Guy's Scripting Ezine 56 - Creating OUs
Contents for Guy's Scripting Ezine 56 - Creating OUs
Hardly a week goes by without me saying to a client, 'What you need is a test OU'. That thought led me to create a script, which will not only build a test OU, but also act as vehicle to consolidate our VBScript skills.
I have to confess, that on those occasions when I cannot quite remember the syntax, I search for the answer in my online newsletters. Rummaging through my old scripts gave me the idea to develop these ezines into an online reference point.
As Christmas in now on the horizon, this is not the time to start a new project. My theme for this week's ezine is consolidation. Whilst we create OUs (Organizational Units) primarily as containers to organize users, let us take the opportunity and learn about scripting commands such as: 'Set, Create(Object), Get(Object) and .SetInfo'.
SolarWinds' Orion performance monitor will help you discover what's happening on your network. This utility will also guide you through troubleshooting; the dashboard will indicate whether the root cause is a broken link, faulty equipment or resource overload.
What I like best is the way NPM suggests solutions to network problems. Its also has the ability to monitor the health of individual VMware virtual machines. If you are interested in troubleshooting, and creating network maps, then I recommend that you try NPM now.
On my visits to companies, it surprises my that only 60% of network managers create any OUs in their Active Directory. The rest keep all their accounts in the users container. OUs are great not only to organize user and computer accounts, but also OUs make it easier to fine tune your group policies.
Please would you inspect your Users folder in Active Directory Users and Computers and confirm that there is no symbol. My point is that Users is a container object, referenced by CN=Users, not an OU referred to by: OU=Users. This also means that Users cannot have its own Group Policy, whereas OUs can.
Meanwhile, back to the main goal, creating a top level OU with VBscript.
' VBSCript to create an OU (Organizational Unit)
Learning Points - Binding to Active Directory
Building on this theme of mastering VBScript commands, I would like to draw your attention to two sections of the script.
' Section to bind to YOUR Active Directory.
Note 1: GetObject() retrieves data, later in the full script we will make the OU with the sister command CreateObject()
Note 2: The 'Set' Command points the objRoot variable to the base of the LDAP name. Think of rootDSE as tunnelling down into the heart of Active Directory and returning with information. In this instance, naming information.
Note 3: From my point of view DefaultNamingContext is a wonderful command because I do not have to know your domain, the script retrieves the distinguished name automatically, for example dc=cp, dc=com. (DC = Domain Context, not Domain Controller). The alternative would be to 'hard code' my domain name, then ask you to search and replace with your domain. What a waste of time when I can use DefaultNamingContext.
Note 4: Set ObjDomain could be done with one line instead of two
Learning Points - Creating the actual OU
Here is the section which creates then saves the new OU.
Note 1: Guy loves variables, so here is the variable which holds the OU name: strOUContainer ="OU=AGuyOU"
Note 2: Spot the use of Set, as in Set objOU.
Note 3: What the script is saying is this, start with the domain (objDomain), now create a new OU (Not a user or a computer). And then the script extracts the name of the new OU from the strOUContainer variable.
Note 4: Another member of the Set family is .SetInfo. Take special note of .SetInfo because overlooking this command can mean that the script runs silently without error, but nothing actually gets created.
As ever Tools4Ever provide the solution to network puzzles Tools4Ever
Assumption: you have already made a parent or top level OU as described in Example1.
Creating a child OU is simple but there is a trap. Which of these two sequences should you use?
strOUContainer = parent, child. or strContainer = child, parent?
Assuming the parent is called AGuyOU, Here is the answer:
Tip: When scripting OUs pay particular attention to the placement of commas. To create a child OU we just need one comma in the string variable. (In other cases, but not here, we need two commas.)
Alter this line strOUContainer = "OU=AGuyOU" to
Challenge 2 - Adding error correcting code
If you would like to anticipate the situation where the OU has already been created, then add the following section after line 23: objOU.SetInfo. Incidentally, it makes use of the Sub ()... End Sub.. routine.
' VBSCript to create an OU (Organizational Unit)
Note 1: Adding error correcting code is a good habit to adopt.
It is surprising how often you need an OU. For example, testing Group Policies, testing Logon Scripts. There again, perhaps you just want a new OU for your accounts in Active Directory Users and Computers.
My script will build your Active Directory Organizational Unit. All you need to do is adjust the variable: