Get Organizational Units with PowerShell
We like to get a list of all the Organizational Units (OUs) in Active Directory and export it with PowerShell. Why do we need that? We like to clean up not used OUs. In this article, you will learn how to display and export a list of Organizational Units with PowerShell.
Get a list of all Organizational Units with PowerShell
Run PowerShell as administrator. Get a list of all the OUs in Active Directory. We will make use of the Get-ADOrganizationalUnit cmdlet. Let’s sort on CanonicalName, this will show us an OU breakdown structure and is easier to read.
1 2 3 4 5 6 7 8 9 10 11 12 13 | [PS] C:\>Get-ADOrganizationalUnit -Properties CanonicalName -Filter *| Sort-Object CanonicalName | Format-Table CanonicalName, DistinguishedName CanonicalName DistinguishedName ------------- ----------------- alitajran.local/AT Company OU=AT Company,DC=alitajran,DC=local alitajran.local/AT Company/Groups OU=Groups,OU=AT Company,DC=alitajran,DC=local alitajran.local/AT Company/Servers OU=Servers,OU=AT Company,DC=alitajran,DC=local alitajran.local/AT Company/Servers/Exchange OU=Exchange,OU=Servers,OU=AT Company,DC=alitajran,DC=local alitajran.local/AT Company/Users OU=Users,OU=AT Company,DC=alitajran,DC=local alitajran.local/AT Company/Users/HR OU=HR,OU=Users,OU=AT Company,DC=alitajran,DC=local alitajran.local/AT Company/Users/IT OU=IT,OU=Users,OU=AT Company,DC=alitajran,DC=local alitajran.local/Domain Controllers OU=Domain Controllers,DC=alitajran,DC=local alitajran.local/Microsoft Exchange Security Groups OU=Microsoft Exchange Security Groups,DC=alitajran,DC=local |
The output with all the OUs in AD is a good list. But how do we know if there are users present in the OU?
Get a list of all Organizational Units with UserCount with PowerShell
We like to get a list of the OUs including user count with PowerShell. This will show us if there are users present in the OU. Copy and paste the below code.
1 2 3 4 5 6 7 8 | Get-ADOrganizationalUnit -Properties CanonicalName -Filter *| Sort-Object CanonicalName | ForEach-Object{ [pscustomobject]@{ Name = Split-Path $_.CanonicalName -Leaf CanonicalName = $_.CanonicalName UserCount = (Get-AdUser -Filter * -SearchBase $_.DistinguishedName -SearchScope OneLevel).Count } } |
It will show an output with UserCount. If the UserCount is showing 0, it means that there are no users in the OU. Note: it will not show if there is a computer object in the OU. This will only check and show a count for users.
1 2 3 4 5 6 7 8 9 10 11 | Name CanonicalName UserCount ---- ------------- --------- AT Company alitajran.local/AT Company 0 Groups alitajran.local/AT Company/Groups 0 Servers alitajran.local/AT Company/Servers 0 Exchange alitajran.local/AT Company/Servers/Exchange 0 Users alitajran.local/AT Company/Users 0 HR alitajran.local/AT Company/Users/HR 5 IT alitajran.local/AT Company/Users/IT 15 Domain Controllers alitajran.local/Domain Controllers 0 Microsoft Exchange Security Groups alitajran.local/Microsoft Exchange Security Groups 0 |
Export OUs in AD to a text file or CSV file with PowerShell
Now that we have the list of OUs in AD shown, we like to export it to a file. The script will get the Organizational Units with PowerShell and export it to a text file.
1 2 3 4 5 6 7 8 9 | $results = Get-ADOrganizationalUnit -Properties CanonicalName -Filter *| Sort-Object CanonicalName | ForEach-Object{ [pscustomobject]@{ Name = Split-Path $_.CanonicalName -Leaf CanonicalName = $_.CanonicalName UserCount = (Get-AdUser -Filter * -SearchBase $_.DistinguishedName -SearchScope OneLevel).Count } } $results | Out-File C:\export_OUs.txt -Encoding UTF8 |
If you like to export to a CSV file, change the last line to $results | Export-Csv -Path C:\export_OUs.csv -NoTypeInformation –Encoding UTF8
After running the above command, find the exported file in the C:\ drive. I opened the text file export_OUs.txt.
Conclusion
To sum it up, you did learn how to get Organizational Units with PowerShell. Not only that, but you also learned how to find the empty OUs. As of last, you learned how to export OUs to a text file or CSV file with PowerShell. Did you enjoy this article? If so, you may like Hide mail-enabled security group from GAL with PowerShell. Don’t forget to follow us and share this article.
This Post Has One Comment
Nice post and I really appreciate the details.