Returning the OU for an object in AD

Posted by Chris on December 8, 2008 in Active Directory, PowerShell, VbScript | Tags :, , ,

Occasionally it can be useful to know how to retrieve the parent, or OU holding an object, from Active Directory.
Perhaps the easiest way to do this is using the Parent property.

VbScript: Getting the OU for a user

Set objUser = GetObject( _
  "LDAP://CN=Chris Dent,OU=Somewhere,DC=internal,DC=highorbit,DC=co,DC=uk")
strParent = objUser.Parent

WScript.Echo strParent

In VbScript the value returned is a string, to get the name of the OU either connect to the object then get the name attribute or parse the name out of the string (Split, or Mid, etc). The example below shows connecting to the parent object and echoing the name.

Set objParent = GetObject(strParent)
WScript.Echo objParent.Get("name")

PowerShell: Getting the OU for a user

$DN = "CN=Chris Dent,OU=Somewhere,DC=internal,DC=highorbit,DC=co,DC=uk"
$User = [ADSI]"LDAP://$DN"
$Parent = $User.PSBase.Parent

PowerShell is a little different, the returned value is a DirectoryEntry, that means we can directly access any other property or attribute without connecting again.

$DN = "CN=Chris Dent,OU=Somewhere,DC=internal,DC=highorbit,DC=co,DC=uk"
$User = [ADSI]"LDAP://$DN"
$Name = ($User.PSBase.Parent).Name

Example: Getting the OU for all members of a group

These examples assume that the group path is known, no searches are involved.

VbScript

Set objGroup = GetObject( _
  "LDAP://CN=Domain Admins,CN=Users,DC=internal,DC=highorbit,DC=co,DC=uk")

Set objFileSystem = CreateObject("Scripting.FileSystemObject")
Set objFile = objFileSystem.OpenTextFile( _
  objGroup.Get("name") & " - Members.txt", 2, True, 0)

For Each objMember in objGroup.Members
  objFile.WriteLine objMember.Get("sAMAccountName") & VbTab & _
    objMember.Get("cn") & VbTab & _
    objMember.Parent
Next

Set objFile = Nothing
Set objFileSystem = Nothing

Set objGroup = Nothing

PowerShell

The note above about Parent returning a DirectoryEntry does not apply if using the Members method in PowerShell. The object returned is a COM Object and will not work in quite the same way. This is the equivalent of the VbScript above.

$DN = "CN=Domain Admins,CN=Users,DC=internal,DC=highorbit,DC=co,DC=uk"
$Group = [ADSI]"LDAP://$DN"
$Group.PSBase.Invoke("Members") `
  | Select-Object `
    @{n="sAMAccountName";e={
      $_.GetType().InvokeMember("sAMAccountName", "GetProperty", `
        $Null, $_, $Null)}}, `
    @{n="CN";e={
      $_.GetType().InvokeMember("cn", "GetProperty", `
        $Null, $_, $Null)}}, `
    @{n="Parent";e={
      $_.GetType().InvokeMember("parent", "GetProperty", `
        $Null, $_, $Null)}}

Related posts:

  1. Changing the Primary Group with PowerShell Exactly as the title says, an example of how to...
  2. Merge-Object A function to merge or join two objects. For example,...
  3. Building LDAP filters for date based attributes Active Directory contains a number of attributes which hold date...
  4. Accept or reject messages from This function reads delivery restrictions from objects in Active Directory....
  5. Get-DsAcl The goal of this PowerShell function is to create a...

Related posts brought to you by Yet Another Related Posts Plugin.

Respond to this post