How to get users from an unique Organizational Unit (not from above or below)

Posted on 2013-09-10
Medium Priority
Last Modified: 2013-09-11
My organizational units and sub organizational units are on the order below:

     3-Disabled Users

organization units order
I have users on "OrganizationUnitTest" which I am NOT interested.
I have users in the sub organizational unit called "Users" which I am interested.
I have users in the sub organizational unit called "Disabled Users" which I am NOT interested.


I need to get users only from sub organizational unit "Users". Not "OrganizationalUnitTest" neither users in the sub sub organizational unit "Disabled Users"

When I run the following command I get users from "Users" but also from "Disabled Users".

Get-User –OrganizationalUnit "OU=Users,OU=OrganizationUnitTest,DC=domain,DC=com"

How can I get users only from the sub organizational unit "Users"?
Question by:osagarana
  • 3
  • 2
LVL 10

Expert Comment

by:Prashant Girennavar
ID: 39481971
Try below code,
import-module activedirectory
 Get-ADUser -Filter * -SearchBase "OU='Disabled Users',ou=Users,dc=domian,dc=com" | Select-Object samaccountname

Open in new window

Let me know if you need any other help.


-Prashant Girennavar.

Author Comment

ID: 39482042
Unfortunately did not work >>

[PS] C:\scripts>import-module activedirectory

[PS] C:\scripts>Get-ADUser -Filter * -SearchBase "OU='Disabled Users',OU=Users,OU=OrganizationUnitTest,DC=domain,DC=com" | Select-Object samaccountname
Get-ADUser : Directory object not found
At line:1 char:11
+ Get-ADUser <<<<  -Filter * -SearchBase "OU='Disabled Users',OU=Users,OU=OrganizationUnitTest,DC=marcnunes,DC=com" | Select-Object samaccountname
    + CategoryInfo          : ObjectNotFound: (:) [Get-ADUser], ADIdentityNotFoundException
    + FullyQualifiedErrorId : Directory object not found,Microsoft.ActiveDirectory.Management.Commands.GetADUser
[PS] C:\scripts>
LVL 10

Expert Comment

by:Prashant Girennavar
ID: 39482062
Login to any domain contoller.

Run first , Import-Module ActiveDirectory

and then you can run get-aduser commandlet.

the error state that , the directory  object is not found , So , make sure to run this command let on domain contoller.

Let me know if you face any issue.


-Prashant Girennavar.

Author Comment

ID: 39482135
Hi Prashant,

The first command I ran was: import-module activedirectory

I am the Exchange Admin and I should not run my scripts from the DCs.
This is the first part of a script that I willcreate to enable mailboxes if the AD user in the sub organizational unit called "Users" have the recipient type equal to "User".

Basically my whole script should look like:

Get-User –OrganizationalUnit "OU=Users,OU=OrganizationUnitTest,DC=domain,DC=com" | Where-Object{$_.RecipientType –eq “User”} | Enable-Mailbox | get-mailbox | select name,windowsemailaddress,database

So far that script is "OK". But the first part >>Get-User –OrganizationalUnit "OU=Users,OU=OrganizationUnitTest,DC=domain,DC=com"<<  shows users in the sub organizational units "Users" and in the sub organizational users called "Disabled Users".

I do not want to work with the sub OU "Disabled Users". I need to concentrate only in the sub OU called "Users".

Exchange 2010 you can run your commands remotely and soon this is fully tested, I will set a task windows to run this every evening.

Thanks for any idea. I am still giving my first steps on Powershell scripting.  ;-)
LVL 10

Accepted Solution

Prashant Girennavar earned 2000 total points
ID: 39482193
Try editing Get-User like below

Get-User –OrganizationalUnit "OU=Users,OU=OrganizationUnitTest,DC=domain,DC=com" | ?{($_.distinguishedname -notlike '*Disabled users*')} | Select-object Samaccountname

Let me know if it works

-Prashant Girennavar.

Featured Post

WEBINAR: GDPR Implemented - Tips & Lessons Learned

Join the WatchGuard team on Thursday, March 29th as we recount some valuable lessons learned in weighing the needs of a business against the new regulatory environment, look ahead at the two months left before implementation, and help you understand the steps you can take today!

Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

Join & Write a Comment

In this post we will be converting StringData saved within a text file into a hash table. This can be further used in a PowerShell script for replacing settings that are dynamic in nature from environment to environment.
After a recent Outlook migration from a 2007 to 2010 environment, some issues with Distribution List owners were realized. In this article, I explain how that was rectified.
Loops Section Overview
Did you know PowerShell can save you time with SaaS platforms? Simply leverage RESTfulAPIs to build your own PowerShell modules. These will kill repetitive tickets and tabs, using the command Invoke-RestMethod. Tune into this webinar to learn how…

619 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question