Build Lab (v1 w/out Quest Tools)
This script worked for me… just took a few days 
To Recap. This does the following. In my final revision I am removing the last two steps… it TAKES FOREVER!!! and its not the useful.
# A TestOU OU
# A TestComputers OU
# A TestUsers OU
# A TestGroups OU
# 10K OU’s Under TestOU
## Each of the 10k OUs will have 4 Child OUs
### Each OU should have 5 users Accounts and 5 Machines Accounts
# Create 500 Group Policies.
# Link 100 policies on the 10k Base OUs
# Create 2000 Users in the TestUser OU
# Create 2000 Computers in the TestComputer OU
# Find all the Users
# Create 2K Groups
## Add Even Numbered Users to Even Groups
## Add Odd Numbered Users to Odd Groups
Param($Name,$OU,$DC)
# Get Root Path for OU
if($dc -and $ou){$root = "LDAP://$dc/$ou"}
if($dc -and !$ou){$root = "LDAP://{0}" -f $dc,(([ADSI]"LDAP://$dc/rootDSE").DefaultNamingContext)}
if(!$dc -and $ou){$root = "LDAP://$OU"}
if(!$dc -and !$ou){$root = "LDAP://{0}" -f (([ADSI]"LDAP://rootDSE").DefaultNamingContext)}
#Write-Host ("Creating OU [{0}] Using Path [{1}]" -f $Name,$Root)
# Creating Account in OU
$BaseOU = [ADSI]"$root"
$NewOU = $BaseOU.Create("organizationalUnit","OU=$Name")
$NewOU.Setinfo()
$NewOU.distinguishedName
}
function New-ADUSer{
Param($user,$password="P@ssw0rd",$dc,$ou)
# Get Root Path for OU
if($dc -and $ou){$root = "LDAP://$dc/$ou"}
if($dc -and !$ou)
{$root = "LDAP://{0}/CN=Users,{1}" -f $dc,(([ADSI]"LDAP://$dc/rootDSE").DefaultNamingContext)}
if(!$dc -and $ou)
{$root = "LDAP://$OU"}
if(!$dc -and !$ou)
{$root = "LDAP://CN=Users,{0}" -f (([ADSI]"LDAP://rootDSE").DefaultNamingContext)}
#Write-Host ("Creating user [{0}] Using Path [{1}]" -f $user,$Root)
# Creating Account in OU
$UserOU = [ADSI]"$root"
$userObj = $UserOU.Create("User","CN=$user")
# Set samAccountName
$userObj.put("samAccountName","$user")
$userObj.Setinfo()
# Set Password
$userObj.psbase.invoke("setpassword",$password)
$userObj.Setinfo()
# Enable Account
$userObj.psbase.invokeset(‘accountdisabled’, $false)
$userObj.Setinfo()
$userObj.distinguishedName
}
function New-ADComputer{
Param($Name,$OU,$DC)
# Get Root Path for OU
if($dc -and $ou){$root = "LDAP://$dc/$ou"}
if($dc -and !$ou)
{$root = "LDAP://{0}/CN=Users,{1}" -f $dc,(([ADSI]"LDAP://$dc/rootDSE").DefaultNamingContext)}
if(!$dc -and $ou)
{$root = "LDAP://$OU"}
if(!$dc -and !$ou)
{$root = "LDAP://CN=Computers,{0}" -f (([ADSI]"LDAP://rootDSE").DefaultNamingContext)}
#Write-Host ("Creating user [{0}] Using Path [{1}]" -f $user,$Root)
# Creating Account in OU
$CompOU = [ADSI]"$root"
$CompObj = $CompOU.Create("Computer","CN=$Name")
# Set samAccountName
$CompObj.put("samAccountName","$Name`$")
$CompObj.Setinfo()
# Enable Account
$CompObj.psbase.invokeset(‘accountdisabled’, $false)
$CompObj.Setinfo()
$CompObj.distinguishedName
}
function New-ADGroup{
Param($OU,$Grp,$dc)
Write-Host " + Creating Group [$Grp] in OU [$OU]"
# Get Root Path of OU
if($dc){$GroupOU = [ADSI]"LDAP://$dc/$ou"}
else{$GroupOU = [ADSI]"LDAP://$ou"}
# Create Group
$GroupObj = $GroupOU.Create("Group","CN=$Grp")
$Groupobj.SetInfo()
$Groupobj.distinguishedName
}
function Add-UsertoGroup{
Param($User,$Grp,$DC)
if($DC){$myGroup = [ADSI]"LDAP://$DC/$Grp"}
else{$myGroup = [ADSI]"LDAP://$Grp"}
#Write-Host " - Processing User [$User] in Group [$Grp]"
$myGroup.Add("LDAP://$user")
$myGroup.SetInfo()
}
#A TestOU OU
Write-Host " + Creating TestOU"
$TestOU = New-ADOU -name TestOU
#A TestComputers OU
Write-Host " + Creating TestComputers OU"
$TestComp = New-ADOU -name TestComputers
#A TestUsers OU
Write-Host " + Creating TestUsers OU"
$TestUsers = New-ADOU -name TestUsers
#A TestGroups OU
Write-Host " + Creating TestGroups OU"
$TestGroups = New-ADOU -name TestGroups
#10K OU’s Under TestOU
foreach($n in 1..10000)
{
Write-Host " + Creating Level1 OU [Level1OU$N]"
$Level1 = New-ADOU -name "Level1OU$N" -ou $TestOU
# Each of the 10k OUs will have 4 Child OUs
foreach($i in 1..4)
{
Write-Host " + Creating Level2 OU [Level2OU$i]"
$Level2 = New-ADOU -name "Level2OU$i" -ou $Level1
#Each OU should have 5 users Accounts and 5 Machines Accounts
foreach($x in 1..5)
{
Write-Host " - Creating User [Lvl2User$n$i$x] in [$Level2]"
New-ADUSer -user "Lvl2User$n$i$x" -OU $Level2 | out-Null
Write-Host " - Creating Computer [Lvl2Comp$n$i$x] in [$Level2]"
New-ADComputer -name "Lvl2Comp$n$i$x" -OU $Level2 | out-Null
}
}
}
#Create 500 Group Policies.
1..500 | %{New-SDMgpo "TestGPO$_"}
#Link 100 policies on the 10k Base OUs
1..100 | %{Add-SDMgplink -name "TestGPO$_" -Scope "OU=Level1OU$_,$TestOU" -Location -1}
#Create 2000 Users in the TestUser OU
1..2000 | %{New-ADUSer -user "TestUser$_" -OU $TestUsers}
#Create 2000 Computers in the TestComputer OU
1..2000 | %{New-ADComputer -user "TestComputer$_" -OU $TestComputers}
# Find all the Users
$props = @("sAMAccountName","distinguishedName")
$ds = new-Object System.DirectoryServices.DirectorySearcher([ADSI]"","(objectcategory=user)",$props)
$ds.pagesize = 100
$users = $ds.Findall()
$eUsers = $users | ?{ $_.properties.item("sAMAccountName") -match ‘(2|4|6|8|0)$’ } | `
select-Object @{n="Name";e={$_.properties.item("distinguishedName")}}
$oUsers = $users | ?{ $_.properties.item("sAMAccountName") -match ‘(1|3|5|7|9)$’ } | `
Select-Object @{n="Name";e={$_.properties.item("distinguishedName")}}
#Create 2K Groups
foreach($i in 1..2000)
{
$NewGrp = New-ADGroup -Grp "TestGrp$i" -OU $TestGroups
if($i%2 -eq 0)
{
Write-Host " + Adding Even Users to Group [$NewGrp]"
$eUsers | Select-Object | %{ Add-UsertoGroup -user $_.name -Grp $NewGrp }
}
else
{
Write-Host " + Adding Odd Users to Group [$NewGrp]"
$oUsers | Select-Object |%{ Add-UsertoGroup -user $_.name -Grp $NewGrp }
}
}
tshell :: Mar.02.2008 :: Active Directory, HowTo, Powershell :: 1 Comment »
Why didn’t you use Quest Tools? Wouldn’t it cut this script in half?