Automate Creation of OU Structure
(Page 1 of 3 )
Automating certain processes saves administrators a ton of time. If you have ever struggled to maintain consistency in the Active Directory hierarchy, you have no doubt wished you could automate the process. This article explains how to create a standard hierarchy of organizational units for a domain. It is excerpted from
Windows Server Hacks written by Mitch Tullock (O'Reilly, 2004; ISBN: 0596006470).
Automate Creation of OU Structure
Here’s a snappy method for creating a standard hierarchy of organizational units (OUs) for a domain.
If you manage deployment of Active Directory in a medium-sized or large organization, you probably are spending a significant amount of time trying to maintain consistency in the Active Directory hierarchy. Even within a single domain, it typically makes sense to keep your organizational units (OUs) structured according to some agreed-upon rules. Regardless of whether your top-tier OU design is based on functional, business, geographic, or some other criteria, you will likely benefit from keeping the lower tiers arranged in the same fashion. This way, for example, you can formulate standard operating procedures that will apply across the entire organization. You can also attempt to automate some of the common administrative tasks, such as user, group, or computer account creation; script delegations and permission assignments; and group policy object management on the OU level.
One of the ways to make sure that the structure will remain consistent throughout Active Directory deployment is to script the OU-creation process. The script in this hack creates a sample OU hierarchy. The assumption is that the top-level OUs are created manually, while the lower layers are always the same. The structure follows Microsoft best practices and includes two second-tier OUs: Accounts and Resources. The Accounts OU is further divided into Users, ServiceAccounts, Groups, and Admins. Resources consists of Workstations and Servers. It is fairly easy to extend this structure (for example, you could create separate OUs for different server types, such as File, Print, or TerminalServices, beneath the Servers OU). The script performs some error checking to verify that the respective organizational units haven’t been created yet.
Next: The Code >>
More Windows Scripting Articles
More By O'Reilly Media
|
 This article is excerpted from Windows Server Hacks written by Mitch Tullock (O'Reilly, 2004; ISBN: 0596006470). Check it out at your favorite bookstore. Buy this book now.
|
|
