How to Create an OU (Organizational Unit) with VBScript

Guy recommends:
VBScript Training Video on CD

Tutorial for Creating an OU (Organizational Unit) with VBScript

When I visit companies, it surprises me that only 50% of network managers create any OUs in their Active Directory.  The rest keep all their accounts in the Users (or Computers) container.  The distinction between OU and container object is not just a matter of a strange book on the OU (see diagram Accounts).  OUs are great not only for organizing user and computer accounts, but also OUs for making it easier to fine tune your group policies.  (You cannot create or assign Group Policies to the Users or Computers containers. 

The other reason for getting the difference between OU and Container clear in your mind is when you start building Active Directory scripts.  It is easy to make a mistake and try to script CN=Accounts, or OU=Computers, when it should be OU=Accounts and CN=Computers.

Topics for Creating an OU (Organizational Unit) with VBScript

• Our Mission and Goal
• Example 1 - Create a top level OU
• Example 2 - Create a child OU
• Example 3 - Adding error-correcting Code
• Summary for Creating User Accounts

Our Mission and Goal

While we create OUs (Organizational Units) primarily as containers to organize users, let us take the opportunity and learn about scripting commands such as: 'Set, Create(Object), Get(Object) and .SetInfo'.

The subsidiary reason for studying OUs is when you need to alter objects in that OU, when your script binds not to the Users container but a named OU, you need to pay attention to detail as there are at least three traps for the unwary.

Example 1 - Create a top level OU

Please would you inspect Active Directory Users and Computers and confirm that there is no tiny book symbol on your Users folder.  My point is that Users is a container object, referenced by CN=Users, not an OU referred to by: OU=Users.

Meanwhile, back to the main goal, creating a top level OU with VBscript.

Instructions

1. Important: Which OU will create?  My script will generate OU=Accounts.  If you prefer a different OU name, then change line 10 in your script.
2. Copy and paste the script below into notepad.
3. Save the file with .vbs extension e.g. Accounts.vbs.
4. Double click and examine the message boxes.
5. Open Up your Active Directory Users and Computers and inspect the OUs.

Learning Points - Binding to Active Directory

Building on this theme of mastering VBScript commands, I would like to draw your attention to a section of the script.  What we see here is how VBScript binds to Active Directory.  There has to be a logical connection or binding before we can manipulate existing objects, or as here, create a new OU.

Note 1:  GetObject() retrieves data, later in the full script we will make the OU with the sister command CreateObject()

Note 2:  The 'Set' Command points the objRoot variable to the base of the LDAP name.  Think of rootDSE as tunnelling down into the heart of Active Directory and returning with information.  In this instance, naming information.

Note 3:  DefaultNamingContext is a wonderful command because I do not have to know your domain, the script retrieves the distinguished name automatically, for example dc=cp, dc=mosel. (DC = Domain Context, not Domain Controller).  The alternative would be to 'hard code' my domain name, then ask you to search and replace with your domain.  What a waste of time when I can use DefaultNamingContext.

Note 4:  You may see other people's scripts, which Set ObjDomain with one line instead of two.  My way just helps us understand the stages of binding to Active Directory.

Learning Points - Creating the actual OU

Here is the section which creates, and then saves the new OU.

Note 1: Guy loves variables, so here is the variable which holds the OU name:  strContainer ="OU=Accounts"

Note 2: Spot the use of Set, as in Set objOU.

Note 3: What the script is saying is this, start with the domain (objDomain), now create a new OU (Not a user or a computer).  And then the script extracts the name of the new OU from the strContainer  variable.

Note 4: Another member of the Set family is .SetInfo.  Take special note of .SetInfo because overlooking this command can mean that the script runs silently without error, but nothing actually gets created.

Example 2 - Create a child OU

The idea of this VBScript example is to create a child OU.  My assumption is that you have already made a parent or top level OU as described in Example1.

Creating a child OU is simple but there is a trap. Which of these two sequences should you use?

strContainer  = parent, child.   or strContainer = child, parent? 

Assuming the parent is called Accounts, Here is the answer:
strContainer ="OU=Child,OU=Accounts"

Tip: When scripting OUs pay particular attention to the placement of commas.  To create a child OU we just need one comma in the string variable.  (In other cases, but not here, we need two commas.)

Learning Points - Creating the Child OU

Note 1:  The key amendment to this script is the strContainer variable.  To create the child OU I amend to:
strContainer ="OU=Child,OU=Accounts"

Note 2:  I have added primitive error-correcting code in preparation for Example 3.

Example 3 - Adding error-correcting Code

I would like to anticipate what could go wrong.  Specifically, I want the script to hand two situations:
1) Where the child OU already exists
2) The situation where there is no Parent OU

To handle the error I divided the OU path into strParent and strContainer.  Most of the error-correcting takes place in the subroutine called GuyError().

Note 1:  Firstly, I researched the err.number for situations where the OU already existed, it turn out that the number was -2147019886.   You may be more familiar with this error as WSH Error: 80071392.

Note 2:  Trace how the sub GuyError makes use of strParent and strContainer.

Summary Creating an OU

It is surprising how often you need an OU.  For example, testing Group Policies, testing Logon Scripts.  There again, perhaps you just want a new OU for your accounts in Active Directory Users and Computers.

My script will build your Active Directory Organizational Unit.  All you need to do is adjust the variable:
strContainer  = "OU = Accounts".  If you have the time, then go through the script searching for all the script commands.  Should there be any verbs that you do not understand, do refer to the learning points.

Guy Thomas recommends Computer Training Software. 

Their topics and material are ideal for getting you started with VBScript.  The videos are easy to follow and you can control the pace.  Try their free demo material and then see if you want to buy the full package. See more about VB Script Training CD.

See Also

● Create Computer Accounts              ● Set Password for user account