none
How to list users only if they´re inside OU with specific names RRS feed

  • Question

  • I have a big AD  and a big OU structure.


    Some users are in OUs that have no "CN=USERS..." in its names (disabled users, service accounts, IT admins accounts, special users for name reservation, etc and so on)

    All other users are in OUs whose names begin with "CN=USERS..."

    How can i list all users if their OUs names begin with "CN=USERS..."?

    Wednesday, May 28, 2014 5:47 PM

Answers

All replies

  • Hi,

    This will return users who exist in the Users container:

    Get-ADUser -Filter * | 
        Where { $_.DistinguishedName -like '*,CN=Users,*' }

    This doesn't filter on the left, so it's not exactly the most efficient method.


    Don't retire TechNet! - (Don't give up yet - 12,950+ strong and growing)

    • Marked as answer by KayZerSoze Wednesday, May 28, 2014 8:31 PM
    Wednesday, May 28, 2014 5:55 PM
  • There is the hard way then there is the PowerShell way:

    Get-ADUser -filter * -SearchBase 'CN=Users,dc=domain,dc=com'

    When in doubt use HELP before you phone a friend.

    http://technet.microsoft.com/en-us/library/ee617241.aspx


    ¯\_(ツ)_/¯

    Wednesday, May 28, 2014 6:56 PM
  • There is the hard way then there is the PowerShell way:

    Get-ADUser -filter * -SearchBase 'CN=Users,dc=domain,dc=com'

    When in doubt use HELP before you phone a friend.

    http://technet.microsoft.com/en-us/library/ee617241.aspx


    ¯\_(ツ)_/¯

    Hah. I feel dumb.

    =]


    Don't retire TechNet! - (Don't give up yet - 12,950+ strong and growing)

    Wednesday, May 28, 2014 6:57 PM
  • I couldn't resist. 

    Nearly all AD Cmdlets pipe well.  If you are at a remote location your method Might be slow.  Using the filter and searchbase will be faster.

    Your method wil work.

    To the OP.  You really should not create users inside of the "USERS" container.  It cannot be isolated with GP.  It is also exempt from some things. Use an OU.


    ¯\_(ツ)_/¯

    Wednesday, May 28, 2014 7:18 PM
  • Perfect!

    Get-ADUser -Filter * | Where { $_.DistinguishedName -like '*,OU=USUARIOS,*' } | select DistinguishedName

    worked like a charm! Mark As Answer!

    Wednesday, May 28, 2014 8:31 PM
  • I think that the OP has multiple user containers (although I'm not sure what is happening with the built-in users container) so will have to pipe this into Where-Object as you can't perform wildcard searches on DistinguishedName using -Filter (or LDAPFilter).

    You could pipe the result of Get-ADOrganizationalUnit into a ForEach if you want to keep the whole query server side.

    Get-ADOrganizationalUnit -Filter 'Name -like "*Users*"' |
    % {Get-ADUser -Filter * -SearchBase $_  | Select-Object DistinguishedName}

    Thursday, May 29, 2014 3:39 PM