
function New-DelegateAdOU {
            Create New custom delegated AD OU
            Create New custom delegated AD OU, and remove
            some groups as Account Operators and Print Operators
            New-DelegateAdOU OuName OuPath OuDescription ...
            $Splat = @{
                ouPath = 'OU=GOOD,OU=Sites,DC=EguibarIT,DC=local'
                CleanACL = $True
                ouName = 'Computers'
                ouDescription = 'Container for the secure computers'
            New-DelegateAdOU @Splat
        .PARAMETER ouName
            [STRING] Name of the OU
        .PARAMETER ouPath
            [STRING] LDAP path where this ou will be created
        .PARAMETER ouDescription
            [STRING] Full description of the OU
        .PARAMETER ouCity
        .PARAMETER ouCountry
        .PARAMETER ouStreetAddress
        .PARAMETER ouState
        .PARAMETER ouZIPCode
        .PARAMETER strOuDisplayName
        .PARAMETER RemoveAuthenticatedUsers
            [Switch] Remove Authenticated Users. CAUTION! This might affect applying GPO to objects.
        .PARAMETER CleanACL
            [Switch] Remove Specific Non-Inherited ACE and enable inheritance.
            Used Functions:
                Name | Module
                Get-CurrentErrorToDisplay | EguibarIT
                Get-AdOrganizationalUnit | EguibarIT
                Start-AdCleanOU | EguibarIT
                Remove-SpecificACLandEnableInheritance | EguibarIT
            Version: 1.2
            DateModified: 01/Feb/2017
            LasModifiedBy: Vicente Rodriguez Eguibar
                Eguibar Information Technology S.L.

    [CmdletBinding(SupportsShouldProcess = $true, ConfirmImpact = 'Medium')]


    Param (
        # Param1 Site Name
        [Parameter(Mandatory = $true,
            ValueFromPipeline = $true,
            ValueFromPipelineByPropertyName = $true,
            ValueFromRemainingArguments = $false,
            HelpMessage = 'Name of the OU',
            Position = 0)]
        [ValidateLength(2, 50)]

        # Param2 OU DistinguishedName (Path)
        [Parameter(Mandatory = $true,
            ValueFromPipeline = $true,
            ValueFromPipelineByPropertyName = $true,
            ValueFromRemainingArguments = $false,
            HelpMessage = 'LDAP path where this ou will be created',
            Position = 1)]
        [ValidateScript({ Test-IsValidDN -ObjectDN $_ })]
        [Alias('DN', 'DistinguishedName', 'LDAPpath')]

        # Param3 OU Description
        [Parameter(Mandatory = $false,
            ValueFromPipeline = $true,
            ValueFromPipelineByPropertyName = $true,
            ValueFromRemainingArguments = $false,
            HelpMessage = 'Full description of the OU',
            Position = 2)]

        # Param4 OU City
        [Parameter(Mandatory = $false,
            ValueFromPipeline = $true,
            ValueFromPipelineByPropertyName = $true,
            ValueFromRemainingArguments = $false,
            Position = 3)]

        # Param5 OU Country
        [Parameter(Mandatory = $false,
            ValueFromPipeline = $true,
            ValueFromPipelineByPropertyName = $true,
            ValueFromRemainingArguments = $false,
            Position = 4)]

        # Param6 OU Street Address
        [Parameter(Mandatory = $false,
            ValueFromPipeline = $true,
            ValueFromPipelineByPropertyName = $true,
            ValueFromRemainingArguments = $false,
            Position = 5)]

        # Param7 OU State
        [Parameter(Mandatory = $false,
            ValueFromPipeline = $true,
            ValueFromPipelineByPropertyName = $true,
            ValueFromRemainingArguments = $false,
            Position = 6)]

        # Param8 OU Postal Code
        [Parameter(Mandatory = $false,
            ValueFromPipeline = $true,
            ValueFromPipelineByPropertyName = $true,
            ValueFromRemainingArguments = $false,
            Position = 7)]

        # Param9 OU Display Name
        [Parameter(Mandatory = $false,
            ValueFromPipeline = $true,
            ValueFromPipelineByPropertyName = $true,
            ValueFromRemainingArguments = $false,
            Position = 8)]

        #PARAM10 Remove Authenticated Users
        [Parameter(Mandatory = $false,
            ValueFromPipeline = $true,
            ValueFromPipelineByPropertyName = $true,
            ValueFromRemainingArguments = $false,
            HelpMessage = 'Remove Authenticated Users. CAUTION! This might affect applying GPO to objects.',
            Position = 9)]

        #PARAM11 Remove Specific Non-Inherited ACE and enable inheritance
        [Parameter(Mandatory = $false,
            ValueFromPipeline = $true,
            ValueFromPipelineByPropertyName = $true,
            ValueFromRemainingArguments = $false,
            HelpMessage = 'Remove Specific Non-Inherited ACE and enable inheritance.',
            Position = 10)]


    Begin {

        $txt = ($constants.Header -f
            (Get-FunctionDisplay $PsBoundParameters -Verbose:$False)
        Write-Verbose -Message $txt

        # Module imports

        Import-Module -Name 'EguibarIT.DelegationPS' -SkipEditionCheck -Force -Verbose:$false | Out-Null

        # Variables Definition

        # Sites OU Distinguished Name
        $ouNameDN = 'OU={0},{1}' -f $PSBoundParameters['ouName'], $PSBoundParameters['ouPath']

        $OUexists = [Microsoft.ActiveDirectory.Management.ADOrganizationalUnit]::New()
        $Splat = [hashtable]::New([StringComparer]::OrdinalIgnoreCase)
    } #end Begin

    Process {
        if (-not $strOuDisplayName) {
            $strOuDisplayName = $PSBoundParameters['ouName']
        } # End If

        try {
            # Try to get Ou
            $Splat = @{
                Filter      = { distinguishedName -eq $ouNameDN }
                SearchBase  = $Variables.AdDn
                ErrorAction = 'SilentlyContinue'
            $OUexists = Get-ADOrganizationalUnit @Splat

            # Check if OU exists
            If ($OUexists) {
                # OU it does exists
                Write-Warning -Message ('Organizational Unit {0} already exists. Exit the script.' -f $ouNameDN)
            } else {
                Write-Verbose -Message ('Creating the {0} Organizational Unit' -f $PSBoundParameters['ouName'])
                # Create OU
                $Splat = @{
                    Name                            = $ouName
                    Path                            = $PSBoundParameters['ouPath']
                    ProtectedFromAccidentalDeletion = $true

                if ($PSBoundParameters['ouCity']) {
                    $Splat.City = $PSBoundParameters['ouCity']
                if ($PSBoundParameters['ouCountry']) {
                    $Splat.Country = $PSBoundParameters['ouCountry']
                if ($PSBoundParameters['ouDescription']) {
                    $Splat.Description = $PSBoundParameters['ouDescription']
                if ($PSBoundParameters['strOuDisplayName']) {
                    $Splat.DisplayName = $PSBoundParameters['strOuDisplayName']
                if ($PSBoundParameters['ouZIPCode']) {
                    $Splat.PostalCode = $PSBoundParameters['ouZIPCode']
                if ($PSBoundParameters['ouStreetAddress']) {
                    $Splat.StreetAddress = $PSBoundParameters['ouStreetAddress']
                if ($PSBoundParameters['ouState']) {
                    $Splat.State = $PSBoundParameters['ouState']

                if ($PSCmdlet.ShouldProcess("Creating the Organizational Unit '$OuName'")) {
                    $OUexists = New-ADOrganizationalUnit @Splat
            } #end If-Else
        } catch {
            Write-Error -Message ('Error creating OU: {0}' -f $_)
            ###Get-CurrentErrorToDisplay -CurrentError $error[0]
        } #end Try-Catch

        # Remove "Account Operators" and "Print Operators" built-in groups from OU. Any unknown/UnResolvable SID will be removed.
        Start-AdCleanOU -LDAPpath $ouNameDN -RemoveUnknownSIDs

        try {
            if ($PSBoundParameters['CleanACL']) {
                if ($PSCmdlet.ShouldProcess("Removing specific Non-Inherited ACE and enabling inheritance for '$OuName'")) {
                    #Remove-SpecificACLandEnableInheritance -LDAPpath $ouNameDN
                    Revoke-Inheritance -LDAPpath $ouNameDN -RemoveInheritance -KeepPermissions
            } #end If
        } catch {
            Write-Error -Message ('Error cleaning ACL: {0}' -f $_)
        } #end Try-Catch
    } #end Process

    End {
        $txt = ($Constants.Footer -f $MyInvocation.InvocationName,
            'creating new delegated OU.'
        Write-Verbose -Message $txt

        return $OUexists
    } #end End
} #end Function