Shazam! Instant AD DS Lab
Slowhand
Mod Posts: 5,161 Mod
In the last few weeks I've set up, destroyed, and once again set up my lab of VMs for my 70-648 studies at least five times, possibly more. Each time, it's either due to increasing complexity in my GPO dabbling that I need to just undo and start fresh, or I simply bork the VMs and need to set up a new lab. (Backups be damned. )
Every time I set up a Windows Server 2008 R2 lab, I don't mind installing roles and features, but I find creating some dummy users and groups, as well as OUs to put them in outright tedious. So, to that end, I finally sat down for a few hours earlier today and banged out a PowerShell script that builds a dummy organizational structure in AD once you've run your dcpromo and are ready to get labbing. Hopefully this'll ease the minds of people, (like me,) that give a labored sigh when you read the dreaded, "have at least x number of users in y number of groups" requirement for the end-of-chapter lab in your MS Press books.
Without further ado, I share my little script with all of you. Enjoy, tinker with it, adapt and modify anything you need. It's been tested on Windows Server 2008 R2, but should work on anything 2003 or better as long as you've got AD, PowerShell 2.0 and the Active Directory Management Gateway Service installed:
* UPDATE *
I realized that I should, perhaps, explain what the script does under the hood:
Every time I set up a Windows Server 2008 R2 lab, I don't mind installing roles and features, but I find creating some dummy users and groups, as well as OUs to put them in outright tedious. So, to that end, I finally sat down for a few hours earlier today and banged out a PowerShell script that builds a dummy organizational structure in AD once you've run your dcpromo and are ready to get labbing. Hopefully this'll ease the minds of people, (like me,) that give a labored sigh when you read the dreaded, "have at least x number of users in y number of groups" requirement for the end-of-chapter lab in your MS Press books.
Without further ado, I share my little script with all of you. Enjoy, tinker with it, adapt and modify anything you need. It's been tested on Windows Server 2008 R2, but should work on anything 2003 or better as long as you've got AD, PowerShell 2.0 and the Active Directory Management Gateway Service installed:
[FONT=Verdana]# Written By: Slowhand[/FONT] [FONT=Verdana]# Date: August 10th, 2012[/FONT] [FONT=Verdana]# Purpose: Automatically creating test users, groups, and OUs for a study-lab[/FONT] [FONT=Verdana]# Intended for use with a fresh install of AD DS for lab-purposes only[/FONT] [FONT=Verdana]# [/FONT] [FONT=Verdana]# [Please Note][/FONT] [FONT=Verdana]# Users, groups, and department-OUs will not be created a second time, [/FONT] [FONT=Verdana]# even if you give the organization OU a different name[/FONT] [FONT=Verdana]#[/FONT] [FONT=Verdana]# To successfully re-run the script, [/FONT] [FONT=Verdana]# delete the original organizational OU from the first run-through [/FONT] [FONT=Verdana]#[/FONT] [FONT=Verdana]# This script is provided 'as-is', please use at your own risk[/FONT] [FONT=Verdana]Import-Module ActiveDirectory[/FONT] [FONT=Verdana]if (!(Get-Module ActiveDirectory)) {[/FONT] [FONT=Verdana] Write-Host "An Active Directory domain is required before this script can be run"[/FONT] [FONT=Verdana] Write-Host " "[/FONT] [FONT=Verdana]} else {[/FONT] [FONT=Verdana] # User-defined values[/FONT] [FONT=Verdana] do {[/FONT] [FONT=Verdana] Write-Host "Enter the name of your CSV file, (e.g., C:\Scripts\users.csv)"[/FONT] [FONT=Verdana] [string]$csvpath = Read-Host "CSV file"[/FONT] [FONT=Verdana] } while (!(Get-Item $csvpath)) [/FONT] [FONT=Verdana] Write-Host " "[/FONT] [FONT=Verdana] Write-Host "Please enter the name of lab (e.g., Contoso, ACME, Testlab)"[/FONT] [FONT=Verdana] [string]$organization = Read-Host "Lab name"[/FONT] [FONT=Verdana] Write-Host " "[/FONT] [FONT=Verdana] Write-Host "Please enter a complex default user password, or users will be disabled upon creation"[/FONT] [FONT=Verdana] [string]$password = Read-Host "Default user password"[/FONT] [FONT=Verdana] # Password not stored securely at this point for lab-purposes only[/FONT] [FONT=Verdana] # Importing a list of users from a csv file[/FONT] [FONT=Verdana] # (The necessary columns for this script are givenName, surname, and department)[/FONT] [FONT=Verdana] $users = Import-Csv -Path $csvpath[/FONT] [FONT=Verdana] Write-Host " "[/FONT] [FONT=Verdana] Write-Host " "[/FONT] [FONT=Verdana] Write-Host "CREATING TEST-LAB ENVIRONMENT, PLEASE STAND BY"[/FONT] [FONT=Verdana] Write-Host "=============================================="[/FONT] [FONT=Verdana] Write-Host " "[/FONT] [FONT=Verdana] Write-Host " "[/FONT] [FONT=Verdana] # Creating an OU to hold our organization[/FONT] [FONT=Verdana] if (!(Get-ADOrganizationalUnit -LDAPFilter "(OU=$organization)")) {[/FONT] [FONT=Verdana] # Pull the distinguished name of the domain, as an LDAP query[/FONT] [FONT=Verdana] $distname = (Get-ADDomain).DistinguishedName[/FONT] [FONT=Verdana] Write-Host "Creating a company OU called $organization"[/FONT] [FONT=Verdana] New-ADOrganizationalUnit -Name $organization -Path "$distname" -ProtectedFromAccidentalDeletion $true[/FONT] [FONT=Verdana] $path = "OU=$organization,$distname"[/FONT] [FONT=Verdana] # Some basic OUs to simulate a test company[/FONT] [FONT=Verdana] $OUs = "Departments","Users","Computers","Workstations","Servers"[/FONT] [FONT=Verdana] Write-Host " "[/FONT] [FONT=Verdana] Write-Host "CREATING ORGANIZATIONAL UNITS"[/FONT] [FONT=Verdana] Write-Host "-----------------------------"[/FONT] [FONT=Verdana] foreach ($OU in $OUs) {[/FONT] [FONT=Verdana] if (!(Get-ADOrganizationalUnit -LDAPFilter "(OU=Computers)")) {[/FONT] [FONT=Verdana] Write-Host "Creating an OU called $OU in $path"[/FONT] [FONT=Verdana] Write-Host " "[/FONT] [FONT=Verdana] New-ADOrganizationalUnit -Name $OU -Path "$path" -ProtectedFromAccidentalDeletion $true[/FONT] [FONT=Verdana] } else {[/FONT] [FONT=Verdana] Write-Host "Creating an OU called $OU in OU=Computers,$path"[/FONT] [FONT=Verdana] Write-Host " "[/FONT] [FONT=Verdana] New-ADOrganizationalUnit -Name $OU -Path "OU=Computers,$path" -ProtectedFromAccidentalDeletion $true[/FONT] [FONT=Verdana] }[/FONT] [FONT=Verdana] }[/FONT] [FONT=Verdana] Write-Host " "[/FONT] [FONT=Verdana] Write-Host " "[/FONT] [FONT=Verdana] # Creating individual OUs and groups for each department for GPO purposes[/FONT] [FONT=Verdana] Write-Host "CREATING GROUPS"[/FONT] [FONT=Verdana] Write-Host "---------------"[/FONT] [FONT=Verdana] foreach ($user in $users) {[/FONT] [FONT=Verdana] $department = $user.department[/FONT] [FONT=Verdana] # Checking for duplicates in the 'departments' column of the CSV file[/FONT] [FONT=Verdana] if (!(Get-ADOrganizationalUnit -LDAPFilter "(OU=$department)")) {[/FONT] [FONT=Verdana] Write-Host "Creating an OU for the $department department"[/FONT] [FONT=Verdana] New-ADOrganizationalUnit -Name $department -Path "OU=Departments,$path" -ProtectedFromAccidentalDeletion $true[/FONT] [FONT=Verdana] Write-Host "Creating a group for the $department department"[/FONT] [FONT=Verdana] Write-Host " "[/FONT] [FONT=Verdana] New-ADGroup -Name $department -SamAccountName $department -GroupCategory Security -GroupScope Global -DisplayName $department -Path "OU=$department,OU=Departments,$path"[/FONT] [FONT=Verdana] }[/FONT] [FONT=Verdana] }[/FONT] [FONT=Verdana] Write-Host " "[/FONT] [FONT=Verdana] Write-Host " "[/FONT] [FONT=Verdana] $userpath = "OU=Users,$path"[/FONT] [FONT=Verdana] Write-Host "CREATING USERS"[/FONT] [FONT=Verdana] Write-Host "--------------"[/FONT] [FONT=Verdana] # Create users based on a given name, surname, and department[/FONT] [FONT=Verdana] foreach ($user in $users) {[/FONT] [FONT=Verdana] $first = $user.givenName[/FONT] [FONT=Verdana] $last = $user.surname[/FONT] [FONT=Verdana] $department = $user.department[/FONT] [FONT=Verdana] $domain = (Get-ADDomain).DNSRoot[/FONT] [FONT=Verdana] $name = $first + " " + $last[/FONT] [FONT=Verdana] $logon = $first + "." + $last[/FONT] [FONT=Verdana] $userprincipalname = $logon + "@" + $domain[/FONT] [FONT=Verdana] # Actual creation of users in User folder[/FONT] [FONT=Verdana] if (!(Get-ADUser -LDAPFilter "(sAMAccountName=$logon)")) {[/FONT] [FONT=Verdana] Write-Host "Creating an account for $name"[/FONT] [FONT=Verdana] New-ADUser -Name $name -SamAccountName $logon -GivenName $first -Surname $last -DisplayName $name -Department $department -PasswordNeverExpires $true -Enabled $true -AccountPassword(ConvertTo-SecureString $password -AsPlainText -force) -UserPrincipalName $userprincipalname -Path "$userpath"[/FONT] [FONT=Verdana] Write-Host "Adding user $name to the $department group"[/FONT] [FONT=Verdana] Write-Host " "[/FONT] [FONT=Verdana] # Add user to groups based on department[/FONT] [FONT=Verdana] Add-ADGroupMember $department $logon[/FONT] [FONT=Verdana] } else {[/FONT] [FONT=Verdana] Write-Host "The user $name already exists, moving on to the next one"[/FONT] [FONT=Verdana] Write-Host " "[/FONT] [FONT=Verdana] }[/FONT] [FONT=Verdana] }[/FONT] [FONT=Verdana] Write-Host " "[/FONT] [FONT=Verdana] Write-Host "The default user password is $password"[/FONT] [FONT=Verdana] Write-Host "It does not need to be changed at logon, nor does it expire"[/FONT] [FONT=Verdana] Write-Host " "[/FONT] [FONT=Verdana] Write-Host "============================================"[/FONT] [FONT=Verdana] Write-Host "FINISHED! ENJOY YOUR LAB AND HAVE A NICE DAY"[/FONT] [FONT=Verdana] Write-Host " "[/FONT] [FONT=Verdana] Write-Host " "[/FONT] [FONT=Verdana] } else {[/FONT] [FONT=Verdana] Write-Host "The OU named $organization already exists"[/FONT] [FONT=Verdana] Write-Host " "[/FONT] [FONT=Verdana] Write-Host "==============================="[/FONT] [FONT=Verdana] Write-Host "ABORTING SETUP, HAVE A NICE DAY"[/FONT] [FONT=Verdana] Write-Host " "[/FONT] [FONT=Verdana] Write-Host " "[/FONT] [FONT=Verdana] }[/FONT] [FONT=Verdana]}[/FONT]You're also going to need a 'users.csv' file to import some users with. The only columns necessary are givenName, surname, and department:
[FONT=Verdana]givenName,surname,department[/FONT] [FONT=Verdana]Tony,Stark,Research[/FONT] [FONT=Verdana]Pepper,Potts,Executives[/FONT] [FONT=Verdana]Phil,Coulson,Security[/FONT] [FONT=Verdana]Nick,Fury,HR[/FONT] [FONT=Verdana]Bruce,Banner,Research[/FONT] [FONT=Verdana]Steve,Rogers,Security[/FONT] [FONT=Verdana]Reed,Richards,Research[/FONT] [FONT=Verdana]Johnny,Storm,Security[/FONT] [FONT=Verdana]Susan,Richards,Research[/FONT] [FONT=Verdana]Ben,Grimm,Security[/FONT] [FONT=Verdana]Peter,Parker,IT[/FONT] [FONT=Verdana]Charles,Xavier,Executives[/FONT] [FONT=Verdana]Scott,Summers,Security[/FONT] [FONT=Verdana]Jean,Gray,HR[/FONT]If you're feeling lazy, (once again, like me,) I also zipped up the script and the csv files for anyone that wants to download them: instantLab.zip
* UPDATE *
I realized that I should, perhaps, explain what the script does under the hood:
- Asks the user for a csv file, organization name, and a default user password
- Creates an organizational OU to contain all the users, groups, and other OUs
- Creates groups based on the 'departments' column in the csv file, skipping any duplicates and places them in their corresponding department OUs in order to apply custom GPOs
- This means you can put as many departments you like in the file
- Pulls the domain name and the distinguished name (DN) from Active Directory, using this information to query for any duplicates when creating OUs, groups, and user accounts
- Creates users based on first and last name, creating a display name, sAMAccount ID, surname, given name, and principal account name; each user is also placed into their appropriate groups, based on the department column in the csv file
Free Microsoft Training: Microsoft Learn
Free PowerShell Resources: Top PowerShell Blogs
Free DevOps/Azure Resources: Visual Studio Dev Essentials
Let it never be said that I didn't do the very least I could do.
Comments
-
Slowhand Mod Posts: 5,161 ModMy pleasure. I always like to share my insanity with the board whenever possible.
Free Microsoft Training: Microsoft Learn
Free PowerShell Resources: Top PowerShell Blogs
Free DevOps/Azure Resources: Visual Studio Dev Essentials
Let it never be said that I didn't do the very least I could do. -
pumbaa_g Member Posts: 353Nice work mate! is it me or the names sound familiar to the FF Comic Book characters used by James Conrad for his AD series[h=1]“An expert is one who knows more and more about less and less until he knows absolutely everything about nothing.” [/h]
-
Slowhand Mod Posts: 5,161 ModHeh, it's not just you. I read a lot of comic books growing up, and the recent movies haven't done anything at all to make the kid in me go away.
Free Microsoft Training: Microsoft Learn
Free PowerShell Resources: Top PowerShell Blogs
Free DevOps/Azure Resources: Visual Studio Dev Essentials
Let it never be said that I didn't do the very least I could do. -
jibbajabba Member Posts: 4,317 ■■■■■■■■□□Nice work - You also have somtimes sample scripts on Trainsignal DVDs - If I remember correctly, on the Exchange one is a script which adds 100s of dummy mailboxes etc.My own knowledge base made public: http://open902.com
-
Slowhand Mod Posts: 5,161 ModThe positive feedback is always encouraging, it's nice to know I'm not completely full of it.
I haven't actually checked out the TrainSignal videos yet, I may just have to do that. So far, I've been following Don Jones' blog, sniffing out online examples and resources, as well as poking through the CBT Nuggets On the Job Training series for PowerShell.
Free Microsoft Training: Microsoft Learn
Free PowerShell Resources: Top PowerShell Blogs
Free DevOps/Azure Resources: Visual Studio Dev Essentials
Let it never be said that I didn't do the very least I could do. -
pumbaa_g Member Posts: 353For Powershell try the book "Powershell in a month of lunches", lovely book and a breeze to go through. I actually started reading that as I was interested in an alternative to batch scripting. Kind of started me off on Powershell ever since![h=1]“An expert is one who knows more and more about less and less until he knows absolutely everything about nothing.” [/h]
-
Lunchbocks Member Posts: 319 ■■■■□□□□□□Dude, you rock! Thank you very much for this. I have a VMware server that I am using, and I'm also building up and then deleting the servers to start over. I am doing it out of replication rather than breaking the servers, because the more I do it, the more ingrained it becomes. This will definitely speed up the user account creation part so that I can spend more time labbing the topic, rather than adding users.
Thanks again!Degree: Liberty University - B.S Computer Science (In Progress)
Current Certs: CCENT | MCTS | Network+
Currently Working On: Security+2020 Goals: CCNA, CCNP Security, Linux+ -
Everyone Member Posts: 1,661Nice work. I wish I could show you the "Unfolding Lab". You'd seriously wet your pants if you saw it.
-
Keener Member Posts: 146 ■■■■□□□□□□Sweet! I will be putting these to good use real soon!Pain is only temporary. No matter how bad it gets, it always ends!
-
whatthehell Member Posts: 920Thanks and great work! +1! Will use sometime in the future for sure!2017 Goals:
[ ] Security + [ ] 74-409 [ ] CEH
Future Goals:
TBD