Scribd
Upload
2 views

Gagandeep window assignment 5

The document outlines the process of creating an Organizational Unit (OU) in Active Directory using PowerShell, including user and group creation, and backing up the OU. It explains the importance of administrative access for executing these tasks and provides specific PowerShell commands used throughout the process. Finally, it details the steps taken to remove the OU after completing the tasks.

Uploaded by

jolalav296
Copyright
© © All Rights Reserved
Available Formats
Download as DOCX, PDF, TXT or read online on Scribd
2 views

Gagandeep window assignment 5

The document outlines the process of creating an Organizational Unit (OU) in Active Directory using PowerShell, including user and group creation, and backing up the OU. It explains the importance of administrative access for executing these tasks and provides specific PowerShell commands used throughout the process. Finally, it details the steps taken to remove the OU after completing the tasks.

Uploaded by

jolalav296
Copyright
© © All Rights Reserved
Available Formats
Download as DOCX, PDF, TXT or read online on Scribd
You are on page 1/ 15

ASSIGNMENT 5

Name- Gagandeep Kaur (20053812)

Subject – Window Server and Powershell

Date- 26-03-2025

The first step is creating an OU in which I am going to add users, and for doing that, I login

as an administrator

Q1 Why I log in as an administrator

Logging in as an admin is key when working with Active Directory in PowerShell because it

gives you the special access needed to create, tweak, or delete things like OUs, users, and

groups. If you’re just a regular user, you’d hit a wall with “Access Denied” errors on

commands like New-ADOrganizationalUnit or New-ADUser. In a lab setting, being an

admin lets you breeze through tasks like backing up or deleting an OU without hassle. It’s

like real-life IT work—only admins get the keys to the kingdom, so you’re learning the ropes

the way pros do it

The next step is choosing the tool option and selecting Active Directory users and computers
Q2. Why I choose Active Directory users and computers?

I choose Active Directory Users and Computers (ADUC) because it’s an easy, visual way to

check PowerShell changes in Active Directory. It shows OUs, users, and groups clearly for

screenshots, like "OU=812" with "User812". It’s admin-friendly and perfect for confirming,

annotating, and learning how to manage AD effectively!

The following interface will be appears


Now, to create a new OU, I have to click right <Select new <Organizational Unit By

following the above steps, we successfully create an new OU on the name of 812

Now, I am going to add users under this OU by using PowerShell

For doing that I used following script and run it


$ouPath = "OU=812,DC=Gagandeep,DC=com"

$users = @("User812", "Admin812", "Guest812")

foreach ($user in $users) {

New-ADUser -Name $user `

-SamAccountName $user `

-UserPrincipalName "[email protected]" `

-Path $ouPath `

-AccountPassword (ConvertTo-SecureString "P@ssw0rd123" -AsPlainText -Force)

-Enabled $true

}
This PowerShell script creates three AD user accounts (User812, Admin812, Guest812) in

the "812" OU under the "Gagandeep.com" domain. Each user gets a SAMAccountName,

UPN, and a preset password (P@ssw0rd123). The accounts are immediately enabled upon

creation using the New-ADUser cmdlet.


Now, I am going to add Groups in this OU, and I will do by using the following Command

$ouPath = "OU=812,DC=Gagandeep,DC=com"

New-ADGroup -Name "Group812" -SamAccountName "Group812" -GroupScope Global -

Path $ouPath

This PowerShell command creates a global Active Directory group named "Group812"

inside the "812" OU under the "Gagandeep.com" domain. The -SamAccountName

"Group812" sets its login identifier, -GroupScope Global defines its scope, and -Path $ouPath

places it in the specified Organizational Unit (OU).


Now, for adding users to group I use following command

$groupName = "Group812"

$users = @("User812", "Admin812", "Guest812")

foreach ($user in $users) {

Add-ADGroupMember -Identity $groupName -Members $user

}
For checking the members are added to group right click on group name < properties

<member

If I go to the description, there is no description and we find description under general tab
Now, I am going to add description

As a result of Set-ADGroup -Identity "Group812" -Description "Group for student 812"

command the description is added


Why I use Set-ADGroup -Identity "Group812" -Description "Group for student 812"

Ans The command updates the "Group812" AD group's description, providing additional

context (e.g., "Group for student 812") for better organization and clarity.

For creating a backup I used the following command

$ouPath = "OU=812,DC=Gagandeep,DC=com"

$backupPath = "C:\Backup"

# Check if the directory exists; if not, create it

if (-not (Test-Path -Path $backupPath)) {

New-Item -Path $backupPath -ItemType Directory -Force

}
# Export the OU and its contents

Get-ADObject -Filter * -SearchBase $ouPath -SearchScope Subtree | Export-Clixml -Path

"$backupPath\OU812_Backup.xml"

This PowerShell script backs up the contents of an Active Directory Organizational Unit

(OU). It first checks if the backup directory "C:\Backup" exists and creates it if not. Then, it

retrieves all objects within the "812" OU using Get-ADObject, and exports the data to an

XML file named "OU812_Backup.xml" for safekeeping.

Now looking for backup file I open the file manager < C drive < Backup and here I found the

file
Now, for exporting a file to my original Pc, I just copied it and pasted it to my folder named

as gagan screenshot this folder is shared by me with my vm


Here is the screenshot from my original pc

Now the last step is removing the Ou and for doing that I am going to run following

command first

$ouPath = "OU=812,DC=Gagandeep,DC=com"

Set-ADOrganizationalUnit -Identity $ouPath -ProtectedFromAccidentalDeletion $false


Remove-ADOrganizationalUnit -Identity $ouPath -Recursive -Confirm:$false

I added this command to disable the protective group policy and after that I used

$ouPath = "OU=812,DC=Gagandeep,DC=com"

Remove-ADOrganizationalUnit -Identity $ouPath -Recursive -Confirm:$false

And this command deleted the OU successfully as the protection is removed by the previous

command

You might also like