Get-ADOrganizationalUnit Subtree

I am running a report on our users and fashioning a nice clean report listing the Name of their OU, among other parameters.

All companies have a root ou called ‘Hosted’ and then there are about 100 SubOU’s from within. I want to iterate through each OU and then loop through each user to output an object of ‘OU’, ‘user’, etc…

To first get my list of OU’s, I execute this command.

$OUs = Get-ADOrganizationalUnit -Filter * -Searchbase 'OU=Hosted,DC=XXXX,DC=local' -SearchScope Subtree

However, the OUs object lists the 'Hosted; OU in the array, which I would expect “SearchScope Subtree” parameter to only list the sub-OUs.

PS H:\> $OUs | Where-Object{$_.name -like "Hosted"}

RunspaceId : 26696d78-75d7-4097-9b7c-8f837c7d8c9e
City :
Country :
DistinguishedName : OU=Hosted,DC=XXXX,DC=local
LinkedGroupPolicyObjects : {}
ManagedBy :
Name : Hosted
ObjectClass : organizationalUnit
ObjectGUID : 37b8b83d-1f1a-4c1c-a0ed-01287bb5b1b2
PostalCode :
State :
StreetAddress :

How do I create an array of only Sub-OU’s of a root OU?

Hmmm … I assume you want to create this report for all of your ‘Hosted’-OUs and their users anyway, right? Why bother to create a sophisticated query? You could simply query all users from your AD strucrure along with their “CanonicalName” - and of course the other parameters you’re after. When you sort this list by CanonicalName you’re almost done with it. The rest is a little string acrobatics or Excel formatting.

$SearchBase = 'DC=XXXX,DC=local'

Get-ADUser -Filter * -SearchBase $SearchBase -Properties CanonicalName |
    Select-Object -Property Name,CanonicalName |
        Sort-Object -Property CaconicalName

It would be helpful if I had the OU the user was a part of. Preferably just the ‘Name’ property and not the full "DinstinguishedName’ property.

Basically, the report should have.

That’s what I meant. If the “Hosted”-OUs are all on the same “level” in your AD it’s a piece of cake to extract this bit of information from the CanonicalName.

('dc.local/someOU/someOtherOU/Hosted/SubHostedOU/Sites/Users' -split '/')[4]

There are one or two OU’s that might go 2, maybe 3 deep.

I really don’t understand what you mean with this. You may post some examples.

• Hosted OU
  • Company1_OU
    • User1_1
    • User2_1
    • User3_1
  • Company2_OU
    • User1_2
    • User2_2
    • User3_2
    • Company2A_OU
      • User1_2A
      • User2_2A
      • User3_2a
  • Company3_Ou
    • User1_3
    • User2_3
    • User3_#

Need to capture all of these users and their attributes and list the OU that each is attributed along with other attributes.

My original command was to first capture all of the OU’s within the HOsted OU…recursively to capture the subOUs (example Company_2A).

My original command was to declare my ‘Hosted’ OU and then the subtree parameter to recursively grab the subou’s, however the root OU appears in the list.

$OUs = Get-ADOrganizationalUnit -Filter * -Searchbase ‘OU=Hosted,DC=XXXX,DC=local’ -SearchScope Subtree

[quote quote=222687]My original command was to first capture all of the OU’s within the HOsted OU…recursively to capture the subOUs (example Company_2A).
My original command was to declare my ‘Hosted’ OU and then the subtree parameter to recursively grab the subou’s, however the root OU appears in the list.[/quote]
OK, but if I got this right that would be a manual process anyway, right.

If you have 2 levels where to find relevant information in your OU structure you could use this …

('dc.local/someOU/someOtherOU/Hosted/SubHostedOU/Sites/Users' -split '/')[4]

… twice and simply fill in 2 columns. You could even filter it easily then in Excel for example.

If the issue is it’s also including the root OU then just filter it out.

$searchbase = 'OU=Hosted,DC=XXXX,DC=local'
$OUs = Get-ADOrganizationalUnit -Filter * -Searchbase $searchbase -SearchScope Subtree | where distinguishedname -ne $searchbase