How Can I List All the Groups in an OU?
Hey, Scripting Guy! How can I list all the groups in an OU?
— MK
Hey, MK. You know, sometimes people ask us a question and then immediately apologize for having asked it, believing that the question is “way too easy for you guys.” In turn, that seems to imply that the Scripting Guys aren’t really guys at all but simply great masses of intellectual energy that sit around all day contemplating the mysteries of the cosmos. Yes, just like the old Star Trek episode where the beings from some planet had become nothing but brains, having outgrown the need for their bodies. (Some of us Scripting Guys would like to get rid of our bodies, too, but that’s a different story.)
If the truth be told, though, the Scripting Guys like easy questions. For one thing, they’re easy; even great masses of intellectual energy deserve a break once in a while. More important, we know these same questions are shared by many other readers of this column. (Hey, as great masses of intellectual energy we know everything.) So don’t be afraid to ask easy questions; we encourage them. And if you have hard questions, well, maybe you could track down those brain guys from Star Trek. Sure, we could answer those questions ourselves, but seeing as how Star Trek was cancelled over 35 years ago those brain guys could probably use the work.
So how do you get a list of all the groups in an OU? Like this:
Set objOU = GetObject(“LDAP://ou=Finance,dc=fabrikam,dc=com”) objOU.Filter = Array(“Group”)For Each objGroup in objOU Wscript.Echo objGroup.Name Next
We begin by binding to the Finance OU in Active Directory. This, by the way, brings up another question we get asked all the time: how do you bind to an OU that’s inside another OU? For example, suppose the Finance OU was in an OU named NorthAmerica? How would you bind to the Finance OU then?
Wow; that’s two easy questions in one day. To bind to a sub-OU all you have to do is specify the complete path to that OU; in other words:
Set objOU = GetObject(“LDAP://ou=Finance,ou=NorthAmerica,dc=fabrikam,dc=com”)
See how that works? We bind to the Finance OU, which is in the NorthAmerica OU, which is in fabrikam.com. Etc. etc.
Having made a connection to the OU we then apply a Filter, which in this case limits the returned data to group accounts:
objOU.Filter = Array(“Group”)
Note that values passed to the filter must be in the form of an array. That might seem silly – an array of just one object? – but this allows us to filter on multiple object types. For example, suppose we wanted to return a list of groups and computers. In that case, we would use code similar to this:
objOU.Filter = Array(“Group”, “Computer”)
Finally, we set up a For Each loop and echo back the name of each item in the collection; thanks to the filter, the only things in the collection will be group accounts.
Now, if you’ll excuse us, we have to go back to figuring out why sushi – fish that hasn’t been cooked – costs way more than the exact same fish that has been cooked. (And, yes, we were going to try to figure out why people would eat raw fish in the first place, but there are some things that are beyond the reach of even great masses of intellectual energy.)
Light
Dark
1 comment
Hey Scripting Guy! Taking this example of listing all Groups for an OU or two then filtering for a particular group wildcard string, say SYS_*_STAGE*, where the result would be SYS_AAA_STAGE1, SYS_AAA_STAGE2, SYS_BBB_STAGE1, etc. For each returned group I’ll retrieve the members, this piece of the puzzle I have and has been heavily documented.
I’ll take my fish grilled please….Many thanks, Eddie