none
All users and the OU they are in RRS feed

  • Question

  • so when i run 

     get-aduser -filter * -Properties * | select-object samaccountname,memberof

    powershell displays back 

    x.visitor                                                                 {CN=Guests,CN=Builtin,

    which is what i want, but when i export it to excell i get 

    x.visitor Microsoft.ActiveDirectory.Management.ADPropertyValueCollection

    how do i get it export the samaccountname and the OU it belongs to, i need this for all users. 

    Friday, December 21, 2018 5:15 PM

Answers

  • I would recommend using the Pathname COM object instead of string parsing to get the parent OU.

    Example:


    #requires -version 2
    
    Import-Module ActiveDirectory -ErrorAction Stop
    
    $ADS_SETTYPE_DN = 4
    $ADS_FORMAT_X500_PARENT = 8
    
    $Pathname = New-Object -ComObject Pathname
    
    function Invoke-Method {
      param(
        [__ComObject] $object,
        [String] $method,
        $parameters
      )
      $output = $object.GetType().InvokeMember($method, "InvokeMethod", $null, $object, $parameters)
      if ( $output ) { $output }
    }
    
    $users = Get-ADUser -Filter *
    foreach ( $user in $users ) {
      Invoke-Method $Pathname "Set" @($user.DistinguishedName, $ADS_SETTYPE_DN)
      $path = Invoke-Method $Pathname "Retrieve" $ADS_FORMAT_X500_PARENT
      $user | Select-Object @{Name = "OU"; Expression = {$path}},SamAccountName
    }
    

    As an aside: We generally do not recommend using -Properties * with Get-ADUser as it can really slow things down.

    -- Bill Stewart [Bill_Stewart]


    Friday, December 21, 2018 5:56 PM
    Moderator

All replies

  • Users are not members of their parent OU or container. They are only members of groups. To retrieve the parent OU, you need to parse the distinguished name of the user.

    Do you want the OU the user object resides in, or the groups the user is a member of.


    Richard Mueller - MVP Enterprise Mobility (Identity and Access)


    Friday, December 21, 2018 5:30 PM
    Moderator
  • An account's memberOf attribute is not the same thing as the OU the account sits in.

    The memberOf attribute contains a list of groups the account is a member of (hence the name). (As an aside, the account's primary group is not included in the memberOf attribute.)

    An OU (organizational unit) is not the same thing as a group. Completely separate concept.

    Are you looking for the OU where the account sits, or the groups the account is a member of? Two different things with two different answers.


    -- Bill Stewart [Bill_Stewart]

    Friday, December 21, 2018 5:31 PM
    Moderator
  • The following works to parse a DN for the parent OU:

    $DN = "cn-Jim Smith,ou=West,ou=sales,dc=domain,dc=com"
    
    $ParentDN = $DN.SubString($DN.IndexOf(($DN -Split ',CN=|,OU=|,DC=')[1]) - 3)
    $ParentDN
    


    Richard Mueller - MVP Enterprise Mobility (Identity and Access)

    Friday, December 21, 2018 5:45 PM
    Moderator
  • i'm looking to get a report that shows the user name and the OU it's in. 
    Friday, December 21, 2018 5:48 PM
  • The following works to parse a DN for the parent OU:

    $DN = "cn-Jim Smith,ou=West,ou=sales,dc=domain,dc=com"
    
    $ParentDN = $DN.SubString($DN.IndexOf(($DN -Split ',CN=|,OU=|,DC=')[1]) - 3)
    $ParentDN


    Richard Mueller - MVP Enterprise Mobility (Identity and Access)

    so for this would i have to put in the DN of every user?
    Friday, December 21, 2018 5:50 PM
  • I would recommend using the Pathname COM object instead of string parsing to get the parent OU.

    Example:


    #requires -version 2
    
    Import-Module ActiveDirectory -ErrorAction Stop
    
    $ADS_SETTYPE_DN = 4
    $ADS_FORMAT_X500_PARENT = 8
    
    $Pathname = New-Object -ComObject Pathname
    
    function Invoke-Method {
      param(
        [__ComObject] $object,
        [String] $method,
        $parameters
      )
      $output = $object.GetType().InvokeMember($method, "InvokeMethod", $null, $object, $parameters)
      if ( $output ) { $output }
    }
    
    $users = Get-ADUser -Filter *
    foreach ( $user in $users ) {
      Invoke-Method $Pathname "Set" @($user.DistinguishedName, $ADS_SETTYPE_DN)
      $path = Invoke-Method $Pathname "Retrieve" $ADS_FORMAT_X500_PARENT
      $user | Select-Object @{Name = "OU"; Expression = {$path}},SamAccountName
    }
    

    As an aside: We generally do not recommend using -Properties * with Get-ADUser as it can really slow things down.

    -- Bill Stewart [Bill_Stewart]


    Friday, December 21, 2018 5:56 PM
    Moderator
  • I would recommend using the Pathname COM object instead of string parsing to get the parent OU.

    Example:


    #requires -version 2
    
    Import-Module ActiveDirectory -ErrorAction Stop
    
    $ADS_SETTYPE_DN = 4
    $ADS_FORMAT_X500_PARENT = 8
    
    $Pathname = New-Object -ComObject Pathname
    
    function Invoke-Method {
      param(
        [__ComObject] $object,
        [String] $method,
        $parameters
      )
      $output = $object.GetType().InvokeMember($method, "InvokeMethod", $null, $object, $parameters)
      if ( $output ) { $output }
    }
    
    $users = Get-ADUser -Filter *
    foreach ( $user in $users ) {
      Invoke-Method $Pathname "Set" @($user.DistinguishedName, $ADS_SETTYPE_DN)
      $path = Invoke-Method $Pathname "Retrieve" $ADS_FORMAT_X500_PARENT
      $user | Select-Object @{Name = "OU"; Expression = {$path}},SamAccountName
    }
    


    -- Bill Stewart [Bill_Stewart]

    Bill this is great how do i add export-csv to this. thank you
    Friday, December 21, 2018 6:02 PM
  • Bill this is great how do i add export-csv to this. thank you

    Put the code in a script file; e.g.: C:\Scripts\Report.ps1

    Run the script from the PowerShell command line, use Export-Csv. Example:


    PS C:\Scripts> .\Report.ps1 | Export-Csv Report.csv -NoTypeInformation


    -- Bill Stewart [Bill_Stewart]

    Friday, December 21, 2018 7:34 PM
    Moderator