We want to export AD users information to CSV with PowerShell. Why do we need…
Get Organizational Units with PowerShell
We like to get a list of all the Organizational Units (OUs) in Active Directory and export it with PowerShell. Why do we need that? We like to clean up not used OUs. This article will teach you how to display and export a list of Organizational Units with PowerShell.
Table of contents
- Get a list of all Organizational Units with PowerShell
- Get a list of all Organizational Units including UserCount with PowerShell
- Get a list of all Organizational Units including ComputerCount with PowerShell
- Get a list of all empty Organizational Units with PowerShell
- Export OUs in AD to a text file or CSV file with PowerShell
- Conclusion
Get a list of all Organizational Units with PowerShell
Run PowerShell as administrator. Get a list of all the OUs in Active Directory. We will make use of the Get-ADOrganizationalUnit cmdlet. Let’s sort on CanonicalName. This will show us an OU breakdown structure and is easier to read.
Get-ADOrganizationalUnit -Properties CanonicalName -Filter * | Select-Object CanonicalName, DistinguishedName | Sort-Object CanonicalNameThe below output appears.
CanonicalName DistinguishedName
------------- -----------------
alitajran.local/AT Company OU=AT Company,DC=alitajran,DC=local
alitajran.local/AT Company/Groups OU=Groups,OU=AT Company,DC=alitajran,DC=local
alitajran.local/AT Company/Servers OU=Servers,OU=AT Company,DC=alitajran,DC=local
alitajran.local/AT Company/Servers/Exchange OU=Exchange,OU=Servers,OU=AT Company,DC=alitajran,DC=local
alitajran.local/AT Company/Users OU=Users,OU=AT Company,DC=alitajran,DC=local
alitajran.local/AT Company/Users/HR OU=HR,OU=Users,OU=AT Company,DC=alitajran,DC=local
alitajran.local/AT Company/Users/IT OU=IT,OU=Users,OU=AT Company,DC=alitajran,DC=local
alitajran.local/Domain Controllers OU=Domain Controllers,DC=alitajran,DC=local
alitajran.local/Microsoft Exchange Security Groups OU=Microsoft Exchange Security Groups,DC=alitajran,DC=localThe output with all the OUs in AD is a good list. But how do we know if there are users present in the OU?
Get a list of all Organizational Units including UserCount with PowerShell
We like to get a list of the OUs, including user count with PowerShell. This will show us if there are users present in the OU. Copy and paste the below code into PowerShell ISE.
$OUs = Get-ADOrganizationalUnit -Properties CanonicalName -Filter * | Select-Object CanonicalName, DistinguishedName | Sort-Object CanonicalName
foreach ($OU in $OUs) {
[pscustomobject]@{
Name = Split-Path $OU.CanonicalName -Leaf
CanonicalName = $OU.CanonicalName
UserCount = @(Get-AdUser -Filter * -SearchBase $OU.DistinguishedName -SearchScope OneLevel).Count
}
}It will show an output with a column UserCount. If the UserCount value is showing 0, it means that there are no users in the OU.
Note: It will not show if there is a computer object in the OU. This will only check and show a count for users.
Name CanonicalName UserCount
---- ------------- ---------
AT Company alitajran.local/AT Company 0
Groups alitajran.local/AT Company/Groups 0
Servers alitajran.local/AT Company/Servers 0
Exchange alitajran.local/AT Company/Servers/Exchange 0
Users alitajran.local/AT Company/Users 0
HR alitajran.local/AT Company/Users/HR 5
IT alitajran.local/AT Company/Users/IT 15
Domain Controllers alitajran.local/Domain Controllers 0
Microsoft Exchange Security Groups alitajran.local/Microsoft Exchange Security Groups 0Get a list of all Organizational Units including ComputerCount with PowerShell
We like to get a list of the OUs, including computer count with PowerShell.
$OUs = Get-ADOrganizationalUnit -Properties CanonicalName -Filter * | Select-Object CanonicalName, DistinguishedName | Sort-Object CanonicalName
foreach ($OU in $OUs) {
[pscustomobject]@{
Name = Split-Path $OU.CanonicalName -Leaf
CanonicalName = $OU.CanonicalName
UserCount = @(Get-AdUser -Filter * -SearchBase $OU.DistinguishedName -SearchScope OneLevel).Count
ComputerCount = @(Get-AdComputer -Filter * -SearchBase $OU.DistinguishedName -SearchScope OneLevel).Count
}
}The output will show a column ComputerCount.
Name CanonicalName UserCount ComputerCount
---- ------------- --------- -------------
AT Company alitajran.local/AT Company 0 0
Groups alitajran.local/AT Company/Groups 0 0
Servers alitajran.local/AT Company/Servers 0 3
Exchange alitajran.local/AT Company/Servers/Exchange 0 2
Users alitajran.local/AT Company/Users 0 0
HR alitajran.local/AT Company/Users/HR 5 0
IT alitajran.local/AT Company/Users/IT 15 0
Domain Controllers alitajran.local/Domain Controllers 0 2
Microsoft Exchange Security Groups alitajran.local/Microsoft Exchange Security Groups 0 0Get a list of all empty Organizational Units with PowerShell
This will show all empty OUs with no other output except the Name and CanonicalName.
$OUs = Get-ADOrganizationalUnit -Properties CanonicalName -Filter * | Select-Object CanonicalName, DistinguishedName | Sort-Object CanonicalName
foreach ($OU in $OUs) {
$userCount = @(Get-AdUser -Filter * -SearchBase $OU.DistinguishedName -SearchScope OneLevel).Count
$computerCount = @(Get-AdComputer -Filter * -SearchBase $OU.DistinguishedName -SearchScope OneLevel).Count
$groupCount = @(Get-AdGroup -Filter * -SearchBase $OU.DistinguishedName -SearchScope OneLevel).Count
$contactCount = @(Get-ADObject -Filter 'objectClass -eq "contact"' -SearchBase $OU.DistinguishedName -SearchScope OneLevel).Count
if ($userCount -eq 0 -and $computerCount -eq 0 -and $groupCount -eq 0 -and $contactCount -eq 0) {
[pscustomobject]@{
Name = Split-Path $OU.CanonicalName -Leaf
CanonicalName = $OU.CanonicalName
}
}
}Export OUs in AD to a text file or CSV file with PowerShell
Now that we have the list of OUs in AD shown, we like to export it to a file. The script will get the Organizational Units with PowerShell and export it to a text file.
$OUs = Get-ADOrganizationalUnit -Properties CanonicalName -Filter * | Select-Object CanonicalName, DistinguishedName | Sort-Object CanonicalName
$OUResults = foreach ($OU in $OUs) {
[pscustomobject]@{
Name = Split-Path $OU.CanonicalName -Leaf
CanonicalName = $OU.CanonicalName
UserCount = @(Get-AdUser -Filter * -SearchBase $OU.DistinguishedName -SearchScope OneLevel).Count
}
}
$OUResults | Out-File "C:\temp\export_OUs.txt" -Encoding UTF8If you like to export to a CSV file, change the last line to:
$OUResults | Export-Csv -Path "C:\temp\export_OUs.csv" -NoTypeInformation -Encoding UTF8After running the above command, find the exported file in the C:\temp folder. I opened the text file export_OUs.txt.
That’s it!
Read more: Bulk move AD users to another OU with PowerShell »
Conclusion
You learned how to get Organizational Units with PowerShell. You also learned how to find empty OUs. As of last, you learned how to export OUs to a text file or CSV file with PowerShell.
Did you enjoy this article? You may like Export AD users to CSV with PowerShell. Don’t forget to follow us and share this article.
What Others Are Reading
Great post. I wonder about modifying the code to find empty OUs so it also sees any sub-OUs. I played a touch with adding that myself but I’m not completely sure on valid syntax.
This script is extremely useful. Thanks.
Very useful scripts and time saving.
Thanks a lot Mr.Ali
The is great, thank You.
Is there a way to incorporate into this script that it only gives you a count of Windows 10 devices in each ou?
I was wondering, what does the “-NoTypeInformation -Encoding UTF8” do in terms of encoding?
In my test environment: I got the OU Distinguished names list and exported to csv, but the Distinguish names were not identical to that of the prompt. Would that potentially solve the issue? Hmm.
The NoTypeInformation parameter removes the #TYPE information header from the CSV output.
PowerShell uses a Unicode character set by default. The Encoding parameter can specify the encoding for a different character set. In this example, UTF-8.
Nice post and I really appreciate the details.