Solved

Find all users in all OU's with a specific Name

Posted on 2013-01-04
11
824 Views
Last Modified: 2013-01-04
Hey all,

I need to find all user objects in all OU's named "TestOU", Domain wide.  There are upward of 60 of these OU's.  

Any suggestions?
0
Comment
Question by:MD187
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 4
  • 4
  • 2
  • +1
11 Comments
 
LVL 40

Expert Comment

by:footech
ID: 38744660
import-module activedirectory
Get-ADUser -filter * | Where { $_.Name -match "TestOU" }

Open in new window

0
 
LVL 12

Expert Comment

by:ibrahim52
ID: 38744663
0
 
LVL 57

Assisted Solution

by:Mike Kline
Mike Kline earned 250 total points
ID: 38744695
There is no way to filter for an OU in an LDAP filter, but that is where a tool like adfind by MVP Joe Richards comes into play

http://www.joeware.net/freetools/tools/adfind/index.htm

adfind -default -incldn TestOU -f "&(objectcategory=person)(objectclass=user)" samaccountname

The -incldn is the key that adfind can provide.  You can also exclude DNs if you want to go down that route.

I created two OUs "TestOU2" and TestOU3 and tested the query above and it found all 10 users I moved to those OUs.

Thanks

Mike
0
What is SQL Server and how does it work?

The purpose of this paper is to provide you background on SQL Server. It’s your self-study guide for learning fundamentals. It includes both the history of SQL and its technical basics. Concepts and definitions will form the solid foundation of your future DBA expertise.

 

Author Comment

by:MD187
ID: 38744704
Not so good with scripting, but learning quickly.  

To be clear,

import-module activedirectory
Get-ADUser -filter * | Where { $_.Name -match "SvcAcnts" }

Will get all the users in all the OU's named SvcAcnts, Domain wide?  The OU's are nested however at all different levels.
0
 
LVL 40

Expert Comment

by:footech
ID: 38744784
I think I may have misunderstood the intent of your question.  My script returns all user accounts named "TestOU" no matter what OU they are in.  But now I think you are asking to find all OU's named "TestOU", and then list all the users which are in those found OUs, correct?
0
 

Author Comment

by:MD187
ID: 38744807
footech,

Correct. all users in any OU named "testOU"
0
 
LVL 57

Expert Comment

by:Mike Kline
ID: 38744831
Did you try the adfind command?

Thanks


Mike
0
 

Author Comment

by:MD187
ID: 38744845
Mike,

Worked like a charm!
0
 
LVL 40

Expert Comment

by:footech
ID: 38744849
Import-Module ActiveDirectory
Get-ADOrganizationalUnit -filter {Name -like "TestOU"} | ForEach { Get-ADUser -filter * -searchBase $_ -searchScope onelevel }

Open in new window


This will return all users that are in any OU named "TestOU", and will not return any users that are in any child OUs of an OU named "TestOU".
0
 

Author Comment

by:MD187
ID: 38744918
Footech,

Can that be modifed to include child OU's?
0
 
LVL 40

Accepted Solution

by:
footech earned 250 total points
ID: 38745060
Yes, simply by modifying the -searchScope parameter to be "subtree" (or you can remove it entirely, as "subtree" is the default).
Import-Module ActiveDirectory
Get-ADOrganizationalUnit -filter {Name -like "TestOU"} | ForEach { Get-ADUser -filter * -searchBase $_ -searchScope subtree }

Open in new window

0

Featured Post

Are You Headed to Black Hat USA 2017?

Getting ready for Black Hat next week? Kick things off with the WatchGuard Badge Challenge and test your puzzle and cipher skills. Do you have what it takes to earn our limited edition Firebox Badge? Get started today - https://crimsonthorn.net

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Recently, Microsoft released a best-practice guide for securing Active Directory. It's a whopping 300+ pages long. Those of us tasked with securing our company’s databases and systems would, ideally, have time to devote to learning the ins and outs…
After seeing many questions for JRNL_WRAP_ERROR for replication failure, I thought it would be useful to write this article.
Microsoft Active Directory, the widely used IT infrastructure, is known for its high risk of credential theft. The best way to test your Active Directory’s vulnerabilities to pass-the-ticket, pass-the-hash, privilege escalation, and malware attacks …
This video shows how to use Hyena, from SystemTools Software, to update 100 user accounts from an external text file. View in 1080p for best video quality.

636 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question