Solved

LDAP query to return list of sub-OUs?

Posted on 2009-07-15
6
1,272 Views
Last Modified: 2013-12-24
Is it possible to use an LDAP query to return the list of 2nd level OU's within "Alphabet" below? If so, what would that query look like?

OU=Alphabet
   |- OU=A
         |- OU=Green
   |- OU=B
   |- OU=C
         |- OU=Yellow
   |- OU=D
OU=Numbers
   |- OU=Five

So I would just want a list of A, B, C, D returned by the query. The LDAP source is Active Directory 2003. I'm only after the names of the OU's, not anything inside of or below them.
0
Comment
Question by:jessc7
  • 3
  • 3
6 Comments
 
LVL 70

Accepted Solution

by:
Chris Dent earned 500 total points
ID: 24863536

Afraid not, you can have a filter return OUs ("(objectClass=organizationalUnit)"), and OUs with specific names ("(&(objectClass=organizationalUnit)(name=A))"), but only second level, or a range of names is a bit beyond Ldap Filters.

It could be scripted pretty easily if you need to.

Chris
0
 
LVL 16

Author Comment

by:jessc7
ID: 24863644
In effect, what would the script do? Would a script see the returned OU's as arrays, and be able to easily determine the '2nd level' OU's that way?
0
 
LVL 70

Assisted Solution

by:Chris Dent
Chris Dent earned 500 total points
ID: 24863694

That would be a reasonable enough approach.

I like PowerShell, so I'd probably do...

Get-QADObject -LdapFilter "(objectClass=organizationalUnit)" | ?{ $_.DN.Split(",").Count -eq 4 }

Where 4 is made up of 2 elements of OU names, and 2 elements of domain name. It would find:

OU=SecondLevel,OU=FirstLevel,DC=domain,DC=com

But not FirstLevel or ThirdLevel.

Chris
0
PRTG Network Monitor: Intuitive Network Monitoring

Network Monitoring is essential to ensure that computer systems and network devices are running. Use PRTG to monitor LANs, servers, websites, applications and devices, bandwidth, virtual environments, remote systems, IoT, and many more. PRTG is easy to set up & use.

 
LVL 16

Author Comment

by:jessc7
ID: 24863934
I'm still new on Powershell. Would your example return only one OU, or would it return all at the second level? So back to my original scenario I would be looking to dynamically return a list of:

OU=A,OU=Alphabet,DC=domain,DC=com
OU=B,OU=Alphabet,DC=domain,DC=com
OU=C,OU=Alphabet,DC=domain,DC=com
OU=D,OU=Alphabet,DC=domain,DC=com

And ultimately I am wanting to get at the values of A, B, C, D.
0
 
LVL 70

Assisted Solution

by:Chris Dent
Chris Dent earned 500 total points
ID: 24863984
It would return all of those as an array of objects. You might tag Select-Object onto the end like this:

Get-QADObject -LdapFilter "(objectClass=organizationalUnit)" | `
  ?{ $_.DN.Split(",").Count -eq 4 } | `
  Select-Object Name, DN

Which would give you the simple OU name as well as the DN as you have it above.

Get-QADObject is part of Quest's CmdLet set which can be downloaded here:

http://www.quest.com/activeroles-server/arms.aspx

There's more available than shown with the select, if you wanted to see the full list of properties available for each OU you could run:

Get-QADObject -LdapFilter "(objectClass=organizationalUnit)" | `
  ?{ $_.DN.Split(",").Count -eq 4 } | `
  Format-List *

Chris
0
 
LVL 16

Author Closing Comment

by:jessc7
ID: 31603967
Thanks for the feedback, and scripting example for an alternative
0

Featured Post

PRTG Network Monitor: Intuitive Network Monitoring

Network Monitoring is essential to ensure that computer systems and network devices are running. Use PRTG to monitor LANs, servers, websites, applications and devices, bandwidth, virtual environments, remote systems, IoT, and many more. PRTG is easy to set up & use.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Restoring deleted objects in Active Directory has been a standard feature in Active Directory for many years, yet some admins may not know what is available.
Last week, our Skyport webinar on “How to secure your Active Directory” (https://www.experts-exchange.com/videos/5810/Webinar-Is-Your-Active-Directory-as-Secure-as-You-Think.html?cid=Gene_Skyport) provided 218 attendees with a step-by-step guide for…
This tutorial will walk an individual through the steps necessary to join and promote the first Windows Server 2012 domain controller into an Active Directory environment running on Windows Server 2008. Determine the location of the FSMO roles by lo…
This tutorial will walk an individual through the process of transferring the five major, necessary Active Directory Roles, commonly referred to as the FSMO roles from a Windows Server 2008 domain controller to a Windows Server 2012 domain controlle…

832 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question