Quick Fix: SBS & Essentials OU Structure
December 4, 2013 13 Comments
Are you new to managing an OS other than Small Business Server?
If so you may be forgiven for thinking that that ‘MyBusiness’ OU Structure present in SBS for as long as i have worked with it, is the norm for an Active Directory domain. Indeed if you go into Group Policy Management and find those OUs missing, you might think… er.. ‘this is broken!’
Fear not. It is very easy to recreate these OUs in seconds. Simply open up an Elevated PowerShell and copy and paste these commands.
Import-Module ActiveDirectory
$domain = (Get-ADDomain)
$DN = $domain.DistinguishedName
New-ADOrganizationalUnit -name "MyBusiness" -path $DN
New-ADOrganizationalUnit -name "Computers" -path "OU=MyBusiness,$DN"
New-ADOrganizationalUnit -name "Distribution Groups" -path "OU=MyBusiness,$DN"
New-ADOrganizationalUnit -name "Security Groups" -path "OU=MyBusiness,$DN"
New-ADOrganizationalUnit -name "Users" -path "OU=MyBusiness,$DN"
New-ADOrganizationalUnit -name "SBSComputers" -path "OU=Computers,OU=MyBusiness,$DN"
New-ADOrganizationalUnit -name "SBSServers" -path "OU=Computers,OU=MyBusiness,$DN"
New-ADOrganizationalUnit -name "SBSUsers" -path "OU=Users,OU=MyBusiness,$DN"
You can also change the default location for new users and new computers by following this KB Article.
About Robert Pearman
Title (Required) 
Thanks Robert, that really helps, especially the KB article, I didn’t know about that!
First of all, thanks for the script, its really usefull.
Now im in a project to migrate a full structure of an AD to another server.
What can I do to use the same structure as you used or similar but with the CSV exported file?
Thank You.
Do you have an example of your CSV exported structure?
At the moment we have separeted csv files (OrganizationalUnit, Users, Groups) of the Server A
Here is the OrganizationalUnit csv file:
#TYPE Selected.Microsoft.ActiveDirectory.Management.ADOrganizationalUnit
“Name”,”ObjectClass”
“OU=ou93266,DC=losmaic,DC=com”,”organizationalUnit”
“OU=oupas,OU=ou93266,DC=losmaic,DC=com”,”organizationalUnit”
“OU=ougs,OU=ou93266,DC=losmaic,DC=com”,”organizationalUnit”
“OU=ouasix1,OU=ougs,OU=ou93266,DC=losmaic,DC=com”,”organizationalUnit”
“OU=ouasix2,OU=ougs,OU=ou93266,DC=losmaic,DC=com”,”organizationalUnit”
“OU=oudaw1,OU=ougs,OU=ou93266,DC=losmaic,DC=com”,”organizationalUnit”
“OU=oudaw2,OU=ougs,OU=ou93266,DC=losmaic,DC=com”,”organizationalUnit”
“OU=ougm,OU=ou93266,DC=losmaic,DC=com”,”organizationalUnit”
“OU=ousmx1,OU=ougm,OU=ou93266,DC=losmaic,DC=com”,”organizationalUnit”
“OU=ousmx2,OU=ougm,OU=ou93266,DC=losmaic,DC=com”,”organizationalUnit”
Our plan is to transfer structure of the Server A to a Clean Server B.
Hey, ok this took a bit of time to work on, and I had to clean up the CSV as well as the field names are enclosed in quotes, and the values also have quotes, but not string quotes ” “, more like the 6699 quotes, but that could just be due to the way wordpress displays it.
$csv = import-csv “C:\users\Robert\Desktop\working\csvcsv.csv”
foreach ($line in $csv)
{
$dn = “,DC=losmaic,DC=com”
$line = $line.Name
$line = $line.ToString()
$line = $line -replace “$dn”,””
$lineS= $line.Split(“,”)
$lineS = $lineS -replace (‘“’,””)
$lineS = $lineS -replace (‘”’,””)
Write-Output “”
$count = ($lineS | measure-object).Count
if (($count) -eq “1”)
{
$dn = $dn.SubString(1)
$dn
Write-Output “New-ADOrganizationalUnit $lineS -path $dn”
}
if (($count) -eq “2”)
{
$ou = $lines[0]
$path = $lines[1]
Write-Output “New-ADOrganizationalUnit $ou -path “”$path$dn”””
}
if (($count) -eq “3”)
{
$ou = $lines[0]
$path = $lines[1]
$path2 = $lines[2]
Write-Output “New-ADOrganizationalUnit $ou -path “”$path,$path2$dn”””
}
}
So, honestly with that number of OUs I would probably consider not using powershell, having said that it produced the following output so it may work.
New-ADOrganizationalUnit OU=ou93266 -path DC=losmaic,DC=com
New-ADOrganizationalUnit OU=oupas -path “OU=ou93266,DC=losmaic,DC=com”
New-ADOrganizationalUnit OU=ougs -path “OU=ou93266,DC=losmaic,DC=com”
New-ADOrganizationalUnit OU=ouasix1 -path “OU=ougs,OU=ou93266,DC=losmaic,DC=com”
New-ADOrganizationalUnit OU=ouasix2 -path “OU=ougs,OU=ou93266,DC=losmaic,DC=com”
New-ADOrganizationalUnit OU=oudaw1 -path “OU=ougs,OU=ou93266,DC=losmaic,DC=com”
New-ADOrganizationalUnit OU=oudaw2 -path “OU=ougs,OU=ou93266,DC=losmaic,DC=com”
New-ADOrganizationalUnit OU=ougm -path “OU=ou93266,DC=losmaic,DC=com”
New-ADOrganizationalUnit OU=ousmx1 -path “OU=ougm,OU=ou93266,DC=losmaic,DC=com”
Many many thanks!!! This structure will help me and view it in another PoV I just need to do add some features but its great.
I’ve been searching at the net for this kind of script, and no results to find out how to migrate a structure of AD with powershell..
Really appreciate :)
Let me know if I can help any more, or if you think another post would be helpful.
I have some scripts for creating users and groups and populating groups from CSVs.
from above – looks like that is an issue with the way wordpress displays quotes.
I migrated SBS 2003 to Windows 2012 R2 Essentials. Can I safely remove the MyBusiness OU after migration is complete? I would like to reduce the user count.
You are free to remove whatever you want. But please ensure that if there are users within that OU – you confirm they are no longer needed and that moving any users to a new OU will not have an adverse effect with any GPO settings that may be, or may not be enforced.
What I am concerned about is the user templates included in the SBSUsers container (Administrator Template, Mobile User Template and Power User Template). Will Windows Server 2012 R2 Essentials expect these objects to exist? Does it need them for generating users or anything else? These objects are counted as users against the 25 user limit and I would like to eliminate them if it is not going to cause problems doing so.
The templates are just user accounts that are disabled. The wizards in Essentials 2012 R2 do not use these to my knowledge.
There is a setting that is changed in SBS to direct new users to that SBS Users OU, which is documented here. https://support.microsoft.com/en-us/kb/324949 c:\windows\system32>redirusr ou=myusers,DC=contoso,dc=com, additionally you can ‘hide’ users from the dashboard and that removes them from your user total. http://titlerequired.com/2014/09/18/quick-fix-hide-users-from-essentials-2012-r2-dashboard/
Thank you.