How to get users from an unique Organizational Unit (not from above or below)

My organizational units and sub organizational units are on the order below:

     3-Disabled Users

organization units order
I have users on "OrganizationUnitTest" which I am NOT interested.
I have users in the sub organizational unit called "Users" which I am interested.
I have users in the sub organizational unit called "Disabled Users" which I am NOT interested.


I need to get users only from sub organizational unit "Users". Not "OrganizationalUnitTest" neither users in the sub sub organizational unit "Disabled Users"

When I run the following command I get users from "Users" but also from "Disabled Users".

Get-User –OrganizationalUnit "OU=Users,OU=OrganizationUnitTest,DC=domain,DC=com"

How can I get users only from the sub organizational unit "Users"?
Who is Participating?
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

Prashant GirennavarCommented:
Try below code,
import-module activedirectory
 Get-ADUser -Filter * -SearchBase "OU='Disabled Users',ou=Users,dc=domian,dc=com" | Select-Object samaccountname

Open in new window

Let me know if you need any other help.


-Prashant Girennavar.
osagaranaAuthor Commented:
Unfortunately did not work >>

[PS] C:\scripts>import-module activedirectory

[PS] C:\scripts>Get-ADUser -Filter * -SearchBase "OU='Disabled Users',OU=Users,OU=OrganizationUnitTest,DC=domain,DC=com" | Select-Object samaccountname
Get-ADUser : Directory object not found
At line:1 char:11
+ Get-ADUser <<<<  -Filter * -SearchBase "OU='Disabled Users',OU=Users,OU=OrganizationUnitTest,DC=marcnunes,DC=com" | Select-Object samaccountname
    + CategoryInfo          : ObjectNotFound: (:) [Get-ADUser], ADIdentityNotFoundException
    + FullyQualifiedErrorId : Directory object not found,Microsoft.ActiveDirectory.Management.Commands.GetADUser
[PS] C:\scripts>
Prashant GirennavarCommented:
Login to any domain contoller.

Run first , Import-Module ActiveDirectory

and then you can run get-aduser commandlet.

the error state that , the directory  object is not found , So , make sure to run this command let on domain contoller.

Let me know if you face any issue.


-Prashant Girennavar.
osagaranaAuthor Commented:
Hi Prashant,

The first command I ran was: import-module activedirectory

I am the Exchange Admin and I should not run my scripts from the DCs.
This is the first part of a script that I willcreate to enable mailboxes if the AD user in the sub organizational unit called "Users" have the recipient type equal to "User".

Basically my whole script should look like:

Get-User –OrganizationalUnit "OU=Users,OU=OrganizationUnitTest,DC=domain,DC=com" | Where-Object{$_.RecipientType –eq “User”} | Enable-Mailbox | get-mailbox | select name,windowsemailaddress,database

So far that script is "OK". But the first part >>Get-User –OrganizationalUnit "OU=Users,OU=OrganizationUnitTest,DC=domain,DC=com"<<  shows users in the sub organizational units "Users" and in the sub organizational users called "Disabled Users".

I do not want to work with the sub OU "Disabled Users". I need to concentrate only in the sub OU called "Users".

Exchange 2010 you can run your commands remotely and soon this is fully tested, I will set a task windows to run this every evening.

Thanks for any idea. I am still giving my first steps on Powershell scripting.  ;-)
Prashant GirennavarCommented:
Try editing Get-User like below

Get-User –OrganizationalUnit "OU=Users,OU=OrganizationUnitTest,DC=domain,DC=com" | ?{($_.distinguishedname -notlike '*Disabled users*')} | Select-object Samaccountname

Let me know if it works

-Prashant Girennavar.

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today

From novice to tech pro — start learning today.