Query AD for all computers in an OU with name like

Hello experts!

I'm looking for a way to query Active Directory to list all computer accounts that exist under an OU named "MBE"

Our OU structure is like this...

OU: Company1
SubOU: Computers
SubOU: MBE

OU:  Company2
SubOU: Computers
SubOU: MBE

OU:  Company3
SubOU: Computers
SubOU: MBE

All in all there are 33 OU's named 'MBE' but they are all nested under other OU's.

How can I query for a list of all computers that are in an 'MBE' OU?
IrrylynAsked:
Who is Participating?
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

becraigCommented:
dsquery computer ou=mbeou=computers,dc=domain,dc=tld -scope onelevel
0
Will SzymkowskiSenior Solution ArchitectCommented:
Use the following command in Powershell to accomplish this. This command is based on top level OU. So you just need to change the OU=Company1 to OU=Company2 to get the objects from the other MBE sub OU's.

Get-Adcomputer -filter * -searchbase "OU=MBE,OU=Company1,DC=yourdomain,DC=com" | ft name

Thanks

Will.
0
Mike KlineCommented:
Joe Richards makes a great tool called adfind that can help here.  His -incldn switch is the key

http://www.joeware.net/freetools/tools/adfind/

adfind -default -f "objectcategory=computer" name -incldn MBE



Thanks

Mike
0
Do You Have a Trusted Wireless Environment?

A Trusted Wireless Environment is a framework for building a complete Wi-Fi network that is fast, easy to manage, and secure.

footechCommented:
Here you go.  If you need to limit it to just the MBE OUs (and not any of their sub-OUs), then you can add the -searchscope parameter to Get-ADComputer and set it to "OneLevel".
Get-ADOrganizationalUnit -filter {name -eq "MBE"} | Select -ExpandProperty DistinguishedName | ForEach { Get-ADComputer -filter * -SearchBase $_ }

Open in new window

0
IrrylynAuthor Commented:
becraig:  ty, but I dont think that will search multiple OUs
Spec01:  ty, but with 33 different OU's in different locations named 'MBE' I'd have to modify that 33 times.  I may as well just go to each OU manually and export the list.

mkline71:  I'll check that link out and let you know

footech:  A couple of questions..  Our domain has 100k+ computer accounts.  My location only has about 10k.  I have rights to view all 100k.  If I ran this PS as-is, would it search the whole domain or can I set it only to search the OU for my location?
Also, can you export the results into a txt or csv or xlsx?
0
Mike KlineCommented:
followups from adfind

1.  If you just wanted to look at a top level OU you can use a searchbase

adfind -b "DN of OU you want to start at" -f "objectcategory=computer" name -incldn MBE

You can export to CSV with the -csv switch

adfind -b "DN of OU you want to start at" -f "objectcategory=computer" name -incldn MBE -csv >  computers.csv

Thanks

Mike
0
footechCommented:
If you only want to get OUs that are children of a particular OU, then you can add the -searchbase parameter to Get-ADOrganizationalUnit and set it to the DN of that OU.  It's also easy to export this to a .CSV.  If want to change what properties are included in the .CSV, just adjust the Select-Object (Select is an alias) command before the export (only Name is included now).
$startOU = "OU=east,DC=domain,domain=com"
Get-ADOrganizationalUnit -filter {name -eq "MBE"} -searchbase $startOU |
 Select -ExpandProperty DistinguishedName |
 ForEach { Get-ADComputer -filter * -SearchBase $_ } |
 Select Name |
 Export-CSV computerlist.csv -notype

Open in new window

0

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
Ben Personick (Previously QCubed)Lead Network EngineerCommented:
The very first post was nearly there on the easiest way of doing this, they just needed to amend to search every OU that is MBE instead of only the ones you specify; this should do that:
 DSQuery OU forestroot -o dn -name "MBE" -limit 0 | DSQuery computer -o samid -limit 0

Open in new window

If you want to know which OU each set of computers is in, we will need to amend it slightly to this:
 FOR /F "Tokens=*" %O IN ('DSQuery OU forestroot -o dn -name "MBE" -limit 0') DO ( ECHO.&ECHO.Checking OU: "%~O" & DSQuery computer "%~O" -o samid -limit 0 )

Open in new window

0
IrrylynAuthor Commented:
Thank you all very good advice and tips.  I am going with powershell.

footech:  I almost have it but it's not giving me any descriptions.  Do I need to select-object or something for the description?:

$startOU = "OU=Region,OU=State,OU=City,OU=Installations,DC=nanw,DC=jk,DC=bronet,DC=mil"
Get-ADOrganizationalUnit -filter {name -eq "MBE"} -searchbase $startOU |
 Select -ExpandProperty DistinguishedName |
 ForEach { Get-ADComputer -filter * -SearchBase $_ } |
 Select Name,Description |
 Export-CSV computerlist.csv -notype
0
footechCommented:
Oops, left this part out.  Get-ADComputer only retrieves a limited set of properties by default.
DistinguishedName :
DNSHostName       :
Enabled           :
Name              :
ObjectClass       :
ObjectGUID        :
SamAccountName    :
SID               :
UserPrincipalName :
PropertyNames     :
PropertyCount     :

If you want any others you have to specify them with the -properties parameter.  You could just do -properties *, but returning all properties is more resource intensive so it's best to just specify whichever ones you want.  In your case you could modify the command to be
Get-ADComputer -filter * -SearchBase $_ -properties Description
0
IrrylynAuthor Commented:
Beautiful.  Final result:

$startOU = "OU=Region,OU=State,OU=City,OU=Installations,DC=nanw,DC=jk,DC=bronet,DC=mil"
Get-ADOrganizationalUnit -filter {name -eq "MBE"} -searchbase $startOU |
 Select -ExpandProperty DistinguishedName |
 ForEach { Get-ADComputer -filter * -SearchBase $_ -properties Description,DistinguishedName } |
 Select-object -property Name,Description,DistinguishedName |
 Export-CSV computerlist.csv -notype
0
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Active Directory

From novice to tech pro — start learning today.