asked on Powershell Script Question for Get-ADUser to Pull only from Specific Organizational Unit (OU)
I want to put the script listed on this page into Production.
In the commentary, the writer says "You could customize this search many ways. Two examples would be to target a specific organizational unit (OU) or maybe a set of accounts that match a name (such as admin accounts)."
I would like to have this script pull only from the Organizational Unit "Users-Groups/Users".
How can I have this line pull only from the Organizational Unit "Users-Groups/Users"?
Get-ADUser -filter {Enabled -eq $True -and PasswordNeverExpires -eq $False ‑and PasswordLastSet -gt 0}
Thanks for your help!
PowershellActive Directory
Last Comment
Tessando
Hi,
I will just add an option/parameter to the solution of oBda:
with the option "-SearchScope" and the parameter "Base" , you can choose to search only in the OU indicated but not in sub-OUs.
Note that the parameter can also be "Subtree" for all sub-OU or "OneLevel".
I will just add an option/parameter to the solution of oBda:
with the option "-SearchScope" and the parameter "Base" , you can choose to search only in the OU indicated but not in sub-OUs.
Note that the parameter can also be "Subtree" for all sub-OU or "OneLevel".
ASKER
@oBda: Thank you for the fast and accurate response. I appreciate that.
I'm getting the following error in Powershell:
Is there a reason why this method wouldn't be supported?
@DEMAN-BARCELO (MVP) Thierry
When I look at the properties of the OU in Active Directory, I see the following Canonical Name:
companyname.org/companyorg/Users-Groups/Users
Therefore I'm using this as the line in the Powershell script:
"OU=Users,OU=Users-Groups,DC=companyorg,DC=companyname,dc=org"
Is this considered a sub-OU? This is the given OU that I'd like to run this script on.
Thanks for all your help!
I'm getting the following error in Powershell:
Get-ADUser : Cannot convert 'System.Object[]' to the type 'System.String' required by parameter 'SearchBase'. Specified method is not supported.
Is there a reason why this method wouldn't be supported?
@DEMAN-BARCELO (MVP) Thierry
When I look at the properties of the OU in Active Directory, I see the following Canonical Name:
companyname.org/companyorg/Users-Groups/Users
Therefore I'm using this as the line in the Powershell script:
"OU=Users,OU=Users-Groups,DC=companyorg,DC=companyname,dc=org"
Is this considered a sub-OU? This is the given OU that I'd like to run this script on.
Thanks for all your help!
Seems like you didn't put quotes around the DN.
Powershell then treats the commas as array element separator and assumes you're passing multiple strings.
And if the canonical name is "companyname.org/companyor
"DC" is "Domain Component", so that's the DNS part.
Powershell then treats the commas as array element separator and assumes you're passing multiple strings.
And if the canonical name is "companyname.org/companyor
"DC" is "Domain Component", so that's the DNS part.
Yes, "OU=Users,OU=Users-Groups,
But, it can be the parameter of "searchbase". It means the start of your search.
Now, if this (sub-)OU contains other sub-Ous, you can choose to do the search in all this hierarchy or not.
But, it can be the parameter of "searchbase". It means the start of your search.
Now, if this (sub-)OU contains other sub-Ous, you can choose to do the search in all this hierarchy or not.
ASKER
I did have one "DC" listed as an "OU". Thanks for the sanity check, oBda.
Where I'm scratching my head is that Powershell is saying the error is occurring at ..."*.ps1:25 char:125
Here is the exact line pasted (via the Powershell IDE) directly into EE:
Question 1: Do spaces count as characters?
Question 2: Is the character " not being recognized by Powershell? If so, is there an alternative I can use?
Thank you for your help today. I greatly appreciate it.
Where I'm scratching my head is that Powershell is saying the error is occurring at ..."*.ps1:25 char:125
Here is the exact line pasted (via the Powershell IDE) directly into EE:
$users = Get-ADUser -filter {Enabled -eq $True -and PasswordNeverExpires -eq $False ‑and PasswordLastSet -gt 0} -SearchBase "OU=Users,OU=Users-Groups,OU=*****org,DC=********,DC=org", `
Question 1: Do spaces count as characters?
Question 2: Is the character " not being recognized by Powershell? If so, is there an alternative I can use?
Thank you for your help today. I greatly appreciate it.
ASKER CERTIFIED SOLUTION
THIS SOLUTION ONLY AVAILABLE TO MEMBERS.
View this solution by signing up for a free trial.
Members can start a 7-Day free trial and enjoy unlimited access to the platform.
ASKER
Thank you, that solved the issue of pulling from a specific OU. I'm hitting another challenge, but it's with the script and out of the context of this question. Thank you so much for the guidance! I appreciate your help.
Happy Holidays!
Happy Holidays!
Open in new window
This has examples for the search base:Get-ADUser
https://docs.microsoft.com/en-us/powershell/module/activedirectory/get-aduser?view=windowsserver2016-ps
If in doubt, you can always get the DN by using the ADUC console; enable the Advanced View, open the properties of the object, go to the "Attributes" tab, and check/copy the distinguishedName attribute.