Reputation: 3
How do I search Active Directory to find all enabled users that exist in two different organizational units from the same domain?
I'm not very well versed in scripting, but I'm looking to routinely audit the enabled uses in our Active Directory domain. We have users split into multiple organizational units and I would like to search for all users who are enabled and export that info into a single csv file for review by another department.
I'd like to do this with Powershell, but I'm not married to that method.
Right now, I'm using the following to create two files but am having difficulty refining the info down to just the first and last names, then getting the data from different ou's into one file.
Any help would be appreciated.
Get-ADUser -Filter 'enabled -eq $true' -SearchBase "OU=corporate office,OU=company users,DC=company,DC=com" | export-csv -Path c:\files\corporate_users.csv
and
Get-ADUser -Filter 'enabled -eq $true' -SearchBase "OU=branch office,OU=company users,DC=company,DC=com" | export-csv -Path c:\files\branch_users.csv
Upvotes: 0
Views: 9465
Answers (2)
Reputation: 9183
An object can and always does exist in only ONE location in the Active Directory. By that assertion, NO, a user cannot exist in two different OUs in an Active Directory domain at the same time.
So in AD terms, a user account has a single-value attribute in the OU, and a multi-value attribute in groups.
You are doing absolutely right. I am just making it a single script for you which you can utilize as per your requirement. Just create a single ps1 file and execute the below script.
I have added comments also in the script for your reference.
# First line is creating the CSV File and capturing only the Four Properties which I have passed in the Select part
Get-ADUser -Filter 'enabled -eq $true' -SearchBase "OU=corporate office,OU=company users,DC=company,DC=com" |Select Name,SamAccountName,DistinguishedName,Surname| export-csv -Path c:\files\corporate_users.csv
# Second line is Appending the data in the same csv file which the 1st line has been created with the same properties.
Get-ADUser -Filter 'enabled -eq $true' -SearchBase "OU=branch office,OU=company users,DC=company,DC=com" |Select Name,SamAccountName,DistinguishedName,Surname| export-csv -Path c:\files\branch_users.csv -Append
# You can segregate them using the DistinguisedName property which will tell that a user is part of which OU.
NOTE: You can pick all the properties of the User in the Select as per your requirement.
Feel free to accept the answer if this satisfies you that will help others too.
Upvotes: 0
Reputation: 2718
ok so all you need to do here is store the results from your first command as an array into a variable, then add the results of the second command to that array, after that we can go ahead and filter the results and then export to CSV file.
$results = Get-ADUser -Filter 'enabled -eq $true' -SearchBase "OU=corporate office,OU=company users,DC=company,DC=com"
$results += Get-ADUser -Filter 'enabled -eq $true' -SearchBase "OU=branch office,OU=company users,DC=company,DC=com"
$results | select-object GivenName,SurName | export-csv -Path c:\files\branch_users.csv
Note that if you are planning to get ALL enabled users anyway you can just eliminate the -SearchBase parameter and run the Get-Aduser with only the filter. you may also want to try running Get-aduser SOMEUSERNAME -properties * | Get-Member which will show you the names of the (many) properties available on ADUSER objects.
Upvotes: 0
Related Questions
- Search under a AD Group for users members and their department
- Active Directory - Search in specific OU without sub-OUs
- Finding users in AD
- Find users and groups in all domains of my organization
- How To search for user across all domains?
- Powershell AD user search by name and OU
- Finding a User on one of many domains
- Powershell Search for AD Users
- Search AD users for a user
- list of users that are in an OU AND a memberOf a certain sec group