Guy’s Scripting Ezine 56 – Creating OUs

Contents for Guy’s Scripting Ezine 56 – Creating OUs

See an update for Creating OU here, includes Error Correcting Code.

• This Week’s Secret
• This week’s consolidation
• Example 1 – Creating a top level OU
• Example 2 – Creating a child OU
• Challenges
• Summary

This Week’s Secret

Hardly a week goes by without me saying to a client, ‘What you need is a test OU’.  That thought led me to create a script, which will not only build a test OU, but also act as vehicle to consolidate our VBScript skills.

I have to confess, that on those occasions when I cannot quite remember the syntax, I search for the answer in my online newsletters.  Rummaging through my old scripts gave me the idea to develop these ezines into an online reference point.

This week’s consolidation of VBScript commands

As Christmas in now on the horizon, this is not the time to start a new project.  My theme for this week’s ezine is consolidation.  Whilst we create OUs (Organizational Units) primarily as containers to organize users, let us take the opportunity and learn about scripting commands such as: ‘Set, Create(Object), Get(Object) and .SetInfo’.

Guy Recommends:  A Free Trial of the Network Performance Monitor (NPM) v11.5

SolarWinds’ Orion performance monitor will help you discover what’s happening on your network.  This utility will also guide you through troubleshooting; the dashboard will indicate whether the root cause is a broken link, faulty equipment or resource overload.

What I like best is the way NPM suggests solutions to network problems.  Its also has the ability to monitor the health of individual VMware virtual machines.  If you are interested in troubleshooting, and creating network maps, then I recommend that you try NPM now.

Download a free trial of Solarwinds’ Network Performance Monitor

Example 1 – Create a top level OU

On my visits to companies, it surprises my that only 60% of network managers create any OUs in their Active Directory.  The rest keep all their accounts in the users container.  OUs are great not only to organize user and computer accounts, but also OUs make it easier to fine tune your group policies.

Please would you inspect your Users folder in Active Directory Users and Computers and confirm that there is no symbol.  My point is that Users is a container object, referenced by CN=Users, not an OU referred to by: OU=Users.  This also means that Users cannot have its own Group Policy, whereas OUs can.

Meanwhile, back to the main goal, creating a top level OU with VBscript.

Instructions

1. Important: Which OU will create?  My script will generate OU=AGuyOU.  If you prefer a different OU name, then change line 17 in your script.
2. Copy and paste the script below into notepad.
3. Save the file with .vbs extension e.g. AGuyOU.vbs.
4. Double click and examine the message boxes.
5. Open Up your Active Directory Users and Computers and inspect the OUs.

Learning Points – Binding to Active Directory

Building on this theme of mastering VBScript commands, I would like to draw your attention to two sections of the script.

Note 1: GetObject() retrieves data, later in the full script we will make the OU with the sister command CreateObject()

Note 2: The ‘Set’ Command points the objRoot variable to the base of the LDAP name.  Think of rootDSE as tunnelling down into the heart of Active Directory and returning with information.  In this instance, naming information.

Note 3: From my point of view DefaultNamingContext is a wonderful command because I do not have to know your domain, the script retrieves the distinguished name automatically, for example dc=cp, dc=com. (DC = Domain Context, not Domain Controller).  The alternative would be to ‘hard code’ my domain name, then ask you to search and replace with your domain.  What a waste of time when I can use DefaultNamingContext.

Note 4: Set ObjDomain could be done with one line instead of two

Learning Points – Creating the actual OU

Here is the section which creates then saves the new OU.

Note 1: Guy loves variables, so here is the variable which holds the OU name:  strOUContainer ="OU=AGuyOU"

Note 2: Spot the use of Set, as in Set objOU.

Note 3: What the script is saying is this, start with the domain (objDomain), now create a new OU (Not a user or a computer).  And then the script extracts the name of the new OU from the strOUContainer variable.

Note 4: Another member of the Set family is .SetInfo.  Take special note of .SetInfo because overlooking this command can mean that the script runs silently without error, but nothing actually gets created.

As ever Tools4Ever provide the solution to network puzzles Tools4Ever

Example 2 – Create a child OU

Assumption: you have already made a parent or top level OU as described in Example1.

Creating a child OU is simple but there is a trap. Which of these two sequences should you use?

strOUContainer = parent, child.    or strContainer = child, parent? 

Assuming the parent is called AGuyOU, Here is the answer:
strOUContainer="OU=Child, OU=AGuyOU"

Tip: When scripting OUs pay particular attention to the placement of commas.  To create a child OU we just need one comma in the string variable.  (In other cases, but not here, we need two commas.)

Challenge 1 – Create a child OU

Alter this line  strOUContainer = "OU=AGuyOU"   to

strOUContainer="OU=Child, OU=AGuyOU"

Challenge 2 – Adding error correcting code

If you would like to anticipate the situation where the OU has already been created, then add the following section after line 23: objOU.SetInfo.  Incidentally, it makes use of the Sub ()… End Sub.. routine.

Note 1: Adding error correcting code is a good habit to adopt.

See an update for Creating OU here, includes Error Correcting Code.

Summary Creating an OU

It is surprising how often you need an OU.  For example, testing Group Policies, testing Logon Scripts.  There again, perhaps you just want a new OU for your accounts in Active Directory Users and Computers.  

My script will build your Active Directory Organizational Unit.  All you need to do is adjust the variable:
strOUContainer = "OU = AGuyOU".  If you have the time, then go through the script searching for all the script commands.  Should there be any verbs that you do not understand, do refer to the learning points.

See More Active Directory VBScripts featuring Active Directory

• Create Users  •PB 55 CSVDE  • Ezine 56 OU  • Ezine 123 Ad Tree  •Ezine 124 Ad Tree  •IPAM 3 Review

• Ezine 23 enable accounts  •UserAccountControl Values  •Ezine 27 Move Computers  • Ezine 42 LDAP

• Ezine 44 CSVDE  • Ezines  • PowerShell Add Computer  • LDAP Properties  • Free CSVDE Importer