MikeEdd
asked on
Powershell AD OU Structure from csv file
Im trying to create a script to do two things first is to create an OU structure using the following formatted into a CSV File
Domain,First Level OU,SecondLevel OU ,Third Level OU,Final OU name
Domain.com,UserOU,SALes,,I
Domain.com,UserOU,SALes,,E
Domain.com,UserOU,Accounts
Domain.com,UserOU,Accounts
Domain.com,UserOU,,,IT Team
Domain.com,UserOU,,,Comms team
Domain.com,UserOU,Finace,L
Domain.com,UserOU,Fiance,a
as you can see the OU's end at various levels
then the scritp is to create a group for each OU
so an example in the finance OU would be two groups "Ledgers" and Auditors"
and in the OU Ledgers a group called "Mikes Team"
hope this makes sence to you
Mike
Domain,First Level OU,SecondLevel OU ,Third Level OU,Final OU name
Domain.com,UserOU,SALes,,I
Domain.com,UserOU,SALes,,E
Domain.com,UserOU,Accounts
Domain.com,UserOU,Accounts
Domain.com,UserOU,,,IT Team
Domain.com,UserOU,,,Comms team
Domain.com,UserOU,Finace,L
Domain.com,UserOU,Fiance,a
as you can see the OU's end at various levels
then the scritp is to create a group for each OU
so an example in the finance OU would be two groups "Ledgers" and Auditors"
and in the OU Ledgers a group called "Mikes Team"
hope this makes sence to you
Mike
ASKER
Thanks
But I dont think it helps me (unless I cant see it) with the recursive creation. I could use that method but it would fail and error.
as some of the ou's are only 2 deep while others are 4 deep ect...
(need to go 7 levels deep in production)
The test script ive created so far is able to create the end OU only if the structure is already in place!
but I need to create the structure from scratch and then populate it with groups based on OU names and then eventually Users
Ive done this in my test enviroment by tweaking the csv file, but in production enviroment this isnt possible as its based on a HR output which I dont want to have to edit
But I dont think it helps me (unless I cant see it) with the recursive creation. I could use that method but it would fail and error.
as some of the ou's are only 2 deep while others are 4 deep ect...
(need to go 7 levels deep in production)
The test script ive created so far is able to create the end OU only if the structure is already in place!
but I need to create the structure from scratch and then populate it with groups based on OU names and then eventually Users
Ive done this in my test enviroment by tweaking the csv file, but in production enviroment this isnt possible as its based on a HR output which I dont want to have to edit
i changed the csv header to have no spaces:domain,FirstLevelOU
function Test-QADObject {
param($Identity)
(Get-QADObject $Identity -DontUseDefaultIncludedProperties `
-WarningAction SilentlyContinue -ErrorAction SilentlyContinue `
-SizeLimit 1) -ne $null
}
$dataSource = import-csv "c:\temp\ou.csv"
foreach ($dataRecord in $dataSource){
#Domain,FirstLevelOU,SecondLevelOU,ThirdLevelOU,FinalOUname
$Domain = $dataRecord.Domain
$FirstLevelOU = $dataRecord.FirstLevelOU
$SecondLevelOU = $dataRecord.SecondLevelOU
$ThirdLevelOU = $dataRecord.ThirdLevelOU
$FinalOUname = $dataRecord.FinalOUname
$Connection = ($Domain.Replace(".",",DC=")).Insert(0,"LDAP://DC=")
$AD = [adsi] $Connection
$Identity = $Connection.Replace("LDAP://", "ou=" + $FirstLevelOU + ",")
$ldap=$Connection
if((Test-QADObject $Identity) -eq $false){
$OU = $AD.Create("OrganizationalUnit", "ou=" + $FirstLevelOU)
$OU.SetInfo()
$ldap=$OU.Path
}else{
$ldap = $ldap.Replace("LDAP://", "LDAP://ou=" + $FirstLevelOU + ",")
}
if ($SecondLevelOU.Trim().Length -ne 0){
$Identity = $ldap.Replace("LDAP://", "ou=" + $SecondLevelOU + ",")
if((Test-QADObject $Identity) -eq $false){
$AD = [adsi] $ldap
$OU = $AD.Create("OrganizationalUnit", "ou=" + $SecondLevelOU)
$OU.SetInfo()
$ldap=$OU.Path
}else{
$ldap = $ldap.Replace("LDAP://", "LDAP://ou=" + $SecondLevelOU + ",")
}
}
if ($ThirdLevelOU.Trim().Length -ne 0){
$Identity = $ldap.Replace("LDAP://", "ou=" + $ThirdLevelOU + ",")
if((Test-QADObject $Identity) -eq $false){
$AD = [adsi] $ldap
$OU = $AD.Create("OrganizationalUnit", "ou=" + $ThirdLevelOU)
$OU.SetInfo()
$ldap=$OU.Path
}else{
$ldap = $ldap.Replace("LDAP://", "LDAP://ou=" + $ThirdLevelOU + ",")
}
}
if ($FinalOUname.Trim().Length -ne 0){
$Identity = $ldap.Replace("LDAP://", "ou=" + $FinalOUname + ",")
if((Test-QADObject $Identity) -eq $false){
$AD = [adsi] $ldap
$OU = $AD.Create("OrganizationalUnit", "ou=" + $FinalOUname)
$OU.SetInfo()
}
}
}
Hey guys!
Just so you know, DirectoryEntry (the [ADSI] thing) has a static method called Exists. Just like this:
[ADSI]::Exists("LDAP://OU=
That'd replace Test-QADObject. Otherwise I recommend switching to New-QADObject to create. Only for the sake of consistency you see :)
And I reckon you can avoid the hard-coding of level if you treat it as text instead of CSV.
Perhaps... haven't tested it beyond text processing :)
HTH
Chris
$Import = Get-Content test.csv
# Loop through the file
For ($i = 1; $i -lt $Import.Count; $i++) {
# Split the line and discard empty entries
$OUs = $Import[$i].Split(",", [StringSplitOptions]::RemoveEmptyEntries)
# Set the starting point
$NewPath = "dc=domain,dc=com"
# Loop through the line
For ($j = 1; $j -lt $OUs.Count; $j++) {
# Current is the last NewPath value
$CurrentPath = $NewPath
# Prefix the current column
$NewPath = "ou=$($OUs[$j]),$NewPath"
If (!([ADSI]::Exists("LDAP://$NewPath")) {
Write-Verbose "Creating $NewPath"
# Doesn't already exist. Make it.
$OU = ([ADSI]"LDAP://$CurrentPath").Create("organizationalUnit", "ou=$($OUs[$j])")
$OU.SetInfo()
}
}
}
I missed out Group creation. I've added that here.
I think this is right, has a bug fix or two for the above as well.
Chris
$Import = Get-Content test.csv
# Loop through the file
For ($i = 1; $i -lt $Import.Count; $i++) {
# Split the line and discard empty entries
$OUs = $Import[$i].Split(",", [StringSplitOptions]::RemoveEmptyEntries)
# Set the starting point
$NewPath = "dc=domain,dc=com"
# Loop through the line
For ($j = 1; $j -lt $OUs.Count; $j++) {
# Current is the last NewPath value
$CurrentPath = $NewPath
# Prefix the current column
$NewPath = "ou=$($OUs[$j]),$CurrentPath"
$GroupPath = "cn=$($OUs[$j]),$CurrentPath"
If (!([ADSI]::Exists("LDAP://$NewPath"))) {
Write-Verbose "Creating OU: $NewPath"
# Doesn't already exist. Make it.
$OU = ([ADSI]"LDAP://$CurrentPath").Create("organizationalUnit", "ou=$($OUs[$j])")
$OU.SetInfo()
}
If (!([ADSI]::Exists("LDAP://$GroupPath"))) {
Write-Verbose "Creating Group: $GroupPath"
$Group = ([ADSI]"LDAP://$CurrentPath").Create("group", "cn=$($OUs[$j])")
$Group.Put("sAMAccountName", "$($OUs[$j]) -Replace ' ')")
$Group.SetInfo()
}
}
}
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
Thanks Chris,
this is what I have so for ( a Little tweak for the production env, as alot of the groups already exsist)
and to put the group in the OU with the same name
how hard would it now be to add the groups recussivly to the Group in the OU above it location?
so that
Pats team ADGroup, is a member of Internal ADGroup
Internal ADGroup, is a member of Accounts ADGroup
Accounts ADGroup, is a member of UserOU ADGroup
what my end game result will be is to use this structure for the Data structure too and use the same groups for access,
then when I create a new user I add them to the correct OU and "OUname ADGroup" and the permissions are all set
thanks
this is what I have so for ( a Little tweak for the production env, as alot of the groups already exsist)
and to put the group in the OU with the same name
how hard would it now be to add the groups recussivly to the Group in the OU above it location?
so that
Pats team ADGroup, is a member of Internal ADGroup
Internal ADGroup, is a member of Accounts ADGroup
Accounts ADGroup, is a member of UserOU ADGroup
what my end game result will be is to use this structure for the Data structure too and use the same groups for access,
then when I create a new user I add them to the correct OU and "OUname ADGroup" and the permissions are all set
thanks
$Import = Get-Content "C:\Scripts\PowerShell\OU Creation\test.csv"
# Loop through the file
For ($i = 1; $i -lt $Import.Count; $i++) {
# Split the line and discard empty entries
$OUs = $Import[$i].Split(",", [StringSplitOptions]::RemoveEmptyEntries)
#echo $ous
# Set the starting point
$NewPath = "dc=test,dc=domain,dc=com"
# Loop through the line
For ($j = 1; $j -lt $OUs.Count; $j++) {
# Current is the last NewPath value
$CurrentPath = $NewPath
# Prefix the current column
$NewPath = "ou=$($OUs[$j]),$CurrentPath"
$GroupPath = "cn=$($OUs[$j]),$CurrentPath"
If (!([ADSI]::Exists("LDAP://$NewPath"))) {
Write-Verbose "Creating OU: $NewPath"
# Doesn't already exist. Make it.
$OU = ([ADSI]"LDAP://$CurrentPath").Create("organizationalUnit", "ou=$($OUs[$j])")
$OU.SetInfo()
}
If (!([ADSI]::Exists("LDAP://$GroupPath"))) {
Write-Verbose "Creating Group: $GroupPath"
#$temp = "cn=$($OUs[$j]) ADGroup"
#echo $temp
$Group = ([ADSI]"LDAP://$CurrentPath").Create("group", "ou=$($OUs[$j]) ADGroup,ou=$($OUs[$j])")
$Group.Put("sAMAccountName", "$($OUs[$j] -Replace ' ') ADGroup")
echo $Group
$Group.SetInfo()
}
}
}In theory all we should need is one line.
([ADSI]"LDAP://$($CurrentP
This takes the current path, replaces "OU=" with "CN=" at the beginning, that gets us the group in the parent OU. Then it attempts to add the newly created group as a member.
We might also store the previous GroupPath (in addition to CurrentPath) but I figured this had a chance of being less code :)
Chris
ASKER
Ok Almost there I think...
However
when it tries to create the groups now I get eth error
Exception calling "SetInfo" with "0" argument(s): "There is a naming violation. (Exception from HRESULT: 0x80072037)"
At C:\Scripts\PowerShell\OU Creation\OUcreation.ps1:37
+ $Group.SetInfo <<<< ()
+ CategoryInfo : NotSpecified: (:) [], MethodInvocationException
+ FullyQualifiedErrorId : CatchFromBaseAdapterMethod
However
when it tries to create the groups now I get eth error
Exception calling "SetInfo" with "0" argument(s): "There is a naming violation. (Exception from HRESULT: 0x80072037)"
At C:\Scripts\PowerShell\OU Creation\OUcreation.ps1:37
+ $Group.SetInfo <<<< ()
+ CategoryInfo : NotSpecified: (:) [], MethodInvocationException
+ FullyQualifiedErrorId : CatchFromBaseAdapterMethod
$Import = Get-Content "C:\Scripts\PowerShell\OU Creation\test.csv"
# Loop through the file
For ($i = 1; $i -lt $Import.Count; $i++) {
# Split the line and discard empty entries
$OUs = $Import[$i].Split(",", [StringSplitOptions]::RemoveEmptyEntries)
#echo $ous
# Set the starting point
$NewPath = "dc=domain,dc=com"
# Loop through the line
For ($j = 1; $j -lt $OUs.Count; $j++) {
# Current is the last NewPath value
$CurrentPath = $NewPath
# Prefix the current column
$NewPath = "ou=$($OUs[$j]),$CurrentPath"
$GroupPath = "cn=$($OUs[$j]),$CurrentPath"
If (!([ADSI]::Exists("LDAP://$NewPath"))) {
Write-Verbose "Creating OU: $NewPath"
# Doesn't already exist. Make it.
$OU = ([ADSI]"LDAP://$CurrentPath").Create("organizationalUnit", "ou=$($OUs[$j])")
$OU.SetInfo()
}
If (!([ADSI]::Exists("LDAP://$GroupPath"))) {
Write-Verbose "Creating Group: $GroupPath"
$Group = ([ADSI]"LDAP://$CurrentPath").Create("group", "ou=$($OUs[$j]) ADGroup,ou=$($OUs[$j])")
echo $Group
$Group.Put("sAMAccountName", "$($OUs[$j] -Replace ' ') ADGroup")
echo $Group
$Group.SetInfo()
#$k = $j-1
#$test2 = $OUs[$k]
#$test3 = "$test2 ADGroup"
#$ExsGroup = "cn=$test3,$CurrentPath"
# echo $Exsgroup
#$AddGroup = "cn=$($OUs[$j]) ADGroup,$($grouppath -Replace '^cn=', 'ou=')"
#echo $addgroup
#echo "Current path $currentpath"
#([ADSI]"LDAP://$addgroup").Add("LDAP://$Exsgroup")
#echo $groupname
}
}
}I had meant to check that today, I couldn't last night.
Anyway, we cannot give two objects in the same container the same name. We might suffix the group with something to distinguish it?
Chris
ASKER
yeah I added ADG to the end
Mike
Mike
ASKER
Thanks for your help and sorry about the delay in closing the Q.
Mike
Mike
I recommend using the Quest cmdlets.