Bird
Raised Fist0
PowerShellscripting~5 mins

Organizational unit operations in PowerShell - Cheat Sheet & Quick Revision

Choose your learning style10 modes available
LearnWhyDeepVisualTryChallengeProjectRecallTime

Start learning this pattern below

Jump into concepts and practice - no test required

or
Recommended
Test this pattern10 questions across easy, medium, and hard to know if this pattern is strong
Recall & Review
beginner
What is an Organizational Unit (OU) in Active Directory?
An Organizational Unit (OU) is a container within Active Directory used to organize users, groups, computers, and other OUs. It helps manage and apply policies easily.
Click to reveal answer
beginner
How do you create a new OU using PowerShell?
Use the cmdlet <code>New-ADOrganizationalUnit -Name &lt;OUName&gt; -Path &lt;ParentPath&gt;</code> to create a new OU under a specified path.
Click to reveal answer
intermediate
Which PowerShell cmdlet is used to move an OU to a different location?
The cmdlet <code>Move-ADObject</code> is used to move an OU or other AD objects to a new path.
Click to reveal answer
intermediate
How can you delete an OU using PowerShell?
Use Remove-ADOrganizationalUnit -Identity <OU_DistinguishedName> -Recursive to delete an OU and all its child objects.
Click to reveal answer
beginner
What does the -Recursive parameter do when deleting an OU?
It deletes the OU and all objects inside it, including child OUs, users, and groups. Without it, the OU must be empty to delete.
Click to reveal answer
Which cmdlet creates a new Organizational Unit in PowerShell?
ARemove-ADOrganizationalUnit
BNew-ADOrganizationalUnit
CSet-ADOrganizationalUnit
DNew-ADUser
What parameter is needed to delete an OU with all its contents?
A-Recursive
B-Force
C-Confirm
D-Recurse
Which cmdlet moves an OU to a new location?
ASet-ADOrganizationalUnit
BMove-ADOrganizationalUnit
CRename-ADOrganizationalUnit
DMove-ADObject
What is the minimum requirement to delete an OU without using -Recursive?
AOU must be empty
BOU must have at least one user
COU must be the root OU
DOU must be locked
Which cmdlet would you use to rename an OU?
ANew-ADOrganizationalUnit
BSet-ADOrganizationalUnit
CRename-ADObject
DMove-ADObject
Explain how to create, move, and delete an Organizational Unit using PowerShell.
Think about the cmdlets for creating, moving, and deleting OUs.
You got /3 concepts.
    Describe what happens when you delete an OU with the -Recursive parameter.
    Consider the difference between deleting with and without -Recursive.
    You got /3 concepts.

      Practice

      (1/5)
      1. What is the primary purpose of an Organizational Unit (OU) in Active Directory?
      easy
      A. To organize and group network resources like users and computers
      B. To store files and folders on a server
      C. To manage internet access for users
      D. To create backup copies of data

      Solution

      1. Step 1: Understand what an OU is

        An OU is a container in Active Directory used to organize objects like users and computers.

      2. Step 2: Identify OU's main role

        Its main role is grouping and organizing network resources for easier management.

      3. Final Answer:

        To organize and group network resources like users and computers -> Option A

      4. Quick Check:

        OU purpose = Organize resources [OK]
      Hint: Remember: OU groups users and computers, not files [OK]
      Common Mistakes:
      • Confusing OU with file storage
      • Thinking OU manages internet access
      • Assuming OU is for backups
      2. Which PowerShell command is used to create a new Organizational Unit named 'Sales' in the domain 'contoso.com'?
      easy
      A. Add-OrganizationalUnit -Name 'Sales' -Domain 'contoso.com'
      B. New-ADOrganizationalUnit -Name 'Sales' -Path 'DC=contoso,DC=com'
      C. Create-OU -Name 'Sales' -Domain 'contoso.com'
      D. New-OU -Name 'Sales' -Path 'contoso.com'

      Solution

      1. Step 1: Identify the correct cmdlet for creating an OU

        The correct cmdlet is New-ADOrganizationalUnit for creating OUs in Active Directory.

      2. Step 2: Check parameters for domain path and name

        The -Name parameter sets the OU name, and -Path specifies the distinguished name path like 'DC=contoso,DC=com'.

      3. Final Answer:

        New-ADOrganizationalUnit -Name 'Sales' -Path 'DC=contoso,DC=com' -> Option B

      4. Quick Check:

        Create OU cmdlet = New-ADOrganizationalUnit [OK]
      Hint: Use New-ADOrganizationalUnit with -Name and -Path [OK]
      Common Mistakes:
      • Using non-existent cmdlets like Create-OU
      • Incorrect domain path format
      • Confusing Add-OrganizationalUnit with New-ADOrganizationalUnit
      3. What will be the output of this PowerShell command?
      Get-ADOrganizationalUnit -Filter 'Name -like "HR*"' | Select-Object Name
      medium
      A. Lists all OUs with names exactly 'HR*'
      B. Lists all OUs with names containing 'HR' anywhere
      C. Lists all OUs with names starting with 'HR'
      D. Returns an error due to incorrect filter syntax

      Solution

      1. Step 1: Understand the filter syntax

        The filter 'Name -like "HR*"' matches OU names starting with 'HR'. The asterisk (*) is a wildcard for any characters after 'HR'.

      2. Step 2: Analyze the command output

        The command gets OUs matching the filter and selects only their Name property, so it lists names starting with 'HR'.

      3. Final Answer:

        Lists all OUs with names starting with 'HR' -> Option C

      4. Quick Check:

        Filter 'HR*' = names starting with HR [OK]
      Hint: '-like "HR*"' means names starting with HR [OK]
      Common Mistakes:
      • Thinking it matches names containing 'HR' anywhere
      • Assuming exact match with 'HR*'
      • Believing the command causes an error
      4. You run this command to rename an OU:
      Rename-ADObject -Identity 'Marketing' -NewName 'Sales'

      But it fails with an error. What is the likely cause?
      medium
      A. The Identity parameter requires the OU's distinguished name, not just the OU name
      B. Rename-ADObject cannot rename OUs, only users
      C. The NewName parameter must be the full distinguished name
      D. You need to use Move-ADObject instead of Rename-ADObject

      Solution

      1. Step 1: Check the Identity parameter format

        The Identity parameter needs the full distinguished name (DN) of the OU, but 'Marketing' is just the OU name, not the full DN like 'OU=Marketing,DC=contoso,DC=com'.

      2. Step 2: Consider common errors

        If the command fails, it's likely a syntax issue with the Identity not being resolvable without the full DN.

      3. Step 3: Analyze options

        The Identity parameter requires the OU's distinguished name, not just the OU name is correct because Identity requires the full DN, not just the OU name. Rename-ADObject cannot rename OUs, only users is wrong because Rename-ADObject can rename OUs. The NewName parameter must be the full distinguished name is wrong because NewName is just the new OU name, not full DN. You need to use Move-ADObject instead of Rename-ADObject is wrong because Move-ADObject moves objects, not renames.

      4. Final Answer:

        The Identity parameter requires the OU's distinguished name, not just the OU name -> Option A

      5. Quick Check:

        Rename-ADObject Identity = full DN [OK]
      Hint: Use full distinguished name for -Identity in Rename-ADObject [OK]
      Common Mistakes:
      • Using only OU name instead of full DN for Identity
      • Confusing rename with move commands
      • Providing full DN for NewName parameter
      5. You want to move all OUs under 'OU=OldDept,DC=contoso,DC=com' to 'OU=NewDept,DC=contoso,DC=com' using PowerShell. Which script correctly performs this operation?
      hard
      A. Rename-ADObject -Identity 'OU=OldDept,DC=contoso,DC=com' -NewName 'NewDept'
      B. Move-ADObject -Identity 'OU=OldDept,DC=contoso,DC=com' -TargetPath 'OU=NewDept,DC=contoso,DC=com'
      C. Get-ADOrganizationalUnit -Filter * | Move-ADObject -TargetPath 'OU=NewDept,DC=contoso,DC=com'
      D. Get-ADOrganizationalUnit -SearchBase 'OU=OldDept,DC=contoso,DC=com' | ForEach-Object { Move-ADObject -Identity $_.DistinguishedName -TargetPath 'OU=NewDept,DC=contoso,DC=com' }

      Solution

      1. Step 1: Understand the goal

        You want to move all OUs inside 'OldDept' to 'NewDept', not just rename or move 'OldDept' itself.

      2. Step 2: Analyze each option

        Get-ADOrganizationalUnit -SearchBase 'OU=OldDept,DC=contoso,DC=com' | ForEach-Object { Move-ADObject -Identity $_.DistinguishedName -TargetPath 'OU=NewDept,DC=contoso,DC=com' } gets all OUs under 'OldDept' and moves each to 'NewDept' using a loop, which is correct.
        Move-ADObject -Identity 'OU=OldDept,DC=contoso,DC=com' -TargetPath 'OU=NewDept,DC=contoso,DC=com' tries to move 'OldDept' itself, not its child OUs.
        Get-ADOrganizationalUnit -Filter * | Move-ADObject -TargetPath 'OU=NewDept,DC=contoso,DC=com' moves all OUs in the domain, not just under 'OldDept'.
        Rename-ADObject -Identity 'OU=OldDept,DC=contoso,DC=com' -NewName 'NewDept' renames 'OldDept' to 'NewDept', not moving child OUs.

      3. Final Answer:

        Get-ADOrganizationalUnit -SearchBase 'OU=OldDept,DC=contoso,DC=com' | ForEach-Object { Move-ADObject -Identity $_.DistinguishedName -TargetPath 'OU=NewDept,DC=contoso,DC=com' } -> Option D

      4. Quick Check:

        Loop over OUs under OldDept and move each [OK]
      Hint: Use Get-ADOrganizationalUnit with ForEach-Object and Move-ADObject [OK]
      Common Mistakes:
      • Moving only the parent OU instead of child OUs
      • Moving all OUs in domain unintentionally
      • Using Rename-ADObject instead of Move-ADObject