PowerShell to quickly provision an Active Directory for events and demonstrations

Just now I’ve uploaded my first script into the Microsoft TechNet Script Repository… New-DemoAD.ps1

This is a PowerShell script/function one can use to quickly fill an Active Directory with demo users and groups, ideal for events and demonstrations.

For example, an event “TechEvent” has 200 visitors which each require an account in a fictional company. This company has 3 departments: IT, Sales and Finance.

This script will create 200 users (TechEvent001 to TechEvent200), fill the “Department” user property with a random department (chosen from the given departments), create Global Groups named after the departments and create Domain Local Groups (which can be used to configure access to resources) for each department.
Next, users will be added to the appropriate department (Global) group and each department group will be added to the appropriate (domain local) group.

Function Convert-ToDistinguishedName()
 {
 param (
 [Parameter(Position=0, Mandatory=$True)][ValidateNotNullOrEmpty()][Alias('Name')][String]$DomainName
 )
 $DomainSplit = $DomainName.split(".")
 if ($DomainSplit[2] -ne $null) {
 $DomainName = "DC=$($DomainSplit[0]),DC=$($DomainSplit[1]),DC=$($DomainSplit[2])"
 $DomainName
 } else {
 $DomainName = "DC=$($DomainSplit[0]),DC=$($DomainSplit[1])"
 $DomainName
 }
 }

function Check-Module ()
 {

Param (
 [Parameter(Position=0, Mandatory=$True)][ValidateNotNullOrEmpty()][Alias('Name')][string]$ModuleName
 )
 if ( ! ( Get-Module -name $ModuleName ) )
 {
 if ( Get-Module -ListAvailable | Where-Object { $_.name -eq $ModuleName } )
 {
 Import-Module -Name $ModuleName
 Write-Output "The $ModuleName PowerShell module is loaded."
 } else {
 Write-Output "The $ModuleName PowerShell module is not available."
 }
 }
 else {
 Write-Output "The $ModuleName PowerShell module is already loaded."
 }
 }

function New-DemoAD ()
 {

[CmdletBinding()]
 param (
 [Parameter(Position=0, Mandatory=$True)][ValidateNotNullOrEmpty()][Alias('Event')][String]$EventName,
 [Parameter(Position=1, Mandatory=$True)][ValidateNotNullOrEmpty()][Alias('Users')][Int]$UserCount,
 [Parameter(Position=2, Mandatory=$False)][ValidateNotNullOrEmpty()][Alias('Domain')][String]$DomainName = ( Get-WMIObject -Class Win32_ComputerSystem | select-object -ExpandProperty Domain),
 [Parameter(Position=3, Mandatory=$True)][ValidateNotNullOrEmpty()][Array]$Departments,
 [Parameter(Position=3, Mandatory=$True)][ValidateNotNullOrEmpty()][Alias('OUs')][Alias('Childs')][Array]$ChildOUs
 )

Check-Module -Name ActiveDirectory

$ChildOUs = "Users","Groups","Desktops","Laptops","Servers"

# Convert the domain name to a distinguished name
 Convert-ToDistinguishedName -DomainName "$DomainName"

#Create parent OU
 New-ADOrganizationalUnit -Name $EventName -Path $DomainName -ProtectedFromAccidentalDeletion $False -OutVariable ParentOU

# Create default child OUs
 foreach ( $ChildOU in $ChildOUs )
 {
 New-ADOrganizationalUnit -Name $ChildOU -Path (Get-ADOrganizationalUnit -Filter 'Name -eq $EventName') -ProtectedFromAccidentalDeletion $False
 }

# Create the demo Users
 for ($i=1; $i -le $UserCount; $i++)
 {
 New-ADUser -Name $EventName$i -SamAccountName $EventName$i -Path (Get-ADOrganizationalUnit -Filter 'Name -eq "Users"') -Department (Get-Random $Departments) -Enabled $true -ChangePasswordAtLogon $false -AccountPassword (ConvertTo-SecureString "P@ssw0rd01" -AsPlainText -force) -PasswordNeverExpires $true
 }

# Create Domain Local Groups for departments
 Foreach ( $Department in $Departments )
 {
 New-ADGroup -Name "XS-$Department" -SamAccountName "XS-$Department" -DisplayName "XS-$Department" -Description "$Department" -Path (Get-ADOrganizationalUnit -Filter 'Name -eq "Groups"') -GroupScope DomainLocal -GroupCategory Security
 }

# Create Domain Global Groups for departments
 Foreach ( $Department in $Departments )
 {
 New-ADGroup -Name "$Department" -SamAccountName "$Department" -DisplayName "$Department" -Description "$Department" -Path (Get-ADOrganizationalUnit -Filter 'Name -eq "Groups"') -GroupScope Global -GroupCategory Security
 }

# Domain Local Groups in appropriate Domain Global Groups
 Foreach ( $Department in $Departments )
 {
 Add-ADGroupMember -Identity ( Get-ADGroup -Filter 'Description -like $Department' | where { $_.GroupScope -Like "DomainLocal" } ) -Members ( Get-ADGroup -Filter 'Name -like $Department' )
 }

# Users in appropriate Global Groups
 $Users = Get-ADUser -properties Department -Filter *
 Foreach ( $User in $Users )
 {
 Foreach ( $Department in $Departments )
 {
 if ( $User.Department -eq $Department )
 {
 Add-ADGroupMember -Identity ( Get-ADGroup -Filter 'Name -like $Department' ) -Members $User
 }
 }
 }
 }