API tools faq
paste
Advertisement
Guest User

Untitled

a guest
Mar 17th, 2018
359
0
Never
Add comment
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
PowerShell 7.17 KB | None | 0 0
raw download clone embed print report
  1. <#
  2. The purpose of this script is to perform an initial cleanup/configuration of an Active Directory environment. It accomplishes the following things:
  3.  
  4. * Creates a new OU with the name of the AD Domain, along with sub-OUs for computers, users, and security groups
  5. * Creates a new OU "Disabled," along with sub-OUs for computers and users
  6. * Redirects computers to the newly created computers OU
  7. * Redirects users to the newly created users OU
  8. * Moves users and security groups from the Users container to the newly created users OU
  9. * Moves computers (all non-domain controllers) into the newly created computers OU
  10.  
  11. The prime directive is to clean up fresh installs that do not yet have GPOs in place, though it could be used with care on existing domains
  12.  
  13. TO DO:
  14. * Find why redircmp/redirusr cannot properly finish on the first time the script is run (NOTE: Find why $newDefault(User/Computers)Container is blank to begin with), but runs fine on second attempt
  15. * General script cleanup/readability improvements
  16. * Find out how to turn the CreateOU function into a function that accepts arrays, to call the function one time only?
  17. * Move disabled computers and accounts into the new Disabled OUs
  18. * Provide cleaner output
  19.  
  20. #>
  21.  
  22. Import-Module ActiveDirectory
  23.  
  24. ###
  25. ### Establish variables
  26. ###
  27.  
  28. $getCurrentDomainRoot = Get-ADDomain | foreach { $_.DistinguishedName }
  29. $getDomain = $env:userdomain
  30. $getNewDomainRoot = "OU=$getDomain"+","+"$getCurrentDomainRoot"
  31. $currentDefaultComputersContainer = (Get-ADDomain | select -ExpandProperty ComputersContainer)
  32. $newDefaultComputersContainer = (Get-ADOrganizationalUnit -Filter * | where {$_.Name -like "Computers" -and $_.DistinguishedName -like "*$getNewDomainRoot"} | foreach {$_.DistinguishedName})
  33. $currentDefaultUsersContainer = Get-ADDomain | select -ExpandProperty UsersContainer
  34. $newDefaultUsersContainer = (Get-ADOrganizationalUnit -Filter * | where {$_.Name -like "Users" -and $_.DistinguishedName -like "*$getNewDomainRoot"} | foreach {$_.DistinguishedName})
  35.  
  36. ###
  37. ### Establish functions
  38. ###
  39.  
  40. function CreateOU($ouName,$ouPath){
  41. Write-Host "Attempting to create $ouName in $ouPath"
  42.     try{
  43.         New-ADOrganizationalUnit -Name $ouName -Path $ouPath
  44.         Write-Host "OU does not already exist, created successfully"
  45.  
  46.         }
  47.     catch [Microsoft.ActiveDirectory.Management.ADException]{
  48.         Write-Host "SKIPPING: OU already exists"
  49.         }
  50.     }
  51.  
  52. ###
  53. ### Create new OUs
  54. ###
  55.  
  56. CreateOU $getDomain $getCurrentDomainRoot
  57. CreateOU "Computers" (Get-ADOrganizationalUnit -Filter {Name -like $getDomain}| foreach {$_.DistinguishedName})
  58. CreateOU "Users" (Get-ADOrganizationalUnit -Filter {Name -like $getDomain}| foreach {$_.DistinguishedName})
  59. CreateOU "Security Groups" (Get-ADOrganizationalUnit -Filter {Name -like $getDomain}| foreach {$_.DistinguishedName})
  60. CreateOU "Disabled" $getCurrentDomainRoot
  61. CreateOU "Computers" (Get-ADOrganizationalUnit -Filter {Name -like "Disabled"}| foreach {$_.DistinguishedName})
  62. CreateOU "Users" (Get-ADOrganizationalUnit -Filter {Name -like "Disabled"}| foreach {$_.DistinguishedName})
  63.  
  64. ###
  65. ### Redirect users and computers
  66. ###
  67.  
  68. if($newDefaultComputersContainer -ne $currentDefaultComputersContainer){
  69.     Write-Host "Computers needs to be redirected ..."
  70.     Write-Host "Redirecting new computers from $currentDefaultComputersContainer to $newDefaultComputersContainer"
  71.     redircmp $newDefaultComputersContainer
  72.     }
  73.     else{Write-Host "Computers has already been redirected"}
  74.  
  75. if($newDefaultUsersContainer -ne $currentDefaultUsersContainer) {
  76.     Write-host "Users needs to be redirected ..."
  77.     Write-Host "Redirecting new users from $currentDefaultUsersContainer to $newDefaultUsersContainer"
  78.     redirusr $newDefaultUsersContainer
  79.     }
  80.     else{Write-Host "Users has already been redirected"}
  81.  
  82. ###
  83. ### Move Users to new OU
  84. ###
  85.  
  86. $cnUsers = Get-ADUser -Filter * | where {$_.DistinguishedName -notlike "*$getNewDomainRoot*"}
  87.  
  88. if(!$cnUsers)
  89.     { Write-Host "SKIPPING: All users have already been moved" }
  90.  
  91. foreach($user in $cnUsers){
  92.  
  93.     if(!(Move-ADObject $user -TargetPath (Get-ADOrganizationalUnit -SearchBase $getNewDomainRoot -Filter {Name -like "Users"}| foreach {$_.DistinguishedName})))
  94.     { $Status = "SUCCESS" }
  95.  
  96.     else
  97.     { $Status = "FAILED" }
  98.  
  99.     $objectOutput = New-Object -TypeName PSobject
  100.     $objectOutput | Add-Member -MemberType NoteProperty -Name ObjectName -Value $user.Name.tostring()
  101.     $objectOutput | Add-Member -MemberType NoteProperty -Name SourcePath -Value $user.DistinguishedName.ToString()
  102.     $objectOutput | Add-Member -MemberType NoteProperty -Name DestinationPath -Value (Get-ADOrganizationalUnit -SearchBase $getNewDomainRoot -Filter {Name -like "Users"}| foreach {$_.DistinguishedName})
  103.     $objectOutput | Add-Member -MemberType NoteProperty -Name Status -Value $Status
  104.     $objectOutput
  105.     }
  106.  
  107. ###
  108. ### Move Computers to new OU
  109. ###
  110.  
  111. $cnComputers = Get-ADComputer -Filter * | Where { $_.DistinguishedName -notlike "*$getNewDomainRoot*" -and $_.DistinguishedName -notlike "*Domain Controllers*"}
  112.  
  113. if(!$cnComputers)
  114.         { Write-Host "SKIPPING: All computers have already been moved" }
  115.  
  116. foreach($computer in $cnComputers){
  117.  
  118.     if(!(Move-ADObject $computer -TargetPath (Get-ADOrganizationalUnit -SearchBase $getNewDomainRoot -Filter {Name -like "Computers"}| foreach {$_.DistinguishedName})))
  119.         { $Status = "SUCCESS" }
  120.  
  121.         else
  122.         { $Status = "FAILED" }
  123.  
  124.         $objectOutput = New-Object -TypeName PSobject
  125.         $objectOutput | Add-Member -MemberType NoteProperty -Name ObjectName -Value $computer.Name.ToString()
  126.         $objectOutput | Add-Member -MemberType NoteProperty -Name SourcePath -Value $computer.DistinguishedName.ToString()
  127.         $objectOutput | Add-Member -MemberType NoteProperty -Name DestinationPath -Value (Get-ADOrganizationalUnit -SearchBase $getNewDomainRoot -Filter {Name -like "Computers"}| foreach {$_.DistinguishedName})
  128.         $objectOutput | Add-Member -MemberType NoteProperty -Name Status -Value $Status
  129.         $objectOutput
  130.         }
  131. ###
  132. ### Move Groups to new OU
  133. ###
  134.  
  135. $cnSecGroups = Get-ADGroup -Filter * | where {$_.DistinguishedName -notlike "*$getNewDomainRoot*" -and $_.DistinguishedName -notlike "*Builtin*"}
  136.  
  137. if(!$cnSecGroups)
  138.     { Write-Host "SKIPPING: All security groups have already been moved" }
  139.  
  140. foreach($secGroup in $cnSecGroups){
  141.  
  142.     if(!(Move-ADObject $secGroup -TargetPath (Get-ADOrganizationalUnit -SearchBase $getNewDomainRoot -Filter {Name -like "Security Groups"}| foreach {$_.DistinguishedName})))
  143.     { $Status = "SUCCESS" }
  144.  
  145.     else
  146.     { $Status = "FAILED" }
  147.  
  148.     $objectOutput = New-Object -TypeName PSobject
  149.     $objectOutput | Add-Member -MemberType NoteProperty -Name ObjectName -Value $secGroup.Name.tostring()
  150.     $objectOutput | Add-Member -MemberType NoteProperty -Name SourcePath -Value $secGroup.DistinguishedName.ToString()
  151.     $objectOutput | Add-Member -MemberType NoteProperty -Name DestinationPath -Value (Get-ADOrganizationalUnit -SearchBase $getNewDomainRoot -Filter {Name -like "Security Groups"}| foreach {$_.DistinguishedName})
  152.     $objectOutput | Add-Member -MemberType NoteProperty -Name Status -Value $Status
  153.     $objectOutput
  154.  
  155.     }
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement
Public Pastes
Advertisement
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy.  OK, I Understand
Not a member of Pastebin yet?
Sign Up, it unlocks many cool features!