?
Solved

Find all users in all OU's with a specific Name

Posted on 2013-01-04
11
Medium Priority
?
829 Views
Last Modified: 2013-01-04
Hey all,

I need to find all user objects in all OU's named "TestOU", Domain wide.  There are upward of 60 of these OU's.  

Any suggestions?
0
Comment
Question by:MD187
  • 4
  • 4
  • 2
  • +1
11 Comments
 
LVL 41

Expert Comment

by:footech
ID: 38744660
import-module activedirectory
Get-ADUser -filter * | Where { $_.Name -match "TestOU" }

Open in new window

0
 
LVL 12

Expert Comment

by:ibrahim52
ID: 38744663
0
 
LVL 57

Assisted Solution

by:Mike Kline
Mike Kline earned 1000 total points
ID: 38744695
There is no way to filter for an OU in an LDAP filter, but that is where a tool like adfind by MVP Joe Richards comes into play

http://www.joeware.net/freetools/tools/adfind/index.htm

adfind -default -incldn TestOU -f "&(objectcategory=person)(objectclass=user)" samaccountname

The -incldn is the key that adfind can provide.  You can also exclude DNs if you want to go down that route.

I created two OUs "TestOU2" and TestOU3 and tested the query above and it found all 10 users I moved to those OUs.

Thanks

Mike
0
Creating Active Directory Users from a Text File

If your organization has a need to mass-create AD user accounts, watch this video to see how its done without the need for scripting or other unnecessary complexities.

 

Author Comment

by:MD187
ID: 38744704
Not so good with scripting, but learning quickly.  

To be clear,

import-module activedirectory
Get-ADUser -filter * | Where { $_.Name -match "SvcAcnts" }

Will get all the users in all the OU's named SvcAcnts, Domain wide?  The OU's are nested however at all different levels.
0
 
LVL 41

Expert Comment

by:footech
ID: 38744784
I think I may have misunderstood the intent of your question.  My script returns all user accounts named "TestOU" no matter what OU they are in.  But now I think you are asking to find all OU's named "TestOU", and then list all the users which are in those found OUs, correct?
0
 

Author Comment

by:MD187
ID: 38744807
footech,

Correct. all users in any OU named "testOU"
0
 
LVL 57

Expert Comment

by:Mike Kline
ID: 38744831
Did you try the adfind command?

Thanks


Mike
0
 

Author Comment

by:MD187
ID: 38744845
Mike,

Worked like a charm!
0
 
LVL 41

Expert Comment

by:footech
ID: 38744849
Import-Module ActiveDirectory
Get-ADOrganizationalUnit -filter {Name -like "TestOU"} | ForEach { Get-ADUser -filter * -searchBase $_ -searchScope onelevel }

Open in new window


This will return all users that are in any OU named "TestOU", and will not return any users that are in any child OUs of an OU named "TestOU".
0
 

Author Comment

by:MD187
ID: 38744918
Footech,

Can that be modifed to include child OU's?
0
 
LVL 41

Accepted Solution

by:
footech earned 1000 total points
ID: 38745060
Yes, simply by modifying the -searchScope parameter to be "subtree" (or you can remove it entirely, as "subtree" is the default).
Import-Module ActiveDirectory
Get-ADOrganizationalUnit -filter {Name -like "TestOU"} | ForEach { Get-ADUser -filter * -searchBase $_ -searchScope subtree }

Open in new window

0

Featured Post

Concerto Cloud for Software Providers & ISVs

Can Concerto Cloud Services help you focus on evolving your application offerings, while delivering the best cloud experience to your customers? From DevOps to revenue models and customer support, the answer is yes!

Learn how Concerto can help you.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Let's recap what we learned from yesterday's Skyport Systems webinar.
Measuring Server's processing rate with a simple powershell command. The differences in processing rate also was recorded in different use-cases, when a server in free and busy states.
This tutorial will walk an individual through the steps necessary to join and promote the first Windows Server 2012 domain controller into an Active Directory environment running on Windows Server 2008. Determine the location of the FSMO roles by lo…
Microsoft Active Directory, the widely used IT infrastructure, is known for its high risk of credential theft. The best way to test your Active Directory’s vulnerabilities to pass-the-ticket, pass-the-hash, privilege escalation, and malware attacks …

569 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question