PowerShell Get-ADOrganizationalUnit cmdlet gets one or more active directory Organizational Units (OU). Get-ADOrganizationalUnit Filter parameter gets multiple OU based on search criteria.
In this article, I will explain how to use PowerShell Get-ADOrganizationalUnit with additional properties to a specific organizational unit or multiple OU’s in PowerShell.
Get-ADOrganizationalUnit Syntax
PowerShell Get-ADOrganizationalUnit active directory cmdlet retrieves information about one or more organizational units (OU) in the active directory.
Get-ADOrganizationalUnit [-AuthType <ADAuthType>] [-Credential <PSCredential>] -Filter <String> [-Properties <String[]>] [-ResultPageSize <Int32>] [-ResultSetSize <Int32>] [-SearchBase <String>] [-SearchScope <ADSearchScope>] [-Server <String>] [<CommonParameters>] Get-ADOrganizationalUnit [-AuthType <ADAuthType>] [-Credential <PSCredential>] [-Identity] <ADOrganizationalUnit> [-Partition <String>] [-Properties <String[]>] [-Server <String>] [<CommonParameters>] Get-ADOrganizationalUnit [-AuthType <ADAuthType> [-Credential <PSCredential>] -LDAPFilter <String> [-Properties <String[]>] [-ResultPageSize <Int32>] [-ResultSetSize <Int32>] [-SearchBase <String>] [-SearchScope <ADSearchScope>] [-Server <String>] [<CommonParameters>]
Let’s understand PowerShell Active Directory Get-ADOrganizationalUnit examples.
Using Get-ADOrganizationalUnit Filter Parameter (wildcard)
If you want to search for a specific organizational unit or multiple OU’s in the active directory, use filter or LDAPFilter.
Get-ADOrganizationalUnit filter parameter with a wildcard (asterisk) for search and lists all OU’s available in Active Directory.
Get-ADOrganizationalUnit -Filter *
In the above Get-ADOrganizationalUnit Filter parameter with wild character (*) gets organizational units with their distinguished name available in the domain.
The Filter parameter uses PowerShell expression language to write query strings for Active Directory.
The output of the above command to get organizational units with distinguished names is:
Cool Tip: How to create an Organizational Unit in PowerShell!
Get Adorganizational Unit by Name
The OrganizationUnit in the active directory can be obtained using the Get-AdOrganizationalUnit Name property. You can specify the OU name with the Filter parameter to search effectively for the OU name in your active directory.
To get OU details by name from the active directory, use the following command.
Get-ADOrganizationalUnit -Filter 'Name -like "SALES"'
In the above PowerShell script, the Get-AdOrganizationalUnit cmdlet uses the Filter parameter to check condition ‘Name -like “SALES”‘.
The output of the above script gets the organizational unit by name as given below.
PS C:\> Get-ADOrganizationalUnit -Filter 'Name -like "SALES"'
City : DELHI
Country : INDIA
DistinguishedName : OU=SALES,DC=SHELLPRO,DC=LOCAL
LinkedGroupPolicyObjects : {}
ManagedBy :
Name : SALES
ObjectClass : organizationalUnit
ObjectGUID : 2f2a8d01-ce46-4eb6-a9c4-05c985029416
PostalCode :
State :
StreetAddress :Get all OUs in a Domain Using the Get-ADOrganizationalUnit
To get all OUs in the domain, run the following script.
Get-ADOrganizationalUnit -Filter 'Name -like "*"' | Format-Table Name, DistinguishedName -A
In the above PowerShell Get-ADOrganizationalUnit Filter parameter with search condition where organizational Name like “*” (wildcard) gets organizational unit distinguishedName and their name from the domain.
The output of the above using the get-adorganizationalunit command is:
Name DistinguishedName
---- -----------------
Domain Controllers OU=Domain Controllers,DC=SHELLPRO,DC=LOCAL
SALES OU=SALES,DC=SHELLPRO,DC=LOCAL
HR OU=HR,DC=SHELLPRO,DC=LOCALCool Tip: How to use PowerShell Set-ADUser to modify Active Directory user attributes.
Get OU from Distinguished Name the Get-ADOrganizationalUnit
To get an OU from a distinguished name, run the following script that uses the Get-AdOrganizationalUnit command.
Get-ADOrganizationalUnit -Identity "OU=SALES,DC=SHELLPRO,DC=LOCAL" | Format-Table Name,DistinguishedName,ObjectClass
In the above PowerShell script, the Get-ADOrganizationalUnit command uses the Identity parameter to specify an organizational unit distinguished name. This command gets ad organizational unit from distinguished name and format results parameters to the table.
Name DistinguishedName ObjectClass
---- ----------------- -----------
SALES OU=SALES,DC=SHELLPRO,DC=LOCAL organizationalUnitCool Tip: How to get-aduser using userprincipalname in PowerShell!
How to Get AdOrganizationalUnit Canonical Name
Using the CanonicalName property of Get-AdOrganizationalUnit, you can get a list of organizational units’ canonical names.
Get-ADOrganizationalUnit -Filter * -Properties CanonicalName | Select-Object -Property CanonicalName
In the above PowerShell script, the Get-AdOrganizationalUnit uses the Filter parameter with wildcard character * gets all OU in the domain and Properties parameter to get the CanonicalName of OU.
The Select-Object command select the CanonicalName property to get an active directory organizational unit canonical name.
The output of the above command is:
Export OrganizationalUnits from Active Directory to CSV file
Using the Get-AdOrganizationalUnit Filter * parameter, it gets all the OUs from the active directory.
Use the Export-CSV cmdlet in PowerShell to export OU from the Active Directory to the CSV file.
Get-ADOrganizationalUnit -Filter * -Properties CanonicalName | Select-Object -Property Name, CanonicalName | Export-Csv -Path C:\PowerShell\export_ous_in-ad.csv -NoTypeInformation
The output of the above PowerShell script to export the active directory ous as follows:
Cool Tip: How to export active directory users to the CSV file in PowerShell!
Get AdOrganizationalUnit All Properties
The Get-AdOrganizationalUnit retrieves a default set of properties. To get additional organizational unit properties, use the -Properties parameter.
To get adorganizationalunit extended properties for OU name specified by distinguished name, run the following command.
Get-ADOrganizationalUnit "OU=SALES,DC=SHELLPRO,DC=LOCAL" -Properties * | Get-Member
Get Sub OU Description within an OU
Using the `Get-AdorganizationalUnit SearchScope OneLevel` parameter, it searches the immediate children of the given OU.
In the following script to get sub ous and their distinguishedname name, the $OU variable contains the current path of the OU.
The Get-AdOrganizationalUnit uses the SearchBase parameter to search within the given OU and SearchBase OneLevel to get sub ou.
$OU = 'OU=SHELLUSERS,DC=SHELLPRO,DC=LOCAL' Get-ADOrganizationalUnit -SearchBase $OU -SearchScope OneLevel -Filter * |Select-Object DistinguishedName, Name
The output of the above command to get a list of sub ou and their description as given:
Get-AdOrganizationalUnit Parameters
Let’s understand each of the Get-AdOrganizationalUnit key parameters as below:
–AuthType – authentication method to use based on either Basic (or 1) or Negotiate (or 0). It has Negotiate default authentication method.
SSL (Secure Socket Layer) connection is required to use the Basic Authentication method.
–Credential PSCredential – It specifies user credentials required to perform a Get-ADGroup search for the group. It default accepts the credentials of logged-on users.
To use the Credential parameter, use username as User1 or domain\User1 or you can create and use PSCredential object by using Get-Credential cmdlet.
-Identity – It specifies Active Directory group object to get OU search using the distinguished name, GUID, security identifier, or SAMAccountName
-Partition – It specifies the distinguished name of an active directory partition.
–Filter – It specifies a query string (PowerShell Expression Language Syntax) to retrieve Active Directory objects. PowerShell wildcards other than * are not supported by filter syntax.
-LDAPFilter – LDAPFilter query string is used to filter Active Directory objects.
-Properties – Use this parameter to get all properties for an OU object. Use Properties * (asterisk) to display organizational unit all attributes.
Conclusion
I hope the above article on using the PowerShell Get-ADOrganizationalUnit cmdlet to get one or more Organizational Units (OU) in the active directory.
Using the Get-AdOrganizational Filter parameter, you can get all organizational units and their distinguished name or get specific OU available in the domain.
Use the Get AdOrganizationalUnit Identity parameter to get OU from the distinguished name available in the domain.
Get-ADOrganizationalUnit returns a default set of properties. To get additional properties of OU, use the -Properties parameter.
You can find more topics about PowerShell Active Directory commands and PowerShell basics on the ShellGeek home page.