Retrieving Users by OU

Welcome Forums General PowerShell Q&A Retrieving Users by OU

This topic contains 4 replies, has 4 voices, and was last updated by

Will Evertsen
 
Participant
1 year ago.

  • Author
    Posts
  • November 12, 2017 at 9:29 am #84014
    Will Evertsen

    Participant
    Points: 0
    Rank: Member

    Greetings!

    I've recently decided to make a concerted effort to expand my skill set in Powershell. To that end, I've been searching on the Internet for some challenges to do in my free time. The current one I'm working on is as follows:

    Create a script that searches for user accounts in each OU in the domain. For each OU that contains user accounts, display the OU name heading followed by a list of user accounts.

    Your output should look similar to the following:
    Customer Support Users
    ———————-
    John Doe XVI

    Finance Users
    ————-
    Jane Doe

    Where I'm At Right Now:
    >> I'm able to get a list of users using either Get-ADUser or Get-ADObject and I can kinda get the OU by selecting CanonicalName or DistinguishedName, though it's obviously buried.
    >> I'm able to get a list of OU's with Get-ADOrganizationalUnit.

    The issue I'm having is that I can't quite figure out how to format the list in the way its being presented in the challenge.

    Judging from the research I've done online thus far, I have this icky feeling that I may need to use RegEx to extract JUST the name of the OU from the user's CN or DN string.

    I would appreciate any help that anyone is willing to provide. Thanks in advance for your assistance and valuable time!

    Regards,
    ~Will~

  • November 12, 2017 at 1:44 pm #84022
    Olaf Soyk

    Participant
    Points: 170
    Helping Hand
    Rank: Participant

    Hmmm .... that it is possible does not mean it is useful. 😉

    Most of the time we use Powershell scripts for a particular purpose. (At least me) And also most of the time the data collected should be processed afterwards or at least should be in a format that you can do further steps with it. If that's the case you could simply output the user names including their OU. If you just want to play around a little you could start with

    Get-ADUser -Filter * -OutVariable AllUsers

    Now you have all you need in a variable $AllUsers and you can start playing around with this data.
    You could output only the names and the Distinguished names like this:

    $AllUsers | Select-Object -Property Name,DistinguishedName

    Or you could make it a little more "sophisticated" and "build" the OU from the Distinguished Name like this:

    $AllUsers | Select-Object -Property Name,@{n='OU';e={$_.distinguishedname -replace '^.+?,(CN|OU.+)','$1'}}

    Now you could group these information by OU like this

    $AllUsers | Select-Object -Property Name,@{n='OU';e={$_.distinguishedname -replace '^.+?,(CN|OU.+)','$1'}} | Group-Object -Property OU

    ... or you could store all this in a csv file for later use, or .., or ... , or ...

  • November 12, 2017 at 7:05 pm #84041
    Stuart Squibb

    Participant
    Points: 33
    Rank: Member

    Hi Will,
    Just a hint – you can set a searchbase on Get-ADUser. So if you've got a list of OUs you can iterate over it and search each one to produce your list. No regex required.

    Stuart.

  • November 15, 2017 at 12:38 pm #84272

    Inactive
    Points: 0
    Rank: Member

    You can try the following command to get user accounts in each OU in the domain.

    $BaseOU = "ou=Employees,dc=domain,dc=com"
    $DNs = (Get-ADOrganizationalUnit -Filter * –SearchBase $BaseOU | `
    Select DistinguishedName)
    ”” | out-file c:\temp\count.txt
    foreach ($DN in $DNs) {
    $DN | Out-File C:\temp\count.txt -append
    (get-aduser -filter * -SearchBase $DN.DistinguishedName).count | `
    Out-File c:\temp\count.txt -append
    }
    [edited to make it more readable]

    Get list of AD users in an OU

    import-module ActiveDirectory

    $ADUserParams=@{
    'Server' = 'remote.domain.com'
    'Searchbase' = 'OU=users,DC=remote,DC=domain,DC=com'
    'Searchscope'= 'Subtree'
    'Filter' = '*'
    'Properties' = '*'
    }

    #This is where to change if different properties are required.

    $SelectParams=@{
    'Property' = 'SAMAccountname', 'CN', 'title', 'DisplayName', 'Description', 'EmailAddress', 'mobilephone',@{name='businesscategory';expression={$_.businesscategory -join '; '}}, 'office', 'officephone', 'state', 'streetaddress', 'city', 'employeeID', 'Employeenumber', 'enabled', 'lockedout', 'lastlogondate', 'badpwdcount', 'passwordlastset', 'created'
    }

    get-aduser @ADUserParams | select-object @SelectParams | export-csv "c:\temp\users.csv"

  • November 18, 2017 at 11:31 am #84529
    Will Evertsen

    Participant
    Points: 0
    Rank: Member

    Thanks everyone for your input! I've been playing around with the different suggestions, which has helped tremendously. I've decided to abandon the desired output of the original challenge I found, but I'm working on doing a few different outputs that I think are much more suited to a real-world scenario. Once I get it all polished, I'll share the script.

    Thanks again!

    ~Will~

  • Author
    Posts

The topic ‘Retrieving Users by OU’ is closed to new replies.