Solved

Find all users in all OU's with a specific Name

Posted on 2013-01-04
11
822 Views
Last Modified: 2013-01-04
Hey all,

I need to find all user objects in all OU's named "TestOU", Domain wide.  There are upward of 60 of these OU's.  

Any suggestions?
0
Comment
Question by:MD187
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 4
  • 4
  • 2
  • +1
11 Comments
 
LVL 40

Expert Comment

by:footech
ID: 38744660
import-module activedirectory
Get-ADUser -filter * | Where { $_.Name -match "TestOU" }

Open in new window

0
 
LVL 12

Expert Comment

by:ibrahim52
ID: 38744663
0
 
LVL 57

Assisted Solution

by:Mike Kline
Mike Kline earned 250 total points
ID: 38744695
There is no way to filter for an OU in an LDAP filter, but that is where a tool like adfind by MVP Joe Richards comes into play

http://www.joeware.net/freetools/tools/adfind/index.htm

adfind -default -incldn TestOU -f "&(objectcategory=person)(objectclass=user)" samaccountname

The -incldn is the key that adfind can provide.  You can also exclude DNs if you want to go down that route.

I created two OUs "TestOU2" and TestOU3 and tested the query above and it found all 10 users I moved to those OUs.

Thanks

Mike
0
Office 365 Training for IT Pros

Learn how to provision tenants, synchronize on-premise Active Directory, implement Single Sign-On, customize Office deployment, and protect your organization with eDiscovery and DLP policies.  Only from Platform Scholar.

 

Author Comment

by:MD187
ID: 38744704
Not so good with scripting, but learning quickly.  

To be clear,

import-module activedirectory
Get-ADUser -filter * | Where { $_.Name -match "SvcAcnts" }

Will get all the users in all the OU's named SvcAcnts, Domain wide?  The OU's are nested however at all different levels.
0
 
LVL 40

Expert Comment

by:footech
ID: 38744784
I think I may have misunderstood the intent of your question.  My script returns all user accounts named "TestOU" no matter what OU they are in.  But now I think you are asking to find all OU's named "TestOU", and then list all the users which are in those found OUs, correct?
0
 

Author Comment

by:MD187
ID: 38744807
footech,

Correct. all users in any OU named "testOU"
0
 
LVL 57

Expert Comment

by:Mike Kline
ID: 38744831
Did you try the adfind command?

Thanks


Mike
0
 

Author Comment

by:MD187
ID: 38744845
Mike,

Worked like a charm!
0
 
LVL 40

Expert Comment

by:footech
ID: 38744849
Import-Module ActiveDirectory
Get-ADOrganizationalUnit -filter {Name -like "TestOU"} | ForEach { Get-ADUser -filter * -searchBase $_ -searchScope onelevel }

Open in new window


This will return all users that are in any OU named "TestOU", and will not return any users that are in any child OUs of an OU named "TestOU".
0
 

Author Comment

by:MD187
ID: 38744918
Footech,

Can that be modifed to include child OU's?
0
 
LVL 40

Accepted Solution

by:
footech earned 250 total points
ID: 38745060
Yes, simply by modifying the -searchScope parameter to be "subtree" (or you can remove it entirely, as "subtree" is the default).
Import-Module ActiveDirectory
Get-ADOrganizationalUnit -filter {Name -like "TestOU"} | ForEach { Get-ADUser -filter * -searchBase $_ -searchScope subtree }

Open in new window

0

Featured Post

Best Practices: Disaster Recovery Testing

Besides backup, any IT division should have a disaster recovery plan. You will find a few tips below relating to the development of such a plan and to what issues one should pay special attention in the course of backup planning.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Title # Comments Views Activity
Domain controller sizing 7 62
Powershell WPF, Redirection Issue 2 30
Get-PSDrive results 2 24
active directory 3 26
This article demonstrates probably the easiest way to configure domain-wide tier isolation within Active Directory. If you do not know tier isolation read https://technet.microsoft.com/en-us/windows-server-docs/security/securing-privileged-access/s…
Had a business requirement to store the mobile number in an environmental variable. This is just a quick article on how this was done.
This tutorial will walk an individual through the process of transferring the five major, necessary Active Directory Roles, commonly referred to as the FSMO roles to another domain controller. Log onto the new domain controller with a user account t…
This tutorial will walk an individual through the process of configuring their Windows Server 2012 domain controller to synchronize its time with a trusted, external resource. Use Google, Bing, or other preferred search engine to locate trusted NTP …

752 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question