Posts RSS Comments RSS 117 Posts and 170 Comments till now

Build Lab w/ Quest AD CMDLets

Earlier I wrote a post about a script that I used to build my AD Lab Build Lab (v1 w/out Quest Tools) and I mentioned I
would post a Quest version. I had some time run it (took about 6hrs.) So without further ado:

Whats it do Again?
# Creates A TestOU OU
# Creates A TestComputers OU
# Creates A TestUsers OU
# Creates A TestGroups OU
# Creates 10K OU’s Under TestOU
## Each of the 10k OUs will have 4 Child OUs
### Each OU should have 5 users Accounts and 5 Machines Accounts
# Create 500 Group Policies.
# Link 100 policies on the 10k Base OUs
# Create 2000 Users in the TestUser OU
# Create 2000 Computers in the TestComputer OU
# Create 2K Groups

Note: Added Write-Progress for OU/User Creation

  1. # Adding Required Snapins
  2. Add-PSSnapin SDMSoftware.PowerShell.GPMC -ea 0
  3. Add-PSSnapin Quest.ActiveRoles.ADManagement -ea 0
  4.  
  5. $DomainDN = (([ADSI]"").distinguishedName[0])
  6. $DomainDNS = (([ADSI]"").distinguishedName[0]) -replace "DC=","" -replace ",","."
  7. $users = @()
  8.  
  9. # A TestOU OU
  10. $BaseOU = New-QADObject -Type OrganizationalUnit -ParentContainer $DomainDN  -Name TestOU
  11.  
  12. # A TestComputers OU
  13. $TestComps = New-QADObject -Type OrganizationalUnit -ParentContainer $DomainDN -Name TestComputers
  14.  
  15. # A TestUsers OU
  16. $TestUsers = New-QADObject -Type OrganizationalUnit -ParentContainer $DomainDN -Name TestUsers
  17.  
  18. # A TestGroups OU
  19. $TestGrps = New-QADObject -Type OrganizationalUnit -ParentContainer $DomainDN -Name TestGroups
  20.  
  21. # 10K OUs Under TestOU
  22. foreach($i in 1..10000)
  23. {
  24.     $lvl1Child = New-QADObject -Type OrganizationalUnit -ParentContainer $BaseOU.dn -Name "LvL1ChildOU$i"
  25.     Write-Progress "Creating OUs LvL1ChildOU$i" -status "Updating" -perc ($i/10000*100)
  26.     ## Each of the 10k OUs will have 4 Child OUs
  27.     foreach($x in 1..4)
  28.     {
  29.         $lvl2Child = New-QADObject -Type OrganizationalUnit -ParentContainer $lvl1Child.dn -Name "LvL2Child${i}${x}"
  30.         Write-Progress "Creating Child OUs LvL2Child${i}${x}" -status "Updating" -perc ($x/4*100) -id 1  
  31.         foreach($y in 1..5)
  32.         {
  33.             ## Each OU should have 5 users Accounts and 5 Machines Accounts
  34.             Write-Progress "Creating Child Users/Computers" -status "Updating" -perc ($y/5*100) -id 2
  35.             New-QADUser -ParentContainer $lvl2Child.dn -Name "usr${i}${x}${y}" -SamAccountName "usr${i}${x}${y}" -UserPrincipalName "usr${i}${x}${y}@$DomainDNS" -UserPass "!P@ssw0rd22!" | Out-Null
  36.             New-QADObject -ParentContainer $lvl2Child.dn -name "srv${i}${x}${y}" -objectAttributes @{"sAMAccountName"="srv${i}${x}${y}`$"} -type "Computer" | out-Null
  37.         }
  38.     }
  39. }
  40.  
  41. # Create 500 Group Policies.
  42. 1..500 | %{New-SDMgpo "TestGPO$_"}
  43.  
  44. # Link 100 policies on the 10k Base OUs
  45. 1..100 | %{Add-SDMgpLink -name "TestGPO$_" -scope "OU=LvL1ChildOU$i,$($BaseOU.DN)"}
  46.  
  47. # Create 2000 Users in the TestUser OU
  48. 1..2000 | %{New-QADUser -ParentContainer $TestUsers.dn -Name "Testusr$_" -SamAccountName "Testusr$_" -UserPrincipalName "Testusr$($_)@$DomainDNS" -UserPass "!P@ssw0rd22!"}
  49.  
  50. # Create 2000 Computers in the TestComputer OU
  51. 1..2000 | %{New-QADObject -ParentContainer $TestComps.dn -name "TestComp$($_)" -objectAttributes @{"sAMAccountName"="TestComp$($_)`$"}}
  52.  
  53. # Create 2K Groups
  54. 1..2000 | %{New-QADGroup -ParentContainer $TestGrps.dn -name "TestGrp$_" -sAMAccountName "TestGrp$_"}

tshell :: May.23.2008 :: All :: 1 Comment »

Build Lab (v1 w/out Quest Tools)

This script worked for me… just took a few days :)
To Recap. This does the following. In my final revision I am removing the last two steps… it TAKES FOREVER!!! and its not the useful.

# A TestOU OU
# A TestComputers OU
# A TestUsers OU
# A TestGroups OU
# 10K OU’s Under TestOU
## Each of the 10k OUs will have 4 Child OUs
### Each OU should have 5 users Accounts and 5 Machines Accounts
# Create 500 Group Policies.
# Link 100 policies on the 10k Base OUs
# Create 2000 Users in the TestUser OU
# Create 2000 Computers in the TestComputer OU
# Find all the Users
# Create 2K Groups
## Add Even Numbered Users to Even Groups
## Add Odd Numbered Users to Odd Groups

  1. function New-ADOU{
  2.     Param($Name,$OU,$DC)
  3.     # Get Root Path for OU
  4.     if($dc -and $ou){$root = "LDAP://$dc/$ou"}
  5.     if($dc -and !$ou){$root = "LDAP://{0}" -f $dc,(([ADSI]"LDAP://$dc/rootDSE").DefaultNamingContext)}
  6.     if(!$dc -and $ou){$root = "LDAP://$OU"}
  7.     if(!$dc -and !$ou){$root = "LDAP://{0}" -f (([ADSI]"LDAP://rootDSE").DefaultNamingContext)}
  8.  
  9.     #Write-Host ("Creating OU [{0}] Using Path [{1}]" -f $Name,$Root)
  10.  
  11.     # Creating Account in OU
  12.     $BaseOU = [ADSI]"$root"
  13.     $NewOU = $BaseOU.Create("organizationalUnit","OU=$Name")
  14.     $NewOU.Setinfo()
  15.     $NewOU.distinguishedName
  16. }
  17. function New-ADUSer{
  18.     Param($user,$password="P@ssw0rd",$dc,$ou)
  19.  
  20.     # Get Root Path for OU
  21.     if($dc -and $ou){$root = "LDAP://$dc/$ou"}
  22.     if($dc -and !$ou)
  23.     {$root = "LDAP://{0}/CN=Users,{1}" -f $dc,(([ADSI]"LDAP://$dc/rootDSE").DefaultNamingContext)}
  24.     if(!$dc -and $ou)
  25.     {$root = "LDAP://$OU"}
  26.     if(!$dc -and !$ou)
  27.     {$root = "LDAP://CN=Users,{0}" -f (([ADSI]"LDAP://rootDSE").DefaultNamingContext)}
  28.  
  29.     #Write-Host ("Creating user [{0}] Using Path [{1}]" -f $user,$Root)
  30.  
  31.     # Creating Account in OU
  32.     $UserOU = [ADSI]"$root"
  33.     $userObj = $UserOU.Create("User","CN=$user")
  34.  
  35.     # Set samAccountName
  36.     $userObj.put("samAccountName","$user")
  37.     $userObj.Setinfo()
  38.  
  39.     # Set Password
  40.     $userObj.psbase.invoke("setpassword",$password)
  41.     $userObj.Setinfo()
  42.  
  43.     # Enable Account
  44.     $userObj.psbase.invokeset(‘accountdisabled’, $false)
  45.     $userObj.Setinfo()
  46.     $userObj.distinguishedName
  47. }
  48. function New-ADComputer{
  49.     Param($Name,$OU,$DC)
  50.     # Get Root Path for OU
  51.     if($dc -and $ou){$root = "LDAP://$dc/$ou"}
  52.     if($dc -and !$ou)
  53.     {$root = "LDAP://{0}/CN=Users,{1}" -f $dc,(([ADSI]"LDAP://$dc/rootDSE").DefaultNamingContext)}
  54.     if(!$dc -and $ou)
  55.     {$root = "LDAP://$OU"}
  56.     if(!$dc -and !$ou)
  57.     {$root = "LDAP://CN=Computers,{0}" -f (([ADSI]"LDAP://rootDSE").DefaultNamingContext)}
  58.  
  59.     #Write-Host ("Creating user [{0}] Using Path [{1}]" -f $user,$Root)
  60.  
  61.     # Creating Account in OU
  62.     $CompOU = [ADSI]"$root"
  63.     $CompObj = $CompOU.Create("Computer","CN=$Name")
  64.  
  65.     # Set samAccountName
  66.     $CompObj.put("samAccountName","$Name`$")
  67.     $CompObj.Setinfo()
  68.  
  69.     # Enable Account
  70.     $CompObj.psbase.invokeset(‘accountdisabled’, $false)
  71.     $CompObj.Setinfo()
  72.     $CompObj.distinguishedName
  73. }
  74. function New-ADGroup{
  75.     Param($OU,$Grp,$dc)
  76.     Write-Host " + Creating Group [$Grp] in OU [$OU]"
  77.  
  78.     # Get Root Path of OU
  79.     if($dc){$GroupOU  = [ADSI]"LDAP://$dc/$ou"}
  80.     else{$GroupOU  = [ADSI]"LDAP://$ou"}
  81.  
  82.     # Create Group
  83.     $GroupObj = $GroupOU.Create("Group","CN=$Grp")
  84.     $Groupobj.SetInfo()
  85.     $Groupobj.distinguishedName
  86. }
  87. function Add-UsertoGroup{
  88.     Param($User,$Grp,$DC)
  89.     if($DC){$myGroup = [ADSI]"LDAP://$DC/$Grp"}
  90.     else{$myGroup = [ADSI]"LDAP://$Grp"}
  91.     #Write-Host "     - Processing User [$User] in Group [$Grp]"
  92.     $myGroup.Add("LDAP://$user")
  93.     $myGroup.SetInfo()
  94. }
  95.  
  96. #A TestOU OU
  97. Write-Host " + Creating TestOU"
  98. $TestOU = New-ADOU -name TestOU
  99.  
  100. #A TestComputers OU
  101. Write-Host " + Creating TestComputers OU"
  102. $TestComp = New-ADOU -name TestComputers
  103.  
  104. #A TestUsers OU
  105. Write-Host " + Creating TestUsers OU"
  106. $TestUsers = New-ADOU -name TestUsers
  107.  
  108. #A TestGroups OU
  109. Write-Host " + Creating TestGroups OU"
  110. $TestGroups = New-ADOU -name TestGroups
  111.  
  112. #10K OU’s Under TestOU
  113. foreach($n in 1..10000)
  114. {
  115.     Write-Host " + Creating Level1 OU [Level1OU$N]"
  116.     $Level1 = New-ADOU -name "Level1OU$N" -ou $TestOU
  117.     # Each of the 10k OUs will have 4 Child OUs
  118.     foreach($i in 1..4)
  119.     {
  120.         Write-Host "   + Creating Level2 OU [Level2OU$i]"
  121.         $Level2 = New-ADOU -name "Level2OU$i" -ou $Level1
  122.         #Each OU should have 5 users Accounts and 5 Machines Accounts
  123.         foreach($x in 1..5)
  124.         {
  125.             Write-Host "     - Creating User [Lvl2User$n$i$x] in [$Level2]"
  126.             New-ADUSer -user "Lvl2User$n$i$x" -OU $Level2 | out-Null
  127.             Write-Host "     - Creating Computer [Lvl2Comp$n$i$x] in [$Level2]"
  128.             New-ADComputer -name "Lvl2Comp$n$i$x" -OU $Level2 | out-Null
  129.         }
  130.     }
  131. }
  132.  
  133. #Create 500 Group Policies.
  134. 1..500 | %{New-SDMgpo "TestGPO$_"}
  135.  
  136. #Link 100 policies on the 10k Base OUs
  137. 1..100 | %{Add-SDMgplink -name "TestGPO$_" -Scope "OU=Level1OU$_,$TestOU" -Location -1}
  138.  
  139. #Create 2000 Users in the TestUser OU
  140. 1..2000 | %{New-ADUSer -user "TestUser$_" -OU $TestUsers}
  141.  
  142. #Create 2000 Computers in the TestComputer OU
  143. 1..2000 | %{New-ADComputer -user "TestComputer$_" -OU $TestComputers}
  144.  
  145. # Find all the Users
  146. $props = @("sAMAccountName","distinguishedName")
  147. $ds = new-Object System.DirectoryServices.DirectorySearcher([ADSI]"","(objectcategory=user)",$props)
  148. $ds.pagesize = 100
  149. $users = $ds.Findall()
  150. $eUsers = $users | ?{ $_.properties.item("sAMAccountName") -match ‘(2|4|6|8|0)$’ } | `
  151.               select-Object @{n="Name";e={$_.properties.item("distinguishedName")}}
  152. $oUsers = $users | ?{ $_.properties.item("sAMAccountName") -match ‘(1|3|5|7|9)$’ } | `
  153.               Select-Object @{n="Name";e={$_.properties.item("distinguishedName")}}
  154.  
  155. #Create 2K Groups
  156. foreach($i in 1..2000)
  157. {
  158.     $NewGrp = New-ADGroup -Grp "TestGrp$i" -OU $TestGroups
  159.     if($i%2 -eq 0)
  160.     {
  161.         Write-Host "   + Adding Even Users to Group [$NewGrp]"
  162.         $eUsers | Select-Object | %{ Add-UsertoGroup -user $_.name -Grp $NewGrp }
  163.     }
  164.     else
  165.     {
  166.         Write-Host "   + Adding Odd Users to Group [$NewGrp]"
  167.         $oUsers | Select-Object |%{ Add-UsertoGroup -user $_.name -Grp $NewGrp }
  168.     }
  169. }

tshell :: Mar.02.2008 :: Active Directory, HowTo, Powershell :: 1 Comment »

My Own Scripting Games!

I haven’t had time to participate in the 2008 and I have kinda missed out. But alas… a need has come through for me.

This is what I am looking for


I need to create a Test AD environment. I don’t need to mimic a specific production AD, but more like all of them :) I want an AD environment that has plenty of user/computer accounts and plenty of Groups. I also want a large number of OUs for testing Group Policy Scripts.
These need to be realistic numbers so here is the challenge I came up with (note, Quest tools are allowed!)


# A TestOU OU
# A TestComputers OU
# A TestUsers OU
# A TestGroups OU
# 10K OU’s Under TestOU
## Each of the 10k OUs will have 4 Child OUs
### Each OU should have 5 users Accounts and 5 Machines Accounts
# Create 500 Group Policies.
# Link 100 policies on the 10k Base OUs
# Create 2000 Users in the TestUser OU
# Create 2000 Computers in the TestComputer OU
# Find all the Users
# Create 2K Groups
## Add Even Numbered Users to Even Groups
## Add Odd Numbered Users to Odd Groups

I will post my solution as soon as I am done, but I would like other people’s thoughts so POST away!

tshell :: Feb.28.2008 :: Active Directory, All, Powershell, Scripting :: No Comments »

SpecOps and Group Policies… What a match!

Special Operations Software has created an Incredible marriage of Powershell and Group Policy. Please take some time to watch these Demos. AWESOME!

Specops Command done by Darren Mar-Elia:
http://www.specopssoft.com/powershell/specopscommand-sdm.wmv

Specops Deploy done by Derek Melber:
http://www.specopssoft.com/products/specopsdeploy/specops_deploy.wmv

tshell :: Feb.27.2008 :: HowTo, Powershell, Scripting, SpecOps :: No Comments »