locked
How do I get the user's OU from his/her e-mail address? RRS feed

  • Question

  • I'm trying to write a Powershell script that forwards an e-mail from X user and, based on that user's Organizational Unit in Active Directory, forward that e-mail to the correct department dealing with that OU. Is there a way to read OU given an e-mail address in Powershell?

    Thanks in advance for reading.

    Best,

    Alex

    Tuesday, July 1, 2014 6:28 PM

Answers

  • Get Parent OU for user by email address.

    $mail='user@domain.com'

    $parentOU=(([adsisearcher]"mail=$mail").FindOne()).GetDirectoryEntry().Parent


    ¯\_(ツ)_/¯

    • Proposed as answer by jrv Tuesday, July 1, 2014 7:08 PM
    • Marked as answer by Alexander Bazzi Tuesday, July 1, 2014 7:28 PM
    Tuesday, July 1, 2014 7:08 PM

All replies

  • No. But you can find the email address in AD, and get the user's OU based on the path of the AD object you found. For example:


    $userDN = get-aduser -ldapfilter "(mail=kdyer@fabrikam.com)" |
      select-object -expandpropery DistinguishedName
    # $userDN contains "CN=Ken Dyer,OU=Sales,DC=fabrikam,DC=com"
    Get-ADPathname $userDN -GetElement 1 -ValuesOnly
    # Outputs "Sales"
    

    Get-ADPathname is a script I wrote for this article:

    Windows IT Pro: Use PowerShell to Handle Active Directory Paths


    -- Bill Stewart [Bill_Stewart]

    • Proposed as answer by jrv Tuesday, July 1, 2014 7:08 PM
    Tuesday, July 1, 2014 6:34 PM
  • Hi Alex,

    Here's something you can build from:

    Get-ADUser -Filter "EmailAddress -eq 'email@domain.com'" | 
        Select Name,SamAccountName,@{N='OU';E={($_.DistinguishedName -split ',OU=')[1]}}


    Don't retire TechNet! - (Don't give up yet - 12,950+ strong and growing)

    • Proposed as answer by jrv Tuesday, July 1, 2014 7:08 PM
    Tuesday, July 1, 2014 6:35 PM
  • Get Parent OU for user by email address.

    $mail='user@domain.com'

    $parentOU=(([adsisearcher]"mail=$mail").FindOne()).GetDirectoryEntry().Parent


    ¯\_(ツ)_/¯

    • Proposed as answer by jrv Tuesday, July 1, 2014 7:08 PM
    • Marked as answer by Alexander Bazzi Tuesday, July 1, 2014 7:28 PM
    Tuesday, July 1, 2014 7:08 PM
  • If you're running Exchange (2007 or better) and have at least Read-Only Recipient Adminstirator rights, you can use that.

    $session = 
    	new-pssession -configurationname Microsoft.Exchange -ConnectionURI http://<exchange server>/powershell/ -authentication kerberos 
    
    invoke-command -scriptblock { get-recipient <email address> } -Session $session | 
     select -ExpandProperty OrganizationalUnit

    That should be considerably faster than the AD query.  Email addresses aren't required to be unique in AD, so it doesn't maintain an index on that property.  In Exchange it does have to be unique and is indexed in it's database so the result is returned almost immediately.


    [string](0..33|%{[char][int](46+("686552495351636652556262185355647068516270555358646562655775 0645570").substring(($_*2),2))})-replace " "

    Tuesday, July 1, 2014 7:10 PM
  • Thanks so much! It works like a charm!
    Tuesday, July 1, 2014 7:30 PM