¡ This version is deprecated! New version available here.
I recently started to create GUI tools using my favorite Powershell tool: Sapien Powershell Studio 2012. The function of one of my first tools was to create users and security groups in a specific OU in Active Directory. I decided to create a seperate GUI form for the making of a OU picker tool, so I could re-use it in other projects. I found a great base for this tool in a blogpost by thepip3r’s. This was a great start but I wanted to give it a more native AD look & feel and I also wanted to be able to create a new OU if necessary.
The end result looks like this:
As you can see the icons used for OU’s, folders and domains are the same as in AD Users and Computers. When selecting an OU you can create a new OU by clicking the New OU button. This will create a new OU branch in the treeview and let’s you type in a name immediately. As soon as the new name is confirmed by hitting enter the OU will be created.
One of the challenges in this project was that when you use the native powershell command for creating a new OU, New-ADOrganizationalUnit, you’ll receive an “Access Denied” error. For some reason you’re not allowed to create new AD objects with powershell when you’re logged on to a Domain Controller. Running the script as a domain admin and with elevated rights wasn’t enough to overcome this so I used the good old-fashioned DSADD command to create the OU. This will require your main script to be run with elevation. If not elevated hitting the New OU button will generate an error. You’ll still be able to select an OU though.
Hitting the OK button will create a script level variable $objSelectedOU which contains the object of the OU you selected.
If you want to use this for your own GUI’s you can view or download the code here. It’s a textfile but if you change the extension to ps1 and run it on a domain controller it will run on its own. You can copy the main function and use it in your own Powershell scripts/GUI’s. If you download it I’d appreciate a comment.
Edit: In order to make this script easier for you to use I’ve turned it into a function that will return the OU object automatically. It’s available for download here. Now you can copy the entire function Choose-ADOrganizationalUnit into your script and use it like this:
$OU = Choose-ADOrganizationalUnit
I think you’ll find it more user friendly (Yeah, I’m evolving).
Edit #2: I’ve created an improved version of this function in a new blogpost: https://itmicah.wordpress.com/2016/03/29/active-directory-ou-picker-revisited/. If you’re currently using this older version please update. The new version is faster and more advanced.