Saturday, August 1, 2015 8:11 AM
Sometimes you'd like to test your scripts/polices/solution before the implementation against thousands of users. And as usuall, your personal LAB is too poor, on the other side your Admin considers OU creation in crime categories. I love these stories … "I won't create this GPO until you show me that it works. " I would say a typical IT paradox.
Psssst… the beer is open.
Let's create some better OU structure on my LAB domain. Cheers!
If you wondering how to build a domain and DC, I'd recommend you one of my previous posts: this or this. Once you've got an empty domain time to add some user and computer accounts. As usual uncle PowerShell is happy to help you.
$myDomain = " DC=testdomain,DC=net"
$myOU = "TEST"
$myPath = "OU="+$myOU+","+$myDomain
New-ADOrganizationalUnit -name $myOU -path "$myDomain" -ProtectedFromAccidentalDeletion $false
$testOU = Get-ADOrganizationalUnit -Identity "$myPath"
New-ADOrganizationalUnit -Name Server -Path $testOU -ProtectedFromAccidentalDeletion $false
New-ADOrganizationalUnit -Name Desktop -Path $testOU -ProtectedFromAccidentalDeletion $false
New-ADOrganizationalUnit -Name Laptop -Path $testOU -ProtectedFromAccidentalDeletion $false
New-ADOrganizationalUnit -Name User -Path $testOU -ProtectedFromAccidentalDeletion $false
New-ADOrganizationalUnit -Name Group -Path $testOU -ProtectedFromAccidentalDeletion $false
$ServerOU = Get-ADOrganizationalUnit -Identity "OU=Server,$myPath"
$desktopOU = Get-ADOrganizationalUnit -Identity "OU=Desktop,$myPatht"
$laptopOU = Get-ADOrganizationalUnit -Identity "OU=Laptop,$myPatht"
$userOU = Get-ADOrganizationalUnit -Identity "OU=User,$myPath"
$groupOU = Get-ADOrganizationalUnit -Identity "OU=Group,$myPath"
New-ADGroup -Name Marketing -GroupScope Global -Path $groupOU
New-ADGroup -Name HR -GroupScope Global -Path $groupOU
New-ADGroup -Name Sales -GroupScope Global -Path $groupOU
New-ADGroup -Name IT -GroupScope Global -Path $groupOU
$MarketingGroup = Get-ADGroup -Identity "CN=Marketing,OU=Group,$myPath"
$hrGroup = Get-ADGroup -Identity "CN=HR,OU=Group,$myPath"
$SalesGroup = Get-ADGroup -Identity "CN=Sales,OU=Group,$myPath"
$ITGroup = Get-ADGroup -Identity "CN=IT,OU=Group,$myPath"
New-ADGroup -Name EMEA -GroupScope DomainLocal -Path $groupOU
New-ADGroup -Name AMER -GroupScope DomainLocal -Path $groupOU
New-ADGroup -Name APAC -GroupScope DomainLocal -Path $groupOU
$emeaGroup = Get-ADGroup -Identity "CN=EMEA,OU=Group,$myPath"
$amerGroup = Get-ADGroup -Identity "CN=AMER,OU=Group,$myPath"
$apacGroup = Get-ADGroup -Identity "CN=APAC,OU=Group,$myPath"
1..100 | %{ New-ADUser -Name TestUser$_ -Path $userOU}
1..100 | %{ New-ADComputer -Name Desktop$_ -Path $desktopOU}
1..100 | %{ New-ADComputer -Name Laptop$_ -Path $laptopOU}
1..50 | %{ New-ADComputer -Name Server$_ -Path $ServerOU}
1..100 | % {
$luckyShot = Get-Random(5)
if ($luckyShot -eq 1) {Add-ADGroupMember $MarketingGroup -Members TestUser$_ }
if ($luckyShot -eq 2) {Add-ADGroupMember $hrGroup -Members TestUser$_ }
if ($luckyShot -eq 3) {Add-ADGroupMember $SalesGroup -Members TestUser$_ }
if ($luckyShot -eq 4) {Add-ADGroupMember $ITGroup -Members TestUser$_ }
if ($luckyShot -lt 1) {Add-ADGroupMember $emeaGroup -Members TestUser$_ }
elseif ($luckyShot -gt 3) {Add-ADGroupMember $amerGroup -Members TestUser$_ }
else {Add-ADGroupMember $apacGroup -Members TestUser$_ }
}
the script is pretty simple; it creates a simple OU structure plus 100 child objects. To emulate real live scenarios, I randomly assigned users to groups. Would it be nice to create some GPO objects? Sorry man, my beer is empty …