Get-ADOrganizationalUnit in Active Directory – PowerShell

by

PowerShell Get-ADOrganizationalUnit cmdlet gets one or more active directory Organizational Unit (OU). Get-ADOrganizationalUnit used to get multiple OU based on search criteria.

In this article, I will explain how to use PowerShell Get-ADOrganizationalUnit with additional properties to specific OU or multiple OU’s in PowerShell.

Table of Contents hide
1 Get-ADOrganizationalUnit Syntax
1.1 Using Get-ADOrganizationalUnit Filter parameter (wildcard)
2 Get-ADOrganizationalUnit to Get all OUs in a Domain
3 Get-ADOrganizationalUnit to Get OU using Distinguished Name
4 Conclusion

Get-ADOrganizationalUnit Syntax

PowerShell Get-ADOrganizationalUnit active directory cmdlet retrieves information about one or more organizational unit (OU) in active directory.

Get-ADOrganizationalUnit   [-AuthType <ADAuthType>]   [-Credential <PSCredential>]   -Filter <String>
   [-Properties <String[]>]   [-ResultPageSize <Int32>]   [-ResultSetSize <Int32>]   [-SearchBase <String>]
   [-SearchScope <ADSearchScope>]   [-Server <String>]   [<CommonParameters>]

Get-ADOrganizationalUnit   [-AuthType <ADAuthType>]   [-Credential <PSCredential>]   [-Identity] <ADOrganizationalUnit>   [-Partition <String>]   [-Properties <String[]>]   [-Server <String>]
   [<CommonParameters>]

Get-ADOrganizationalUnit   [-AuthType <ADAuthType>   [-Credential <PSCredential>]   -LDAPFilter <String>
   [-Properties <String[]>]   [-ResultPageSize <Int32>]   [-ResultSetSize <Int32>]   [-SearchBase <String>]
   [-SearchScope <ADSearchScope>]   [-Server <String>]   [<CommonParameters>]

Let’s understand each of the Get- ADOrganizationalUnit key parameters as below:

AuthType – authentication method to use based on either Basic (or 1) or Negotiate (or 0). It has Negotiate default authentication method.

SSL (Secure Socket Layer) connection is required to use Basic Authentication method.

Credential PSCredential – It specifies user credentials required to perform Get-ADGroup search for group. It default accepts credentials of logged on users.

To use Credential parameter, use username as User1 or domain\User1 or you can create and use PSCredential object by using Get-Credential cmdlet.

-Identity – It specifies Active Directory group object to get OU search using distinguished name, GUID , security identifier or SAMAccountName

-Partition – It specifies the distinguished name of an active directory partition.

Filter – It specifies a query string (PowerShell Expression Language Syntax) to retrieves Active Directory objects. PowerShell wildcards other than * are not supported by filter syntax.

-LDAPFilter – LDAPFilter query string is used to filter Active Directory objects.

Using Get-ADOrganizationalUnit Filter parameter (wildcard)

If you want to search for specific OU or multiple OU’s in active directory, use filter or LDAPFilter .

Get-ADOrganizationalUnit cmdlet filter parameter with wildcard (asterisk) for search and lists all OU’s available in Active Directory

Get-ADOrganizationalUnit -Filter *

Above Get-ADOrganizationalUnit cmdlet, Filter parameter with wild character (*) returns all the OU available in domain. Filter parameter uses PowerShell expression language to write query string for Active Directory.

Cool Tip: How to create Organizational Unit in PowerShell!

Lets understand PowerShell Active Directory Get-ADOrganizationalUnit cmdlet with examples.

Get-ADOrganizationalUnit to Get all OUs in a Domain

To get all OUs in domain, run below command

Get-ADOrganizationalUnit -Filter 'Name -like "*"' | Format-Table Name, DistinguishedName -A

Above PowerShell Get-ADOrganizationalUnit cmdlet use Filter parameter with search condition where OU name like to get all OUs in a domain.

Output of above using get-adorganizationalunit command as below

Name               DistinguishedName
----               -----------------
Domain Controllers OU=Domain Controllers,DC=SHELLPRO,DC=LOCAL
SALES              OU=SALES,DC=SHELLPRO,DC=LOCAL
HR                 OU=HR,DC=SHELLPRO,DC=LOCAL

Cool Tip: how to use PowerShell Set-ADUser to modify Active Directory user attributes.

Get-ADOrganizationalUnit to Get OU using Distinguished Name

If you want to get an OU using distinguished name, run below command

 Get-ADOrganizationalUnit -Identity "OU=SALES,DC=SHELLPRO,DC=LOCAL" | Format-Table Name,DistinguishedName,ObjectClass

In the above PowerShell script, Get-ADOrganizationalUnit cmdlet returns the OU specified by distinguishedname in Identity parameter and format results parameters to table as below

Name  DistinguishedName             ObjectClass
----  -----------------             -----------
SALES OU=SALES,DC=SHELLPRO,DC=LOCAL organizationalUnit

Cool Tip: how to get-aduser using userprincipalname in PowerShell!

Conclusion

I hope above article on PowerShell Get-ADOrganizationalUnit cmdlet to gets one or more Organizational Unit (OU) in active directory.

Get- ADOrganizationalUnit cmdlet returns a default set of properties. To get additional properties of OU, use –Properties parameter.

You can find more topics about PowerShell Active Directory commands and PowerShell basics on ShellGeek home page.

Leave a Comment