{"id":68753,"date":"2005-10-13T16:16:00","date_gmt":"2005-10-13T16:16:00","guid":{"rendered":"https:\/\/blogs.technet.microsoft.com\/heyscriptingguy\/2005\/10\/13\/how-can-i-get-a-list-of-all-the-users-in-an-ou-and-its-sub-ous\/"},"modified":"2005-10-13T16:16:00","modified_gmt":"2005-10-13T16:16:00","slug":"how-can-i-get-a-list-of-all-the-users-in-an-ou-and-its-sub-ous","status":"publish","type":"post","link":"https:\/\/devblogs.microsoft.com\/scripting\/how-can-i-get-a-list-of-all-the-users-in-an-ou-and-its-sub-ous\/","title":{"rendered":"How Can I Get a List of All the Users in an OU and Its Sub-OUs?"},"content":{"rendered":"

\"Hey, \n

Hey, Scripting Guy! How can I get a list of all the users in an OU and its sub-OUs?

— MN<\/P>\"Spacer\"\"Hey,\"Script<\/A> \n

Hey, MN. Thanks to either faulty wiring or a neighbor\u2019s fireworks (the investigation was inconclusive), one of the Scripting Guys had the delightful experience of watching his garage burn down this summer. Because the Scripting Cars were never parked in the garage, this Scripting Guy decided to rebuild the thing as a family room. That\u2019s fine, and, in general, the contractors did a pretty good job. Of course, as a garage, the room originally had a pair of electrical outlets in the ceiling in order to plug in garage door openers. Upon rebuilding the garage as a family room, the contractor left those two electrical outlets exposed, in order to plug in \u2026 well, whatever kind of device you normally plug into a ceiling. (Best of all, neither outlet is near a wall. Instead, both are out towards the middle of the room, the very place you want to see electrical cords hanging.)<\/P>\n

On the one hand, this Scripting Guy can\u2019t help but look at those two electrical outlets and think, \u201cHow could you miss something so obvious?\u201d On the other hand, that same Scripting Guy can look back over 15 months of Hey, Scripting Guy!<\/I> columns and notice that we\u2019ve never answered this particular question. Good heavens, how could we miss something that<\/I> obvious?!? Realizing that we\u2019ve never answered this often-asked questions makes it a bit harder to yell at the contractor for not covering over those electrical outlets.<\/P>\n

Barring more faulty wiring (or another poorly-aimed firework), our Scripting Guy is stuck with a pair of electrical outlets in his family room ceiling forever and ever. But at least readers of this column no longer have to wonder how to get a list of all the users in an OU and its sub-OUs:<\/P>

On Error Resume Next<\/p>\n
Const ADS_SCOPE_SUBTREE = 2<\/p>\n
Set objConnection = CreateObject(“ADODB.Connection”)\nSet objCommand =   CreateObject(“ADODB.Command”)\nobjConnection.Provider = “ADsDSOObject”\nobjConnection.Open “Active Directory Provider”\nSet objCommand.ActiveConnection = objConnection<\/p>\n
objCommand.Properties(“Page Size”) = 1000\nobjCommand.Properties(“Searchscope”) = ADS_SCOPE_SUBTREE <\/p>\n
objCommand.CommandText = _\n    “SELECT Name FROM ‘LDAP:\/\/ou=finance,dc=fabrikam,dc=com’ WHERE objectCategory=’user'”  \nSet objRecordSet = objCommand.Execute<\/p>\n
objRecordSet.MoveFirst\nDo Until objRecordSet.EOF\n    Wscript.Echo objRecordSet.Fields(“Name”).Value\n    objRecordSet.MoveNext\nLoop\n<\/PRE>\n
As you can see, this is an Active Directory search script. We like using Active Directory search scripts when answering these questions, for two reasons. One, these search scripts are extremely powerful, yet relatively simple to write. And two, they\u2019re just<\/I> complicated enough that we can\u2019t explain all the ins and outs in this column; instead, if you\u2019re unfamiliar with scripts for searching Active Directory we always encourage you to read our two-part Tales from the Script<\/I> series Dude, Where\u2019s My Printer?<\/B><\/A><\/P>\n\n<\/THEAD>\n\n\n
\n
Note<\/B>. Why is that<\/I> a good thing? Well, to be honest, we\u2019re lazy, and this way we don\u2019t have to write very much. But if anyone asks, it\u2019s a good thing because the two-part series does a much better job of discussing Active Directory search scripts than we could possibly do in a daily column. Which is actually true.<\/P><\/TD><\/TR><\/TBODY><\/TABLE>\n
<\/DIV>\n
The whole secret to searching just an OU and its sub-OUs is picking a starting point. Typically when searching Active Directory you start the search in the root and work your way down through the directory tree:<\/P>
objCommand.CommandText = _\n    “SELECT Name FROM ‘LDAP:\/\/dc=fabrikam,dc=com’ WHERE objectCategory=’user'”\n<\/PRE>\n
Note as well that we also specify the objectCategory<\/B> as being equal to user<\/I>. That ensures that we get back only user accounts and not computer accounts, group accounts, or any other objects found in Active Directory.<\/P>\n
But what if we want to search only<\/I> the Finance OU and its sub-OUs? In that case, we simply start the search in the Finance OU:<\/P>
objCommand.CommandText = _\n    “SELECT Name FROM ‘LDAP:\/\/ou=finance,dc=fabrikam,dc=com’ WHERE objectCategory=’user'”\n<\/PRE>\n
It\u2019s that simple. Suppose the Finance OU has a sub-OU named Accounting and we wanted to search just the Accounting OU and its<\/I> sub-OUs? Okey-doke:<\/P>
objCommand.CommandText = _\n    “SELECT Name FROM ‘LDAP:\/\/ou=accounting,ou=finance,dc=fabrikam,dc=com’ ” & _\n        “WHERE objectCategory=’user'”\n<\/PRE>\n
Incidentally, the reason we search the OU and<\/I> its sub-OUs is because we defined a constant named ADS_SCOPE_SUBTREE and set the value to 2. We then used that constant when defining the search scope:<\/P>
objCommand.Properties(“Searchscope”) = ADS_SCOPE_SUBTREE\n<\/PRE>\n
When the Searchscope<\/B> property is set to 2, a search will be conducted in a container and all its sub-containers. That\u2019s how we can search all of Active Directory: we simply start in the root, and with Searchscope set to 2 we\u2019ll search not only the root but all its sub-containers (and all their sub-containers). That, of course, will amount to the entire domain. If we wanted to search just<\/I> an OU (ignoring its sub-OUs) then we would set Searchscope to 1. <\/P>\n
Well, that was<\/I> easy, wasn\u2019t it? Now if we could just figure out what to do with those electrical outlets in the ceiling all our problems would be solved.<\/P><\/p>\n","protected":false},"excerpt":{"rendered":"
Hey, Scripting Guy! How can I get a list of all the users in an OU and its sub-OUs?— MN Hey, MN. Thanks to either faulty wiring or a neighbor\u2019s fireworks (the investigation was inconclusive), one of the Scripting Guys had the delightful experience of watching his garage burn down this summer. Because the Scripting […]<\/p>\n","protected":false},"author":595,"featured_media":87096,"comment_status":"open","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"_acf_changed":false,"footnotes":""},"categories":[1],"tags":[7,43,3,5],"class_list":["post-68753","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-scripting","tag-active-directory","tag-ous","tag-scripting-guy","tag-vbscript"],"acf":[],"blog_post_summary":"
Hey, Scripting Guy! How can I get a list of all the users in an OU and its sub-OUs?— MN Hey, MN. Thanks to either faulty wiring or a neighbor\u2019s fireworks (the investigation was inconclusive), one of the Scripting Guys had the delightful experience of watching his garage burn down this summer. Because the Scripting […]<\/p>\n","_links":{"self":[{"href":"https:\/\/devblogs.microsoft.com\/scripting\/wp-json\/wp\/v2\/posts\/68753","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/devblogs.microsoft.com\/scripting\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/devblogs.microsoft.com\/scripting\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/devblogs.microsoft.com\/scripting\/wp-json\/wp\/v2\/users\/595"}],"replies":[{"embeddable":true,"href":"https:\/\/devblogs.microsoft.com\/scripting\/wp-json\/wp\/v2\/comments?post=68753"}],"version-history":[{"count":0,"href":"https:\/\/devblogs.microsoft.com\/scripting\/wp-json\/wp\/v2\/posts\/68753\/revisions"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/devblogs.microsoft.com\/scripting\/wp-json\/wp\/v2\/media\/87096"}],"wp:attachment":[{"href":"https:\/\/devblogs.microsoft.com\/scripting\/wp-json\/wp\/v2\/media?parent=68753"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/devblogs.microsoft.com\/scripting\/wp-json\/wp\/v2\/categories?post=68753"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/devblogs.microsoft.com\/scripting\/wp-json\/wp\/v2\/tags?post=68753"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}