Last active
May 6, 2025 20:36
-
-
Save rleap-m/5b68af4a9e54f4415892a334230abbd3 to your computer and use it in GitHub Desktop.
Scripts to build out a large OU/Group/User infrastructure in Active Directory for MKE and MSR testing purposes
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| <# | |
| .SYNOPSIS | |
| Script to connect AD resources with MKE | |
| .PARAMETER ParentOu | |
| The distinguished name of the parent organizational unit where all AD resources to be sync'd reside. | |
| .PARAMETER MkeUrl | |
| The URL of the MKE server. | |
| .PARAMETER MkeCred | |
| The credentials for the MKE server. | |
| .PARAMETER LdapServerUrl | |
| The URL of the LDAP server. | |
| .PARAMETER LdapReaderDn | |
| The distinguished name of the LDAP reader. | |
| .PARAMETER LdapReaderPassword | |
| The password for the LDAP reader. | |
| .PARAMETER LdapUserSearchBaseDn | |
| The base distinguished name for user searches in LDAP. Will be assigned to ParentOu if not provided. | |
| #> | |
| [CmdletBinding()] | |
| param ( | |
| [Parameter(Mandatory = $false)] | |
| [string] $ParentOu = 'OU=v-container-apps,DC=testingeng,DC=ad,DC=mirantis,DC=com', | |
| [Parameter(Mandatory = $true)] | |
| [string] $MkeUrl, | |
| [Parameter(Mandatory=$true,ParameterSetName='Cred')] | |
| [ValidateNotNull()] | |
| [System.Management.Automation.PSCredential] | |
| [System.Management.Automation.Credential()] | |
| $MkeCred, | |
| [Parameter(Mandatory=$false)] | |
| [string] $LdapServerUrl, | |
| [Parameter(Mandatory=$false)] | |
| [String] $LdapReaderDn, | |
| [Parameter(Mandatory=$false)] | |
| [SecureString] $LdapReaderPassword, | |
| [Parameter(Mandatory=$false)] | |
| [String] $LdapUserSearchBaseDn | |
| ) | |
| Try { | |
| Import-Module -Name 'mke.mgmt' -ErrorAction Stop | |
| } | |
| Catch { | |
| Write-Error "Unable to import the MKE management module. Please ensure it is available on the system." | |
| return | |
| } | |
| New-MkeSession -url $MkeUrl -Credential $MkeCred -AllowInsecureTransfer | |
| if ($null -eq (Get-MkeSession)) { | |
| Write-Error "Unable to create MKE session. Please check your credentials and URL." | |
| return | |
| } | |
| $mkeLDAPConfig = Get-MkeLdapConfig | |
| if (-not $mkeLDAPConfig.serverURL) { | |
| Write-Verbose "Setting LDAP server settings in MKE..." | |
| if (-not $LdapUserSearchBaseDn) { | |
| $LdapUserSearchBaseDn = $ParentOu | |
| } | |
| $splat = @{ | |
| 'ServerUrl' = $LdapServerUrl | |
| 'ReaderDn' = $LdapReaderDn | |
| 'ReaderPassword' = $LdapReaderPassword | |
| 'UserSearchBaseDn' = $LdapUserSearchBaseDn | |
| } | |
| $mkeLDAPConfig = Set-MkeLdapConfig @splat | |
| if ($mkeLDAPConfig.serverURL) { | |
| Write-Verbose "Setting LDAP server settings in MKE complete." | |
| } | |
| else { | |
| Write-Warning "Failed to set LDAP server settings in MKE." | |
| return | |
| } | |
| } | |
| else { | |
| Write-Verbose "LDAP server [$($mkeLDAPConfig.serverURL)] settings already applied. Skipping LDAP setup." | |
| } | |
| if ((Get-MkeAuthBackend) -ne 'ldap') { | |
| Write-Verbose "Setting MKE auth backend provider to LDAP." | |
| Set-MkeAuthBackend -Provider ldap | |
| Start-Sleep -Seconds 5 # Allow config to propagate | |
| if ((Get-MkeAuthBackend) -ne 'ldap') { | |
| Write-Warning "Failed to set MKE auth backend provider to LDAP." | |
| return | |
| } | |
| else { | |
| Write-Verbose "MKE auth backend provider set to LDAP." | |
| } | |
| } | |
| Try { | |
| $childOUs = Get-ADOrganizationalUnit -LDAPFilter '(name=*)' -SearchBase $ParentOu -SearchScope OneLevel -ErrorAction Stop | |
| foreach ($childOU in $childOUs) { | |
| Write-Verbose "Creating MKE organization [$($childOU.Name)]..." | |
| $mkeOrg = New-MkeOrg -Name $childOU.Name | |
| if ($mkeOrg) { | |
| Write-Verbose "Created MKE organization [$($mkeOrg.name)]" | |
| $childOUGroups = Get-ADGroup -SearchBase $childOU.DistinguishedName -Filter '*' | |
| foreach ($group in $childOuGroups) { | |
| if ($mkeTeam = New-MkeTeam -Name $group.Name -OrgName $mkeOrg.name -Description $('Env - {0}; Org - {2}; Team - {1}' -f ($group.Name -split '-'))) { | |
| Write-Verbose "Created MKE team [$($mkeTeam.name)] in organization [$($mkeOrg.name)]" | |
| $teamSync = Set-MkeTeamSyncConfig -OrgName $mkeOrg.name -Name $mkeTeam.name -GroupDN $group.DistinguishedName -GroupMemberAttr 'member' | |
| if ($teamSync) { | |
| Write-Verbose "Set MKE team sync config for team [$($mkeTeam.name)] in organization [$($mkeOrg.name)]" | |
| } | |
| else { | |
| Write-Warning "Unable to set MKE team sync config for team [$($mkeTeam.name)] in organization [$($mkeOrg.name)]" | |
| } | |
| } | |
| else { | |
| Write-Warning "Unable to create MKE team [$($group.Name)] in organization [$($mkeOrg.Name)]" | |
| } | |
| } | |
| } | |
| else { | |
| Write-Warning "Unable to create MKE organization [$($childOU.Name)]" | |
| } | |
| } | |
| } | |
| Catch { | |
| Write-Warning "Unable to retrieve child OUs from [$($ParentOU)]. Please check the Parent OU path." | |
| return | |
| } |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| <# | |
| .SYNOPSIS | |
| Script to build out a large OU/Group/User infrastructure in Active Directory for testing purposes. | |
| .PARAMETER ParentOu | |
| The distinguished name of the parent organizational unit where all OUs will be created. | |
| .PARAMETER OuCount | |
| The number of organizational units to create. | |
| .PARAMETER GroupsInEachOu | |
| The names of the groups to create within each organizational unit. | |
| .PARAMETER UsersPerGroup | |
| The number of users to create within each group. | |
| .PARAMETER Environment | |
| The environment name (like 'dev', 'test' or 'prod'). Used as a prefix for the group and user names | |
| .NOTES | |
| Cleanup: PS > Get-ADOrganizationalUnit -Identity 'OU=v-container-apps,DC=testingeng,DC=ad,DC=mirantis,DC=com' | Remove-ADOrganizationalUnit -Recursive -Confirm:$false | |
| #> | |
| [CmdletBinding()] | |
| param ( | |
| [Parameter(Mandatory = $false)] | |
| [string] $ParentOu = 'OU=v-container-apps,DC=testingeng,DC=ad,DC=mirantis,DC=com', | |
| [Parameter(Mandatory = $false)] | |
| [ValidateRange(1,50000)] | |
| [int] $OuCount = 20, | |
| [Parameter(Mandatory = $false)] | |
| [string[]] $GroupsInEachOu = @('developers','testers','operators'), | |
| [Parameter(Mandatory = $false)] | |
| [ValidateRange(1,999)] | |
| [int] $UsersPerGroup = 10, | |
| [Parameter(Mandatory = $false)] | |
| [ValidateSet('dev','int','test','qa','stage','prod')] | |
| [string] $Environment = 'dev' | |
| ) | |
| <# | |
| .SYNOPSIS | |
| Helper script to generate a non-random password for the user | |
| #> | |
| function Get-DecipherablePassword { | |
| param ( | |
| [string] $RandomString, | |
| [string] $Prefix = 'MKE!', | |
| [string] $Suffix = ((Get-Date).Year).ToString() | |
| ) | |
| # Capitalize vowels | |
| $transformed = -join ($randomString.ToCharArray() | ForEach-Object { | |
| switch ($_){ | |
| 'a' {'A'} | |
| 'e' {'E'} | |
| 'i' {'I'} | |
| 'o' {'O'} | |
| 'u' {'U'} | |
| default {$_} | |
| } | |
| }) | |
| # Reverse the string | |
| $reversed = -join ($transformed.ToCharArray()[-1..-($transformed.Length)]) | |
| # Append a static prefix and suffix | |
| $Prefix + $reversed + $Suffix | |
| } | |
| <# | |
| .SYNOPSIS | |
| Helper script to decipher the non-random password based on the user name | |
| #> | |
| function Get-DecipheredPassword { | |
| param ( | |
| [string] $UserName, | |
| [string] $Prefix = 'MKE!', | |
| [string] $Suffix = ((Get-Date).Year).ToString() | |
| ) | |
| $transformed = $UserName.Split('.')[1] | |
| # Reverse the string | |
| $reversed = -join ($transformed.ToCharArray()[-1..-($transformed.Length)]) | |
| # Capitalize vowels | |
| $reversed = -join ($reversed.ToCharArray() | ForEach-Object { | |
| switch ($_){ | |
| 'a' {'A'} | |
| 'e' {'E'} | |
| 'i' {'I'} | |
| 'o' {'O'} | |
| 'u' {'U'} | |
| default {$_} | |
| } | |
| }) | |
| $Prefix + $reversed + $Suffix | |
| } | |
| Try { | |
| Get-ADOrganizationalUnit -Identity $ParentOu -ErrorAction Stop | |
| } | |
| Catch { | |
| Try { | |
| New-ADOrganizationalUnit -Name (($ParentOu -split ',')[0].Substring('OU='.Length)) -Path ($ParentOu.Substring($ParentOu.IndexOf(',')+1)) -ProtectedFromAccidentalDeletion:$false -ErrorAction Stop | |
| } | |
| Catch { | |
| Write-Error "Unable to create parent OU [$ParentOu]." | |
| return | |
| } | |
| } | |
| for ($i = 0; $i -lt $OuCount; $i++) { | |
| $ouName = "{0:D6}" -f ($i + 1) | |
| Write-Verbose "Creating OU [$ouName] in [$ParentOu]..." | |
| New-ADOrganizationalUnit -Name $ouName -Path $ParentOu -ProtectedFromAccidentalDeletion:$false -ErrorAction Stop | |
| $groupPath = "OU=$ouName,$ParentOu" | |
| foreach ($group in $GroupsInEachOu) { | |
| $groupName = "$Environment-$group-$ouName" | |
| New-ADGroup -Name $groupName -Path $groupPath -GroupScope Global -ErrorAction Stop | |
| $randomString = [string](-join ((48..57) + (97..122) | Get-Random -Count 10 | ForEach-Object {[char]$_})) | |
| $decipherablePwd = Get-DecipherablePassword -RandomString $randomString | |
| $adUserList = for ($j = 0; $j -lt $UsersPerGroup; $j++) { | |
| $adUserName = $Environment + '.' + $randomString + '.' + "{0:D3}" -f ($j + 1) | |
| New-ADUser -Name $adUserName -Path $ParentOu -AccountPassword (ConvertTo-SecureString -String $decipherablePwd -AsPlainText -Force) -Enabled $true -Passthru -ErrorAction Stop | |
| } | |
| Add-ADGroupMember -Identity $groupName -Members $adUserList -ErrorAction Stop | |
| } | |
| } |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment