0

I'm trying to script user creation and am having issues with OU variables. I've managed to script the users to create in OU based on users department but I also need to do it based on location. I've pasted part of my script below, which works fine, I just want to know if there's an easy way of integrating Office variable into it so that if user office is New York and Department equals IT then move to NY IT OU for example. Our OU's are split by region and department so I understand it may be a little complicated but any pointers are appreciated. Thanks in advance.

If ($department -eq “IT”){
     $OU = 'OU=IT,OU=London (LDN),OU=Europe,OU=Company Staffing,DC=testcompany,DC=local'
}elseIf($department -eq “Finance”){
    $OU = 'OU=Finance,OU=London (LDN),OU=Europe,OU=Company Staffing,DC=testcompany,DC=local'
}elseIf($department -eq “Sales”){
    $OU = 'OU=Sales,OU=London (LDN),OU=Europe,OU=Company Staffing,DC=testcompany,,DC=local'
}elseIf($department -eq “HR”){
    $OU = 'OU=HR,OU=London (LDN),OU=Europe,OU=Company Staffing,DC=testcompany,,DC=local'
}elseIf($department -eq “Client Services”){
    $OU = 'OU=Client Services,OU=London (LDN),OU=Europe,OU=Company Staffing,DC=testcompany,DC=local'
}else {$OU = 'OU=London (LDN),OU=Europe,OU=Company Staffing,DC=testcompany,DC=local'
}


New-ADUser `
-Department $Department `
-Name "$Firstname $Surname" `
-UserPrincipalName $UPN `
-Path $OU `
-GivenName $FirstName `
-Surname $Surname `
-SamAccountName "$FirstName.$Surname" `
-AccountPassword (Read-Host -AsSecureString "Input User Password") `
-ChangePasswordAtLogon $False `
-Company "Test" `
-Title $JobTitle `
-EmailAddress "$FirstName.$Surname@testcompany.com" `
-State "LDN" `
-Country "GB" `
-Office "LDN" `
-City "London" `
-DisplayName "$FirstName $Surname" `
-Enabled $True
Santiago Squarzon
  • 41,465
  • 5
  • 14
  • 37
Ali
  • 1
  • Do you have a list of offices (`"London", "New York", "..."`) and their shortnames (`"LDN", "NY", "..."`)? And do all of them have dedicated OUs? And do all departments under each office OU have a dedicate OU? – Mathias R. Jessen Jan 11 '23 at 13:17
  • For your own sanity, I'd strongly suggest you use the `Switch` statement instead of endless `If...Then..ElseIf....` – Scepticalist Jan 11 '23 at 13:57
  • @MathiasR.Jessen Hi, our user OU's are split by Region > City > Department e.g. EMEA > London > IT/HR/ Finance etc. and APAC > Singapore > IT/HR/Finance etc. so on so forth. Hope that makes sense. – Ali Jan 11 '23 at 14:12
  • @Scepticalist Sorry I'm still a bit of a PS noob, would you be able to give an example of how I'd use the switch in my script and I'll try replicating it for the different regions/ departments. Thanks – Ali Jan 11 '23 at 14:15

2 Answers2

0

If you mean you have different OU's for departments in different parts of the world, you could build yourself a lookup Hashtable where each key is the department and each value is another Hashtable that has the abbreviated State as key and the complete OU path as value.

Something like below:

$OULookup = @{
    'IT'      = @{'LDN' = 'OU=IT,OU=London (LDN),OU=Europe,OU=Company Staffing,DC=testcompany,DC=local'
                  'NY'  = 'OU=IT,OU=New York (NY),OU=America,OU=Company Staffing,DC=testcompany,DC=local'
                }
    'Finance' = @{'LDN' = 'OU=Finance,OU=London (LDN),OU=Europe,OU=Company Staffing,DC=testcompany,DC=local'
                  'NY'  = 'OU=Finance,OU=New York (NY),OU=America,OU=Company Staffing,DC=testcompany,DC=local'
                }
    'Sales'   = @{'LDN' = 'OU=Sales,OU=London (LDN),OU=Europe,OU=Company Staffing,DC=testcompany,,DC=local'
                  'NY'  = 'OU=Sales,New York (NY),OU=America,OU=Company Staffing,DC=testcompany,,DC=local'
                }
}

Now you can retrieve the OU path using that lookup table using

$OULookup['IT']['LDN']       # --> OU=IT,OU=London (LDN),OU=Europe,OU=Company Staffing,DC=testcompany,DC=local
$OULookup['Sales']['NY']     # --> OU=Sales,New York (NY),OU=America,OU=Company Staffing,DC=testcompany,,DC=local
$OULookup['Finance']['LDN']  # --> OU=Finance,OU=London (LDN),OU=Europe,OU=Company Staffing,DC=testcompany,DC=local

P.S. Please have a look at about_Splatting to see how you can use cmdlets like New-ADUser that take a lot of parameters better without using those horrible backticks

Theo
  • 57,719
  • 8
  • 24
  • 41
  • Thanks for your reply Theo. Might be stupid question but would I do something like - **New-AdUser -Path $OULookup**? - If there's for example an IT OU in NY, LDN, SGN etc. how would it know to add them to the IT OU in the correct city? Appreciate the Splatting article, I'll look into this but in case you have any pointers I'd appreciate it. – Ali Jan 11 '23 at 14:23
  • 1
    So then you'd do `New-AdUser -Path $OULookup[$department][$location]` – Mathias R. Jessen Jan 11 '23 at 15:00
  • As [Mathias](https://stackoverflow.com/questions/75083620/create-user-with-powershell-multiple-ou-path-variables-based-on-department-l/75084221?noredirect=1#comment132502084_75084221) commented. You never explained where you get the variables `$department` or the city from. Maybe by reading in a CSV file? All you need are those two variables and then you can look up the OU from the Hashtable (you need to add all combinations in there first of course) – Theo Jan 11 '23 at 15:40
0

Depending on how many offices you have and how many fields you want to script, Theo's lookup table might be better, but for a simple example using Switch see below:

$department = 'IT'
$office = 'London (LDN)'

Switch ($Office) {
    "London (LDN)" {
        # Look for OU matching $department only in the "London" OU
        $OU = Get-ADOrganizationalUnit -Filter "Name -eq '$department'" -SearchBase 'OU=London (LDN),OU=Europe,OU=Company Staffing,DC=testcompany,DC=local'
    }
    "New York (NY)" {
        # Look for OU matching $department only in the "New York" OU
        $OU = Get-ADOrganizationalUnit -Filter "Name -eq '$department'" -SearchBase 'OU=New York (NY),OU=America,OU=Company Staffing,DC=testcompany,DC=local'
    }
    default {
        $OU = 'OU=London (LDN),OU=Europe,OU=Company Staffing,DC=testcompany,DC=local'
    }
}


# The $OU variable is now populated correctly
$OU | Select-Object Name, DistinguishedName

Though to be honest - you could get the same effect simply by filtering the Get-ADOrganizationalUnit cmdlet:

$OU = Get-ADOrganizationalUnit -Filter * | Where-Object { ($_.Name -eq $department) -and ($_.DistinguishedName -match $office)}
Scepticalist
  • 3,737
  • 1
  • 13
  • 30