![\"Hey,](\"https:\/\/devblogs.microsoft.com\/wp-content\/uploads\/sites\/29\/2019\/02\/q-for-powertip.jpg\" "\\"Hey,")
\n \n
Hey, Scripting Guy! How do I determine the OU a user account belongs to? Hey, CO. Ah, yes: the OU a user belongs to. No doubt a lot of you are thinking, \u201cWell, there\u2019s probably an OU property of some kind in Active Directory that gives you that information. All you have to do is locate the user account, and then get the value of the OU property.\u201d<\/P>\n That makes so much sense that – as you might have guessed – it\u2019s not the way things work. As it turns out, there is no OU property (or anything equivalent) in Active Directory. But don\u2019t fret. That doesn\u2019t mean we can\u2019t determine the user\u2019s OU; it just means we – gasp! – have to work a little harder to do so.<\/P>\n For the purposes of this column, we\u2019re assuming that you don\u2019t know the user\u2019s distinguished name; after all, with a distinguished name like CN=kenmyer,OU=Finance,DC-fabrikam,DC=com, well, even a Scripting Guy can figure out which OU the user belongs to. So we\u2019ll assume that all you know is the user\u2019s SAM account name, the name he or she typically uses to log on to the domain.<\/P>\n If you do<\/I> know the SAM account name you\u2019re in luck; that\u2019s because these names must be unique in the Active Directory forest. Therefore, we can find this user by doing an Active Directory search:<\/P> Const ADS_SCOPE_SUBTREE = 2<\/p>\n Set objConnection = CreateObject(“ADODB.Connection”)\nSet objCommand = CreateObject(“ADODB.Command”)\nobjConnection.Provider = “ADsDSOObject”\nobjConnection.Open “Active Directory Provider”\nSet objCommand.ActiveConnection = objConnection<\/p>\n objCommand.Properties(“Page Size”) = 1000\nobjCommand.Properties(“Searchscope”) = ADS_SCOPE_SUBTREE <\/p>\n objCommand.CommandText = _\n “SELECT distinguishedName FROM ‘LDAP:\/\/dc=fabrikam,dc=com’ WHERE objectCategory=’user’ ” & _\n “AND sAMAccountName=’kenmyer'”\nSet objRecordSet = objCommand.Execute<\/p>\n objRecordSet.MoveFirst\nDo Until objRecordSet.EOF\n Wscript.Echo objRecordSet.Fields(“distinguishedName”).Value\n objRecordSet.MoveNext\nLoop\n<\/PRE>\n As we\u2019ve noted before, there\u2019s quite a bit involved in carrying out an Active Directory search, even though the script isn\u2019t really all that long or all that complicated. For more information, check out this Scripting Guys\u2019 Webcast<\/B><\/A>.<\/P>\n Without going into any detail, what we\u2019ve done here is search fabrikam.com for the user with the sAMAccountName kenmyer<\/B>, As soon as we find him we echo his distinguished name (the distinguishedName attribute). Because that\u2019s in the form CN=kenmyer,OU=Finance,DC=fabrikam,DC=com, we can look at the results and determine the user\u2019s OU.<\/P>\n But the truth is, we\u2019re too lazy to look at the user\u2019s distinguished name; we want the script to do that for us. So let\u2019s make a slight modification to our Do loop. Here\u2019s the modified code; we\u2019ll explain how it works in a second.<\/P> Whoa! But don\u2019t panic; this actually makes sense. We start, again, by getting the value of the user\u2019s distinguished name; as we already know, this will be something like CN=kenmyer,OU=Finance,DC=fabrikam,DC=com<\/B>.<\/P>\n We store this value in the variable strPath, then use the VBScript Split command to, well, split strPath into elements of an array. When we use the Split command and split on the comma (that is, we indicate that the comma is our delimiter, the character that separate the individual items in the string), we end up with an array that consists of the following elements:<\/P> We know that the second element in the array (and the second element in an array always has an index number of 1) is the OU where the user account resides. That means that, to get the name of the OU, we just need to take the second element (arrPath(1)<\/B>)and then get rid of the OU=.<\/P>\n Can we do that? Of course we can. We use the Len function to determine the number of characters in element 0 of our array. Remember, the value is OU=Finance<\/B>, so the number of characters is 10.<\/P>\n Next we subtract 3 from the number of characters. Why? Well, we want to get rid of OU=, and OU= has three characters. Subtracting 3 from 10 leaves us with 7, which means we now know that the actual name of the OU – Finance<\/B> – is 7 characters long.<\/P>\n Now – finally – we use the Right function to grab the last 7 characters in the string; in other words, we start at the e<\/B> in OU=Finance<\/B> and move back 7 characters. And guess what? You got it: the last 7 characters in OU=Finance<\/B> just happen to be Finance<\/B>, the name of the OU where the user account lives. Hey, we did it!<\/P>\n Here\u2019s the revised script that searches Active Directory and reports back the OU where the user account resides. <\/P> Set objConnection = CreateObject(“ADODB.Connection”)\nSet objCommand = CreateObject(“ADODB.Command”)\nobjConnection.Provider = “ADsDSOObject”\nobjConnection.Open “Active Directory Provider”\nSet objCommand.ActiveConnection = objConnection<\/p>\n objCommand.Properties(“Page Size”) = 1000\nobjCommand.Properties(“Searchscope”) = ADS_SCOPE_SUBTREE <\/p>\n objCommand.CommandText = _\n “SELECT distinguishedName FROM ‘LDAP:\/\/dc=fabrikam,dc=com’ \u201c & _\n “WHERE objectCategory=’user’ ” & _\n “AND sAMAccountName=’kenmyer'”\nSet objRecordSet = objCommand.Execute<\/p>\n objRecordSet.MoveFirst\nDo Until objRecordSet.EOF\n strDN = objRecordSet.Fields(“distinguishedName”).Value\n arrPath = Split(strDN, “,”)\n intLength = Len(arrPath(1))\n intNameLength = intLength – 3\n Wscript.Echo Right(arrPath(1), intNameLength)\n objRecordSet.MoveNext\nLoop\n<\/PRE>
— CO<\/P>![\"Spacer\"](\"https:\/\/devblogs.microsoft.com\/scripting\/wp-content\/uploads\/sites\/29\/2019\/05\/spacer.gif\")
![\"Hey,](\"https:\/\/devblogs.microsoft.com\/wp-content\/uploads\/sites\/29\/2019\/02\/a-for-powertip.jpg\" "\\"Hey,")
![\"Script](\"http:\/\/img.microsoft.com\/library\/media\/1033\/technet\/images\/scriptcenter\/ad.jpg\" "\\"Script")
<\/A> \nOn Error Resume Next<\/p>\n
Do Until objRecordSet.EOF\n strDN = objRecordSet.Fields(“distinguishedName”).Value\n arrPath = Split(strDN, “,”)\n intLength = Len(arrPath(1))\n intNameLength = intLength – 3\n Wscript.Echo Right(arrPath(1), intNameLength)\n objRecordSet.MoveNext\nLoop\n<\/PRE>\n
CN=kenmyer \nOU=Finance\nDC=fabrikam\nDC=com\n<\/PRE>\n
Const ADS_SCOPE_SUBTREE = 2<\/p>\n
\n\n
![\"Top](\"http:\/\/www.microsoft.com\/technet\/mnplibrary\/templates\/MNP2.Common\/images\/arrow_px_up.gif\"){kind=icon}
<\/A>