A PowerShell scripter’s work is never done. As you develop scripts over the years your skills improve and the way you write scripts changes. Sometimes you find that scripts you once created are due for an overhaul. The very first script I posted in my blog (in effect my very first post ever) was a function that creates a GUI or windows form showing your domain’s OU structure. While the script proved to be useful to a lot of people (thanks for the positive feedback, readers) there were some limitations that needed to be addressed:
- ActiveDirectory module was required
- Long startup duration
- Only the current domain could be browsed
Some of those limitations were pointed out to me in the comments with some helpful insights on how to remedy them. So I decided to revisit my earlier concept and create a brand-new version with some new features that make it look even closer to the ADUC console (Active Directory Users and Computers). First let’s look at how I eliminated said limitations:
- ActiveDirectory module was required:
I rewrote the script to utilize .NET and LDAP queries so it’ll run on any domain machine. This also greatly improves the speed of the script.
- Long startup duration:
Instead of creating the entire directory tree at once it now only shows one level. Once a node get’s expanded the next level is quickly created. Credit goes to @SuperCheeta for this solution. I’ve further improved his solution so the script now checks each OU for at least one child OU and if it exists it creates a dummy node to conjure up the expansion sign [+]. That way only OU’s (or folders) with children get the expansion sign.
- Only the current domain could be browsed:
By default the current user’s domain is displayed, but by using the context menu on the root node or the domain node you can switch domains. A smaller form will open where you can select the appropriate domain in a tree view, same as in ADUC. Here’s how it looks:
You can also run the function with the -Domain parameter to specify a domain other than default.
As you can see from the samples above I’ve replaced the New OU button I had in the previous version for a context menu item. The context menu itself is adaptive: you’ll get a different contents depending on the type of node you’re on. The container nodes have no context menu because you can’t create an OU in them.
Also, it’s no longer required to run the script with admin privileges to create an OU. It now uses ADSI to create OU’s instead of the command line tool. If the current user account does not have sufficient rights to create an OU the user will be prompted for different credentials.
If, for some reason, you want to hide the script’s ability to create a new OU you can utilize the -HideNewOUFeature parameter. It will stop the option from showing up in the context menu.
I’ve created a checkbox called Advanced Features which doesn’t really give you advanced features, but it’s named after it’s ADUC counterpart. When enabling Advanced Features in ADUC the console shows some folders (containers) that are otherwise hidden. The same concept applies to the Choose-ADOrganizationalUnit function. I put this feature in to mimic ADUC as closely as possible. I’m not sure if anyone will ever use it but it’s there anyway. The previous version showed these by default so it still counts as an improvement, right?
The output has been changed from a single string containing the distinguished name of the chosen OU to a PowerShell object that contains both the name and the distinguished name. Why you ask? … Because I can, that’s why! ;^)
Better, faster and snappier! That’s what I was going for and I’m pretty sure you’ll agree that I pulled it off. Please give the new function a whirl and don’t be shy on the comments! You can view/download it here: link
15-06-2016: as per request I’ve added a parameter called -MultiSelect which will add checkboxes to all nodes, so you can now select multiple objects!! Also running the function from a non domain-joined computer is now supported by using the -Domain and -Credential parameters.
15-11-2016: I’ve added a button to the Change Domain GUI named Change Forest. It will allow you to connect to a different forest an pick a domain from there. Thanks @Ronald for your feedback. It’s a great addition to the featureset.