PowerShell Get-ADOrganizationalUnit cmdlet gets one or more active directory Organizational Unit (OU). Get-ADOrganizationalUnit Filter parameter gets multiple OU based on search criteria.
In this article, I will explain how to use PowerShell Get-ADOrganizationalUnit with additional properties to a specific organizational unit or multiple OU’s in PowerShell.
Get-ADOrganizationalUnit Syntax
PowerShell Get-ADOrganizationalUnit active directory cmdlet retrieves information about one or more organizational units (OU) in the active directory.
Get-ADOrganizationalUnit [-AuthType <ADAuthType>] [-Credential <PSCredential>] -Filter <String> [-Properties <String[]>] [-ResultPageSize <Int32>] [-ResultSetSize <Int32>] [-SearchBase <String>] [-SearchScope <ADSearchScope>] [-Server <String>] [<CommonParameters>] Get-ADOrganizationalUnit [-AuthType <ADAuthType>] [-Credential <PSCredential>] [-Identity] <ADOrganizationalUnit> [-Partition <String>] [-Properties <String[]>] [-Server <String>] [<CommonParameters>] Get-ADOrganizationalUnit [-AuthType <ADAuthType> [-Credential <PSCredential>] -LDAPFilter <String> [-Properties <String[]>] [-ResultPageSize <Int32>] [-ResultSetSize <Int32>] [-SearchBase <String>] [-SearchScope <ADSearchScope>] [-Server <String>] [<CommonParameters>]
Let’s understand each of the get adorganizationalunit key parameters as below:
–AuthType – authentication method to use based on either Basic (or 1) or Negotiate (or 0). It has Negotiate default authentication method.
SSL (Secure Socket Layer) connection is required to use the Basic Authentication method.
–Credential PSCredential – It specifies user credentials required to perform a Get-ADGroup search for the group. It default accepts the credentials of logged-on users.
To use the Credential parameter, use username as User1 or domain\User1 or you can create and use PSCredential object by using Get-Credential cmdlet.
-Identity – It specifies Active Directory group object to get OU search using the distinguished name, GUID, security identifier or SAMAccountName
-Partition – It specifies the distinguished name of an active directory partition.
–Filter – It specifies a query string (PowerShell Expression Language Syntax) to retrieves Active Directory objects. PowerShell wildcards other than * are not supported by filter syntax.
-LDAPFilter – LDAPFilter query string is used to filter Active Directory objects.
-Properties – Use this parameter to get all properties for an OU object. Use Properties * (asterisk) to display organizational unit all attributes.
Using Get-ADOrganizationalUnit Filter parameter (wildcard)
If you want to search for a specific organizational unit or multiple OU’s in the active directory, use filter or LDAPFilter.
Get-ADOrganizationalUnit filter parameter with a wildcard (asterisk) for search and lists all OU’s available in Active Directory
Get-ADOrganizationalUnit -Filter *
In the above Get-ADOrganizationalUnit Filter parameter with wild character (*) gets organizational units with their distinguished name available in the domain.
Filter parameter uses PowerShell expression language to write query string for Active Directory.
The output of the above command to get organizational units with distinguished names is:
Cool Tip: How to create an Organizational Unit in PowerShell!
Let’s understand PowerShell Active Directory Get-ADOrganizationalUnit examples.
Get Adorganizational Unit by Name
OrganizationUnit in the active directory can be get using the Get-AdOrganizationalUnit Name property. You can specify the OU name with the Filter parameter to search effectively for the OU name in your active directory.
To get OU details by name from the active directory, use the following command
Get-ADOrganizationalUnit -Filter 'Name -like "SALES"'
The output of the above command get the organizational unit by name as
PS C:\> Get-ADOrganizationalUnit -Filter 'Name -like "SALES"'
City : DELHI
Country : INDIA
DistinguishedName : OU=SALES,DC=SHELLPRO,DC=LOCAL
LinkedGroupPolicyObjects : {}
ManagedBy :
Name : SALES
ObjectClass : organizationalUnit
ObjectGUID : 2f2a8d01-ce46-4eb6-a9c4-05c985029416
PostalCode :
State :
StreetAddress :Get-ADOrganizationalUnit to Get all OUs in a Domain
To get all OUs in the domain, run the following command
Get-ADOrganizationalUnit -Filter 'Name -like "*"' | Format-Table Name, DistinguishedName -A
In the above PowerShell Get-ADOrganizationalUnit Filter parameter with search condition where organizational name like “*” (wildcard) gets organizational unit distinguishedName and their name from the domain.
The output of above using the get-adorganizationalunit command is:
Name DistinguishedName
---- -----------------
Domain Controllers OU=Domain Controllers,DC=SHELLPRO,DC=LOCAL
SALES OU=SALES,DC=SHELLPRO,DC=LOCAL
HR OU=HR,DC=SHELLPRO,DC=LOCALCool Tip: How to use PowerShell Set-ADUser to modify Active Directory user attributes.
Get-ADOrganizationalUnit to Get OU from Distinguished Name
If you want to get an OU from a distinguished name, run the following command
Get-ADOrganizationalUnit -Identity "OU=SALES,DC=SHELLPRO,DC=LOCAL" | Format-Table Name,DistinguishedName,ObjectClass
In the above PowerShell script, Get-ADOrganizationalUnit uses the Identity parameter to specify an organizational unit distinguished name.
It gets ad organizational unit from distinguished name and format results parameters to table as below
Name DistinguishedName ObjectClass
---- ----------------- -----------
SALES OU=SALES,DC=SHELLPRO,DC=LOCAL organizationalUnitCool Tip: how to get-aduser using userprincipalname in PowerShell!
Get-AdOrganizationalUnit Canonical Name
Using the CanonicalName property of Get-AdOrganizationalUnit, you can get a list of organizational units’ canonical names.
Get-ADOrganizationalUnit -Filter * -Properties CanonicalName | Select-Object -Property CanonicalName
In the above PowerShell script, it uses the Get-AdOrganizationalUnit Filter parameter with wildcard character * gets all OU in the domain.
Get-AdOrganizationalUnit uses CanonicalName property to get active directory organizational unit canonical name.
The output of the above command is:
Export OrganizationalUnits from Active Directory to CSV file
Using the Get-AdOrganizationalUnit Filter * parameter, it gets all the OUs from the active directory.
Use the Export-CSV cmdlet in PowerShell to export OU from the Active Directory to the CSV file.
Get-ADOrganizationalUnit -Filter * -Properties CanonicalName | Select-Object -Property Name, CanonicalName | Export-Csv -Path C:\PowerShell\export_ous_in-ad.csv -NoTypeInformation
The output of the above PowerShell script to export active directory ous as follows:
Cool Tip: how to export active directory users to the CSV file in PowerShell!
Get AdOrganizationalUnit All Properties
Get-AdOrganizationalUnit retrieves a default set of properties. To get additional organizational unit properties, use -Properties parameter.
To get adorganizationalunit extended properties for OU name specified by distinguished name, run the following command
Get-ADOrganizationalUnit "OU=SALES,DC=SHELLPRO,DC=LOCAL" -Properties * | Get-Member
Get Sub OU Description within a OU
Using the Get-AdorganizationalUnit SearchScope OneLevel parameter, it searches the immediate children of the given OU.
In the following script to get sub ous and their distinguishedname and name, the $OU variable contains the current path of the OU.
Get-AdOrganizationalUnit uses the SearchBase parameter to search within the given OU and SearchBase OneLevel to get sub ou.
$OU = 'OU=SHELLUSERS,DC=SHELLPRO,DC=LOCAL' Get-ADOrganizationalUnit -SearchBase $OU -SearchScope OneLevel -Filter * |Select-Object DistinguishedName, Name
The output of the above command to get a list of sub ou and their description as given:
Conclusion
I hope the above article on using PowerShell Get-ADOrganizationalUnit cmdlet to get one or more Organizational Units (OU) in the active directory.
Using the Get-AdOrganizational Filter parameter, you can get all organizational units and their distinguished name or get specific OU available in the domain.
Use the Get AdOrganizationalUnit Identity parameter to get OU from the distinguished name available in the domain.
Get-ADOrganizationalUnit returns a default set of properties. To get additional properties of OU, use -Properties parameter.
You can find more topics about PowerShell Active Directory commands and PowerShell basics on the ShellGeek home page.