Get Organizational Units with PowerShell

We like to get a list of all the Organizational Units (OUs) in Active Directory and export it with PowerShell. Why do we need that? We like to clean up not used OUs. This article will teach you how to display and export a list of Organizational Units with PowerShell.

Table of contents

Get a list of all Organizational Units with PowerShell

Run PowerShell as administrator. Get a list of all the OUs in Active Directory. We will make use of the Get-ADOrganizationalUnit cmdlet. Let’s sort on CanonicalName. This will show us an OU breakdown structure and is easier to read.

PS C:\> Get-ADOrganizationalUnit -Properties CanonicalName -Filter * | Sort-Object CanonicalName | Format-Table CanonicalName, DistinguishedName

CanonicalName                                      DistinguishedName                                          
-------------                                      -----------------                                          
alitajran.local/AT Company                         OU=AT Company,DC=alitajran,DC=local                        
alitajran.local/AT Company/Groups                  OU=Groups,OU=AT Company,DC=alitajran,DC=local              
alitajran.local/AT Company/Servers                 OU=Servers,OU=AT Company,DC=alitajran,DC=local             
alitajran.local/AT Company/Servers/Exchange        OU=Exchange,OU=Servers,OU=AT Company,DC=alitajran,DC=local 
alitajran.local/AT Company/Users                   OU=Users,OU=AT Company,DC=alitajran,DC=local               
alitajran.local/AT Company/Users/HR                OU=HR,OU=Users,OU=AT Company,DC=alitajran,DC=local         
alitajran.local/AT Company/Users/IT                OU=IT,OU=Users,OU=AT Company,DC=alitajran,DC=local         
alitajran.local/Domain Controllers                 OU=Domain Controllers,DC=alitajran,DC=local                
alitajran.local/Microsoft Exchange Security Groups OU=Microsoft Exchange Security Groups,DC=alitajran,DC=local

The output with all the OUs in AD is a good list. But how do we know if there are users present in the OU?

Get a list of all Organizational Units including UserCount with PowerShell

We like to get a list of the OUs, including user count with PowerShell. This will show us if there are users present in the OU. Copy and paste the below code. Run it in PowerShell ISE.

Get-ADOrganizationalUnit -Properties CanonicalName -Filter * | Sort-Object CanonicalName |
ForEach-Object {
    [pscustomobject]@{
        Name          = Split-Path $_.CanonicalName -Leaf
        CanonicalName = $_.CanonicalName
        UserCount     = @(Get-AdUser -Filter * -SearchBase $_.DistinguishedName -SearchScope OneLevel).Count
    }
}

It will show an output with a column UserCount. If the UserCount value is showing 0, it means that there are no users in the OU. Note: it will not show if there is a computer object in the OU. This will only check and show a count for users.

Name                               CanonicalName                                      UserCount
----                               -------------                                      ---------
AT Company                         alitajran.local/AT Company                                 0
Groups                             alitajran.local/AT Company/Groups                          0
Servers                            alitajran.local/AT Company/Servers                         0
Exchange                           alitajran.local/AT Company/Servers/Exchange                0
Users                              alitajran.local/AT Company/Users                           0
HR                                 alitajran.local/AT Company/Users/HR                        5
IT                                 alitajran.local/AT Company/Users/IT                       15
Domain Controllers                 alitajran.local/Domain Controllers                         0
Microsoft Exchange Security Groups alitajran.local/Microsoft Exchange Security Groups         0

Get a list of all Organizational Units including ComputerCount with PowerShell

We like to get a list of the OUs, including computer count with PowerShell.

Get-ADOrganizationalUnit -Properties CanonicalName -Filter * | Sort-Object CanonicalName |
ForEach-Object {
    [pscustomobject]@{
        Name          = Split-Path $_.CanonicalName -Leaf
        CanonicalName = $_.CanonicalName
        UserCount     = @(Get-AdUser -Filter * -SearchBase $_.DistinguishedName -SearchScope OneLevel).Count
        ComputerCount = @(Get-AdComputer -Filter * -SearchBase $_.DistinguishedName -SearchScope OneLevel).Count
    }
}

The output will show a column ComputerCount.

Name                               CanonicalName                                      UserCount ComputerCount
----                               -------------                                      --------- -------------
AT Company                         alitajran.local/AT Company                                 0             0
Groups                             alitajran.local/AT Company/Groups                          0             0
Servers                            alitajran.local/AT Company/Servers                         0             3
Exchange                           alitajran.local/AT Company/Servers/Exchange                0             2
Users                              alitajran.local/AT Company/Users                           0             0
HR                                 alitajran.local/AT Company/Users/HR                        5             0
IT                                 alitajran.local/AT Company/Users/IT                       15             0
Domain Controllers                 alitajran.local/Domain Controllers                         0             2
Microsoft Exchange Security Groups alitajran.local/Microsoft Exchange Security Groups         0             0

Export OUs in AD to a text file or CSV file with PowerShell

Now that we have the list of OUs in AD shown, we like to export it to a file. The script will get the Organizational Units with PowerShell and export it to a text file.

$results = Get-ADOrganizationalUnit -Properties CanonicalName -Filter * | Sort-Object CanonicalName |
ForEach-Object {
    [pscustomobject]@{
        Name          = Split-Path $_.CanonicalName -Leaf
        CanonicalName = $_.CanonicalName
        UserCount     = @(Get-AdUser -Filter * -SearchBase $_.DistinguishedName -SearchScope OneLevel).Count
    }
}
$results | Out-File C:\export_OUs.txt -Encoding UTF8

If you like to export to a CSV file, change the last line to:

$results | Export-Csv -Path C:\export_OUs.csv -NoTypeInformation -Encoding UTF8

After running the above command, find the exported file in the C:\ drive. I opened the text file export_OUs.txt.

Get Organizational Units (ous) with PowerShell text output

Keep reading: Bulk move AD users to another OU with PowerShell »

Conclusion

To sum it up, you learned how to get Organizational Units with PowerShell. You also learned how to find empty OUs. As of last, you learned how to export OUs to a text file or CSV file with PowerShell.

Did you enjoy this article? If so, you may like Hide mail-enabled security group from GAL with PowerShell. Don’t forget to follow us and share this article.

ALI TAJRAN

ALI TAJRAN

ALI TAJRAN is a passionate IT Architect, IT Consultant, and Microsoft Certified Trainer. He started Information Technology at a very young age, and his goal is to teach and inspire others. Read more »

TwitterLinkedIn

What Others Are Reading

This Post Has 6 Comments

  1. This script is extremely useful, However, I need to find all empty OU’s with no other output except the name and canonicalname. How would I alter the script to display this. The script must show all empty OU’s, no users, PC’s or groups. Thanks.

    Reply

  3. The is great, thank You.
    Is there a way to incorporate into this script that it only gives you a count of Windows 10 devices in each ou?

    Reply

  4. I was wondering, what does the ” -NoTypeInformation –Encoding UTF8 ” do in terms of encoding?

    In my test environment: I got the OU Distinguished names list and exported to csv, but the Distinguish names were not identical to that of the prompt. Would that potentially solve the issue? Hmm.

    Reply

    1. The NoTypeInformation parameter removes the #TYPE information header from the CSV output.

      PowerShell uses a Unicode character set by default. The Encoding parameter can specify the encoding for a different character set. In this example, UTF-8.

      Reply

Leave a Reply

Your email address will not be published.