below shows the error you would review with the delete protection enabled.

To Disable the delete protection we can run the following PowerShell Command 

Set-ADOrganizationalUnit 'OU=Pwsh-OU,DC=ad,DC=hypervlab,DC=co,DC=uk' -ProtectedFromAccidentalDeletion $false

Now if we check the OU Object Properties we can see that the delete protection has been revoked and is now ready for delete.

Now running the following command to remove the Organisation Unit, Notice the error message as not prompted and the Organisational Unit as been removed from the OU 

Remove-ADOrganizationalUnit 'OU=Pwsh-OU,DC=ad,DC=hypervlab,DC=co,DC=uk'

RELATED ARTICLESMORE FROM AUTHOR

LEAVE A REPLY

Please enter your comment!
Please enter your name here