If you’re anything like me while you study for certification tests, you break your lab on a weekly basis. And, while setting up services or features of Windows Server 2008 R2 isn’t all that bad, creating new dummy users, groups, and OUs for lab-practice gets a little annoying and tedious. After having re-created my test lab five times in as many weeks, I decided to take a few hours in order to script the process so I could start fresh with new lab-machines every time I really, REALLY break something and have to start over.
I suppose I could back up my configuration, but sometimes I just want a brand-new domain to play with. . . especially while I’m studying for my 70-648 exam and I keep creating convoluted GPOs that don’t always have the intended effect and I need to go back to something cleaner.
So, without further ado, here is the script – easily copied and pasted into a .ps1 file – for anyone else that hates sitting down and clicking through user and group-creation every time they need a new test-organization after getting that crisp, clean domain up and running.
Install your server, run dcpromo.exe, run this script, and voila: an instant lab to break play with. This script has been tested in a Windows Server 2008 R2 domain, but should run just fine as long as you’re running at least Windows Server 2003, PowerShell 2.0, and have the Active Directory Management Gateway Service installed:
# Written By: Slowhand
# Date: August 10th, 2012
# Purpose: Automatically creating test users, groups, and OUs for a study-lab
# Intended for use with a fresh install of AD DS for lab-purposes only
#
# [Please Note]
# Users, groups, and department-OUs will not be created a second time,
# even if you give the organization OU a different name
#
# To successfully re-run the script,
# delete the original organizational OU from the first run-through
#
# This script is provided ‘as-is’, please use at your own risk
Import-Module ActiveDirectory
if (!(Get-Module ActiveDirectory)) {
Write-Host “An Active Directory domain is required before this script can be run”
Write-Host ” “
} else {# User-defined values
do {
Write-Host “Enter the name of your CSV file, (e.g., C:\Scripts\users.csv)”
[string]$csvpath = Read-Host “CSV file”
} while (!(Get-Item $csvpath))Write-Host ” “
Write-Host “Please enter the name of lab (e.g., Contoso, ACME, Testlab)”
[string]$organization = Read-Host “Lab name”Write-Host ” “
Write-Host “Please enter a complex default user password, or users will be disabled upon creation”
[string]$password = Read-Host “Default user password”
# Password not stored securely at this point for lab-purposes only# Importing a list of users from a csv file
# (The necessary columns for this script are givenName, surname, and department)
$users = Import-Csv -Path $csvpathWrite-Host ” “
Write-Host ” “
Write-Host “CREATING TEST-LAB ENVIRONMENT, PLEASE STAND BY”
Write-Host “==============================================”
Write-Host ” “
Write-Host ” “
# Creating an OU to hold our organization
if (!(Get-ADOrganizationalUnit -LDAPFilter “(OU=$organization)”)) {
# Pull the distinguished name of the domain, as an LDAP query
$distname = (Get-ADDomain).DistinguishedNameWrite-Host “Creating a company OU called $organization”
New-ADOrganizationalUnit -Name $organization -Path “$distname” -ProtectedFromAccidentalDeletion $true$path = “OU=$organization,$distname”
# Some basic OUs to simulate a test company
$OUs = “Departments”,”Users”,”Computers”,”Workstations”,”Servers”Write-Host ” “
Write-Host “CREATING ORGANIZATIONAL UNITS”
Write-Host “—————————–”
foreach ($OU in $OUs) {if (!(Get-ADOrganizationalUnit -LDAPFilter “(OU=Computers)”)) {
Write-Host “Creating an OU called $OU in $path”
Write-Host ” “New-ADOrganizationalUnit -Name $OU -Path “$path” -ProtectedFromAccidentalDeletion $true
} else {
Write-Host “Creating an OU called $OU in OU=Computers,$path”
Write-Host ” “New-ADOrganizationalUnit -Name $OU -Path “OU=Computers,$path” -ProtectedFromAccidentalDeletion $true
}
}Write-Host ” “
Write-Host ” “# Creating individual OUs and groups for each department for GPO purposes
Write-Host “CREATING GROUPS”
Write-Host “—————”foreach ($user in $users) {
$department = $user.department# Checking for duplicates in the ‘departments’ column of the CSV file
if (!(Get-ADOrganizationalUnit -LDAPFilter “(OU=$department)”)) {
Write-Host “Creating an OU for the $department department”
New-ADOrganizationalUnit -Name $department -Path “OU=Departments,$path” -ProtectedFromAccidentalDeletion $trueWrite-Host “Creating a group for the $department department”
Write-Host ” “
New-ADGroup -Name $department -SamAccountName $department -GroupCategory Security -GroupScope Global -DisplayName $department -Path “OU=$department,OU=Departments,$path”
}
}Write-Host ” “
Write-Host ” “$userpath = “OU=Users,$path”
Write-Host “CREATING USERS”
Write-Host “————–”# Create users based on a given name, surname, and department
foreach ($user in $users) {$first = $user.givenName
$last = $user.surname
$department = $user.department
$domain = (Get-ADDomain).DNSRoot
$name = $first + ” ” + $last
$logon = $first + “.” + $last
$userprincipalname = $logon + “@” + $domain# Actual creation of users in User folder
if (!(Get-ADUser -LDAPFilter “(sAMAccountName=$logon)”)) {
Write-Host “Creating an account for $name”
New-ADUser -Name $name -SamAccountName $logon -GivenName $first -Surname $last -DisplayName $name -Department $department -PasswordNeverExpires $true -Enabled $true -AccountPassword(ConvertTo-SecureString $password -AsPlainText -force) -UserPrincipalName $userprincipalname -Path “$userpath”Write-Host “Adding user $name to the $department group”
Write-Host ” “# Add user to groups based on department
Add-ADGroupMember $department $logon
} else {
Write-Host “The user $name already exists, moving on to the next one”
Write-Host ” “
}
}Write-Host ” “
Write-Host “The default user password is $password”
Write-Host “It does not need to be changed at logon, nor does it expire”
Write-Host ” “
Write-Host “============================================”
Write-Host “FINISHED! ENJOY YOUR LAB AND HAVE A NICE DAY”
Write-Host ” “
Write-Host ” “
} else {
Write-Host “The OU named $organization already exists”
Write-Host ” “
Write-Host “===============================”
Write-Host “ABORTING SETUP, HAVE A NICE DAY”
Write-Host ” “
Write-Host ” “
}
}
The only other thing that’s required for this script to run is a .csv file with three columns: givenName, surname, and department in order to create the users and groups properly. The following sample can be copied and pasted into Notepad and saved as ‘users.csv’, for example:
givenName,surname,department
Tony,Stark,Research
Pepper,Potts,Executives
Phil,Coulson,Security
Nick,Fury,HR
Bruce,Banner,Research
Steve,Rogers,Security
Reed,Richards,Research
Johnny,Storm,Security
Susan,Richards,Research
Ben,Grimm,Security
Peter,Parker,Research
Charles,Xavier,Executives
Scott,Summers,Security
Jean,Gray,HR
Here’s a download link to the script and the csv file for download: instantScript.zip
