November 12, 2017 at 9:29 am

Greetings!

I've recently decided to make a concerted effort to expand my skill set in Powershell. To that end, I've been searching on the Internet for some challenges to do in my free time. The current one I'm working on is as follows:

Create a script that searches for user accounts in each OU in the domain. For each OU that contains user accounts, display the OU name heading followed by a list of user accounts.

Your output should look similar to the following:
Customer Support Users
———————-
John Doe XVI

Finance Users
————-
Jane Doe

Where I'm At Right Now:
>> I'm able to get a list of users using either Get-ADUser or Get-ADObject and I can kinda get the OU by selecting CanonicalName or DistinguishedName, though it's obviously buried.
>> I'm able to get a list of OU's with Get-ADOrganizationalUnit.

The issue I'm having is that I can't quite figure out how to format the list in the way its being presented in the challenge.

Judging from the research I've done online thus far, I have this icky feeling that I may need to use RegEx to extract JUST the name of the OU from the user's CN or DN string.

I would appreciate any help that anyone is willing to provide. Thanks in advance for your assistance and valuable time!

Regards,
~Will~

November 12, 2017 at 1:44 pm

Hmmm .... that it is possible does not mean it is useful. 😉

Most of the time we use Powershell scripts for a particular purpose. (At least me) And also most of the time the data collected should be processed afterwards or at least should be in a format that you can do further steps with it. If that's the case you could simply output the user names including their OU. If you just want to play around a little you could start with

Get-ADUser -Filter * -OutVariable AllUsers

Now you have all you need in a variable $AllUsers and you can start playing around with this data.
You could output only the names and the Distinguished names like this:

$AllUsers | Select-Object -Property Name,DistinguishedName

Or you could make it a little more "sophisticated" and "build" the OU from the Distinguished Name like this:

$AllUsers | Select-Object -Property Name,@{n='OU';e={$_.distinguishedname -replace '^.+?,(CN|OU.+)','$1'}}

Now you could group these information by OU like this

$AllUsers | Select-Object -Property Name,@{n='OU';e={$_.distinguishedname -replace '^.+?,(CN|OU.+)','$1'}} | Group-Object -Property OU

... or you could store all this in a csv file for later use, or .., or ... , or ...

November 12, 2017 at 7:05 pm

Hi Will,
Just a hint – you can set a searchbase on Get-ADUser. So if you've got a list of OUs you can iterate over it and search each one to produce your list. No regex required.

Stuart.

November 15, 2017 at 12:38 pm

You can try the following command to get user accounts in each OU in the domain.

$BaseOU = "ou=Employees,dc=domain,dc=com"
$DNs = (Get-ADOrganizationalUnit -Filter * –SearchBase $BaseOU | `
Select DistinguishedName)
”” | out-file c:\temp\count.txt
foreach ($DN in $DNs) {
$DN | Out-File C:\temp\count.txt -append
(get-aduser -filter * -SearchBase $DN.DistinguishedName).count | `
Out-File c:\temp\count.txt -append
}
[edited to make it more readable]

Get list of AD users in an OU

import-module ActiveDirectory

$ADUserParams=@{
'Server' = 'remote.domain.com'
'Searchbase' = 'OU=users,DC=remote,DC=domain,DC=com'
'Searchscope'= 'Subtree'
'Filter' = '*'
'Properties' = '*'
}

#This is where to change if different properties are required.

$SelectParams=@{
'Property' = 'SAMAccountname', 'CN', 'title', 'DisplayName', 'Description', 'EmailAddress', 'mobilephone',@{name='businesscategory';expression={$_.businesscategory -join '; '}}, 'office', 'officephone', 'state', 'streetaddress', 'city', 'employeeID', 'Employeenumber', 'enabled', 'lockedout', 'lastlogondate', 'badpwdcount', 'passwordlastset', 'created'
}

get-aduser @ADUserParams | select-object @SelectParams | export-csv "c:\temp\users.csv"

November 18, 2017 at 11:31 am

Thanks everyone for your input! I've been playing around with the different suggestions, which has helped tremendously. I've decided to abandon the desired output of the original challenge I found, but I'm working on doing a few different outputs that I think are much more suited to a real-world scenario. Once I get it all polished, I'll share the script.

Thanks again!

~Will~