Creation and Management of Organizational Units








Creation and Management of Organizational Units :

 

 ________________________________________

Follow us on Facebook

Follow us on Google+

________________________________________

 



Microsoft Windows Server 2003 provides several tools and snap comosants command line you can create organizational units and manage the configuration and use of accounts and resources in the model of your organization. You can also use the runtime scripts for Microsoft Windows platforms to manage organizational units.

Methods of creating and managing OUs The following list describes some snap-ins and command-line tools allow you to create and manage organizational units:


  •      Active Directory Users and Computers. This MMC allows you to create, edit and delete OUs. Use this software component plug when you only have a few organizational units to manage, or if you want to manage units interactively.

  •      Tools directory service. This toolkit command line to manage objects and querying information in Active Directory. The command line tools include Dsadd, and Dsmod Dsrm. The use of these tools with the parameter "or" you can add, modify and delete OUs in Active Directory. You can also use scripts and batch files with these tools to manage directory services.

  •      Ldifde (lightweight Directory Access Protocol Data Interchange FormatDirectory Exchange). This command line tool enables you to create OUs and other Active Directory objects. Ldifde uses an input file containing information about the objects to add, edit or delete. This information is stored as a series of records, separated by an empty line in the input file.

  •      Environment of Windows Script Host. You can create organizational units using Windows, or using Windows scripting with the components provided by the ADSI (Active Directory Service Interfaces). The use of scripts allows you to create organizational units within an application configuration, if necessary.

How to create and manage organizational units using tools directory service :


The command line tools Dsadd, and Dsmod Dsrm directory service allows you to create and manage organizational units from the command prompt. You can also use these commands in scripts and batch files. 

How to Create an Organizational Unit : 


To create an organizational unit, run the following command Dsadd from the command prompt:

             Dsadd ou NU_Organization_Unit –desc Description –d Domaine –u User_Name  –p Passoword
Where:
  • NU_Organization_Unit : Specify the unique name of the organizational unit that you want to add. For example, to add the OU SupportTechnique nwtraders.msft the domain, the DN is ou = supporttechnique, dc = nwtarders, dc = msft.
  • Description : Specify the description of the organizational unit that you want to add.
  •  Domaine : Specify the domain to connect to. By default, the computer is connected to the domain controller in the domain where it is logged.
  • User_Name : specify the name used to connect to a remote server. By default, the name of the current user is used. You can specify a user name using one of the following formats:
                                            • User name (for example, Linda)
                                            • Domain \ user name (for example, widgets \ Linda)
                                            • User principal name (UPN User Principal Name) (eg Linda@widgets.microsoft.com)
  • Password  : Is the password to use to log on to a server distant.Si you type * (asterisk), a password will be requested. 


How to Modify an organizational unit:


To change the description of an organizational unit, run the following command:


Dsmod ou NU_Organization_Unit -desc Description -d Domain -u
User_Name -p Password


The parameters that are passed to the command dsmod are the same as those of the dsadd. The new description must be passed as a parameter desc.


How to Delete an organizational unit:



 You must simply remove Active Directory organizational units that are no longer used. To delete an organizational unit, run the following command:


Dsmod ou NU_Organization_Unit -desc Description -d Domain -u
User_Name -p Password


The parameters that are passed to the command dsrm are the same as those of the dsadd. You can use the following additional parameters with DSRL:

  • Subtree. Specifically delete the object and all objects contained in the sub-tree underneath this object.

  • Exclude. Specifies not to remove the base object provided by NU_Unité_Organisatio when you remove the subtree located below. By default, only the specified base object is deleted. Exclude parameter can not be specified with the parameter subtree.



How to create and manage organizational units using the tools Ldifde :


The command line tool allows you to create Ldifde organizational units in batch mode and to define hierarchies of organizational units. You can also use Ldifde to edit and delete OUs.

procedure
The first step to perform is to use this tool to create the input file (*. Ldf) for use with Ldifde. After creating this file, you run the Ldifde command.

Follow these steps to create organizational units using the command line tool Ldifde:

1. Create an input file. The following example shows the format of the file:


dn: OU = ExempleOU, DC = nwtraders, DC = msft
changetype: add
objectClass: organizationalUnit


Changetype : determines the type of operation performed on the Active Directory object.
ObjectClass : specifies the class of the object in Active Directory.
In the previous example, adds an object Ldifde organizational unit called ExempleOU nwtraders.msft the field. You can add multiple organizational units by adding more entries like the one above. Each entry dn must be preceded by a blank line, except the first.
2. Run Ldifde to create, modify or delete OUs entering the following command: 
C: \> ldifde -i -k -f OUList.ldf -b User_Name_Domain  -p password
 
where: 
  •       -i specifies import mode. If it is not specified, the default mode is export.
  •      -k can ignore errors during an import operation and continue processing.
  •      -f specifies the file name to import or export.

     OUList.ldf is the input file.
  •      -b specifies the user name, the domain name and the password associated with the user account that will be used to execute the import or export.

How to create organizational units using environment Windows Script :


ADSI is a programmatic interface (API, Application Programming Interface) that you use from the environment of Windows Script Host to automate the administration of Active Directory. ADSI uses LDAP (Lightweight Directory Access Protocol) to communicate with Active Directory. All operations that you perform on ADSI Active Directory follow the same procedure. You must first connect to Active Directory. You can then perform tasks such as retrieving information about objects, and add, modify or delete objects. If vousq make changes to Active Directory, you must register in the Active Directory database so that they are retained.

Procedure:

Follow these steps to create an organizational unit using environment Windows Script Host:
Using the Notepad, create a text file with the extension *. Vbs. Place this file in the commands listed below in items a, b and c, then save


a) Start by logging onto the domain in which you want to create the organizational unit, as shown in the following example:

Set objDom = GetObject(« LDAP://dc=nwtraders,dc=msft ») 


b) Then create the OU OrganizationalUnit as specifying the type of object to create Active Directory and the name of the organizational unit, as shown in the following example: 

Set objOU = objDom.Create
(« OrganizationalUnit », « ou=NouvelleOU »)
In this example, New OU is the name of the organizational unit that you create.


c) Finally, save the information in the Active Directory database, as shown in the following example:
objOU.SetInfo


To run the commands in the file *. Vbs, type the following at the prompt comande:
Wscript nom_fichier_script.vbs
 




Libellés : , , ,