Continuing on with the lab script discussion, here’s another that installs the ADDS role, role services and features, and then creates the OU’s, users, groups, and computer accounts.

UPDATED: 12/2/2015 @11:35 AM EST – Added Sites and Subnets features near the bottom.  I didn’t bother with exception handling, so if you want, feel free to sprinkle some try/catch/finally dust on this.

[begin stuff]

# ad-lab-setup.ps1
# 12.02.2015
# run this script on the first AD DC only
Import-Module ServerManager
Import-Module ActiveDirectory
$rootPath = ([ADSI]"LDAP://RootDSE").defaultNamingContext

$path = Split-Path -parent $MyInvocation.MyCommand.Definition 
$user_file = $path + "\users.csv"
$group_file = $path + "\groups.csv"
$member_file = $path + "\members.csv"
$org_file = $path + "\orgunits.csv"
$cfile = $path + "\computers.csv"
$sitefile = $path + "\adsites.csv"
$subfile = $path + "\adsubnets.csv"
Write-Host "creating new organizational units..."

$odata = Import-Csv $org_file
foreach ($oset in $odata) {
  if ($oset.Path -eq "") {
    New-ADOrganizationalUnit -Name "$($oset.Name)" -Path "$rootPath"
  else {
    New-ADOrganizationalUnit -Name "$($oset.Name)" -Path "$($oset.Path),$rootPath"

Write-Host "creating user accounts..."

Import-Csv $user_file | 
  New-ADUser -PassThru | 
  Set-ADAccountPassword -Reset -NewPassword (ConvertTo-SecureString -AsPlainText 'P@ssw0rd123' -Force) -PassThru | 

Write-Host "creating security groups..."

$gdata = Import-Csv -Path $group_file
$searchbase = Get-ADDomain | ForEach { $_.DistinguishedName }
ForEach ($item In $gdata) { 
  $check = [ADSI]::Exists("LDAP://$($item.GroupLocation),$($searchbase)") 
  If ($check -eq $True) { 
    Try { 
      $exists = Get-ADGroup $item.GroupName 
      Write-Host "Group $($item.GroupName) already exists!" 
    Catch { 
      $create = New-ADGroup -Name $item.GroupName -GroupScope $item.GroupType -Path ($($item.GroupLocation)+","+$($searchbase)) 
      Write-Host "Group $($item.GroupName) created!" 
  Else { 
    Write-Host "Target OU can't be found! Group creation skipped!" 

Write-Host "populating groups..."

$mdata = Import-Csv -path $member_file
foreach ($item in $mdata) {
  $gn = $item.GroupName
  $mx = $item.Members
  foreach ($mbr in $mx.Split(",")) {
  Add-ADGroupMember "$gn" $mbr -ErrorAction Continue

Write-Host "creating computer accounts..."

$cdata = Import-Csv -Path $cfile

foreach ($pc in $cdata) {
  write-host $pc.Name
  write-host $pc.Path
  $check = [ADSI]::Exists("LDAP://$($pc.Path),$($searchbase)") 
  If ($check -eq $True) { 
    Try { 
      $exists = Get-ADComputer $pc.Name 
      Write-Host "computer $($pc.Name) already exists!" 
    Catch { 
      $create = New-ADComputer -Name $pc.Name -Path ($($pc.Path)+","+$($searchbase)) -Description $pc.Description
      Write-Host "computer $($pc.Name) created!" 
  Else { 
    $ou = $pc.Path
    Write-Host "Target OU $ou can't be found! computer creation skipped!" 

Write-Host "creating AD sites..."

# rename default-first-site-name to corporate...
$dfsn = Get-ADReplicationSite Default-First-Site-Name
Rename-ADObject -Identity $dfsn -NewName Corporate
$dfsn = Get-ADReplicationSite Corporate
Set-ADReplicationSite -Identity Corporate -Description "Corporate Office"

$sitelist = Import-Csv -Path $sitefile

foreach ($site in $sitelist) {
 Write-Host "site... $($site.SiteName)"
 New-ADReplicationSite -Name $site.SiteName -Description "$($site.Description)"

Write-Host "creating AD site subnets..."

$subdata = Import-Csv -Path $subfile

foreach ($net in $subdata) {
 write-host "subnet... $($net.Subnet)"
 New-ADReplicationSubnet -Name "$($net.Subnet)" -Site $net.Site -Description "$($net.Description)" -ErrorAction Continue 

Write-Host "setup complete!"

[end stuff]

CSV File Content / Structure


David Stein,David,Stein,dstein,,,"OU=Admins,OU=Corp,DC=contoso,DC=com"
Frank Zappa,Frank,Zappa,fzappa,,,"OU=Users,OU=Corp,DC=contoso,DC=com"
SCCM Admin,SCCM,Admin,sccmadmin,,Administrator Account,"OU=Admins,OU=Corp,DC=contoso,DC=com"
Nicola Tesla,Nicola,Tesla,ntesla,,,"OU=Users,OU=Corp,DC=contoso,DC=com"
Ben Franklin,Benjamin,Franklin,bfranklin,,,"OU=Users,OU=Corp,DC=contoso,DC=com"
Service CMWT,Service,CMWT,svc-cmwt,,Service Account,"OU=Services,OU=Corp,DC=contoso,DC=com"
Service SCOM Data Access,Service,SCOM DAS,svc-scomdas,,Service Account,"OU=Services,OU=Corp,DC=contoso,DC=com"
Service SCOM Data Reader,Service,SCOM Data Reader,svc-scomdatrd,,Service Account,"OU=Services,OU=Corp,DC=contoso,DC=com"
Service SCOM Data Writer,Service,SCOM Data Writer,svc-scomdatwrt,,Service Account,"OU=Services,OU=Corp,DC=contoso,DC=com"
Service SCOM Managed Service Account,Service,SCOM Managed Service,svc-scommsa,,Service Account,"OU=Services,OU=Corp,DC=contoso,DC=com"
Service Azure AD Connect,Service,Azure AD,svc-azure,,Service Account,"OU=Services,OU=Corp,DC=contoso,DC=com"
Service SCCM Client,Service,SCCM Client Install,svc-cmclient,,Service Account,"OU=Services,OU=Corp,DC=contoso,DC=com"
Service SQL Server,Service,SQL,svc-sql,,Service Account,"OU=Services,OU=Corp,DC=contoso,DC=com"


SCCM Admins,Global,"OU=Groups,OU=Corp"
SQL Admins,Global,"OU=Groups,OU=Corp"
SCOM Admins,Global,"OU=Groups,OU=Corp"
SCVMM Admins,Global,"OU=Groups,OU=Corp"
SCSM Admins,Global,"OU=Groups,OU=Corp"
Desktop Admins,Global,"OU=Groups,OU=Corp"


"Desktop Admins","bfranklin,dstein"
"SCSM Admins","dstein,ntesla"
"SCCM Admins","dstein,sccmadmin"
"Enterprise Admins","dstein"
"Domain Admins","sccmadmin,svc-sql,svc-cmclient"
"Schema Admins","sccmadmin"




P01,"OU=Servers,OU=Corp","SCCM Primary Site Server"
P02,"OU=Servers,OU=Corp","SCCM Primary Site Server"
FP1,"OU=Servers,OU=Corp","File and Print Services"
FP2,"OU=Servers,OU=Corp","File and Print Services"
DB1,"OU=Servers,OU=Corp","Database Server"
WS1,"OU=Servers,OU=Corp","Web Applications Server"
DT1,"OU=Computers,OU=Corp","Desktop Computer"
DT2,"OU=Computers,OU=Corp","Desktop Computer"
DT3,"OU=Computers,OU=Corp","Desktop Computer"
LT1,"OU=Computers,OU=Corp","Laptop Computer"
LT2,"OU=Computers,OU=Corp","Laptop Computer"


NewYork,"New York"


"","NewYork","New York"

I hope it’s useful to you.  Post comments, questions, funny jokes, etc.


Leave a Reply

Please log in using one of these methods to post your comment: Logo

You are commenting using your account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s