{"id":71513,"date":"2004-09-02T11:41:00","date_gmt":"2004-09-02T11:41:00","guid":{"rendered":"https:\/\/blogs.technet.microsoft.com\/heyscriptingguy\/2004\/09\/02\/how-can-i-enumerate-all-the-objects-in-an-active-directory-ou\/"},"modified":"2004-09-02T11:41:00","modified_gmt":"2004-09-02T11:41:00","slug":"how-can-i-enumerate-all-the-objects-in-an-active-directory-ou","status":"publish","type":"post","link":"https:\/\/devblogs.microsoft.com\/scripting\/how-can-i-enumerate-all-the-objects-in-an-active-directory-ou\/","title":{"rendered":"How Can I Enumerate All the Objects in an Active Directory OU?"},"content":{"rendered":"<p><img decoding=\"async\" class=\"nearGraphic\" title=\"Hey, Scripting Guy! Question\" border=\"0\" alt=\"Hey, Scripting Guy! Question\" align=\"left\" src=\"https:\/\/devblogs.microsoft.com\/wp-content\/uploads\/sites\/29\/2019\/02\/q-for-powertip.jpg\" width=\"34\" height=\"34\"><\/p>\n<p>Hey, Scripting Guy! How can I enumerate all the objects in an Active Directory OU?<\/p>\n<p>&#8212; RB<\/p>\n<p><img decoding=\"async\" border=\"0\" alt=\"Spacer\" src=\"https:\/\/devblogs.microsoft.com\/scripting\/wp-content\/uploads\/sites\/29\/2019\/05\/spacer.gif\" width=\"5\" height=\"5\"><img decoding=\"async\" class=\"nearGraphic\" title=\"Hey, Scripting Guy! Answer\" border=\"0\" alt=\"Hey, Scripting Guy! Answer\" align=\"left\" src=\"https:\/\/devblogs.microsoft.com\/wp-content\/uploads\/sites\/29\/2019\/02\/a-for-powertip.jpg\" width=\"34\" height=\"34\"><a href=\"http:\/\/go.microsoft.com\/fwlink\/?linkid=68779&amp;clcid=0x409\"><img decoding=\"async\" class=\"farGraphic\" title=\"Script Center\" border=\"0\" alt=\"Script Center\" align=\"right\" src=\"http:\/\/img.microsoft.com\/library\/media\/1033\/technet\/images\/scriptcenter\/ad.jpg\" width=\"120\" height=\"288\"><\/a><\/p>\n<p>Hey, RB. By the way, thanks: it\u2019s always nice to get an easy question every once in awhile! Enumerating all the objects in an OU is almost embarrassingly-simple: by default, any time you bind to an OU using ADSI you automatically get back a collection of all the objects in that OU. To enumerate those objects, all you have to do is create a For Each loop that walks through the collection.<\/p>\n<p>Don\u2019t believe us? Well, here\u2019s a script that binds to the Servers OU in a domain named fabrikam.com. After making the connection, the script enters a For Each loop that displays the CN (common name) of every item in that collection, and thus every object in the OU:<\/p>\n<pre class=\"codeSample\">Set colItems = GetObject _\n    (\"LDAP:\/\/ou=Servers, dc=fabrikam, dc=com\")\nFor Each objItem in colItems\n    Wscript.Echo objItem.CN\nNext\n<\/pre>\n<p>It really <i>is<\/i> that simple. To adapt this script for use in your domain, just change the binding string accordingly. For example, suppose you want to connect to the Finance OU in contoso.com. Your script would look like this:<\/p>\n<pre class=\"codeSample\">Set colItems = GetObject _\n    (\"LDAP:\/\/ou=Finance, dc=contoso, dc=com\")\nFor Each objItem in colItems\n    Wscript.Echo objItem.CN\nNext\n<\/pre>\n<p>Two things to keep in mind here. First, remember that neither Users nor Computers (the default locations for user and computer accounts) are actually OUs; technically, these two entities are known as \u201ccontainers.\u201d That means you can\u2019t bind to either of these containers using a binding string like thus:<\/p>\n<pre class=\"codeSample\">ou=Users, dc=fabrikam, dc=com\n<\/pre>\n<p>That\u2019s not going to work. Instead, you\u2019ll have to reference the CN, like so:<\/p>\n<pre class=\"codeSample\">cn=Users, dc=fabrikam, dc=com\n<\/pre>\n<p>Second, there will often be times when you want to enumerate only a <i>subset<\/i> of items found in an OU; for example, you might want to get back a list of just the user accounts or just the computer accounts. To do that, bind to the OU, then add a filter. For example, this script returns only a list of the computer objects found in the Servers OU. How do we know that it returns only computer objects? Note the Filter, which specifies just one item: Computer.<\/p>\n<pre class=\"codeSample\">Set colItems = GetObject _\n    (\"LDAP:\/\/ou=Servers, dc=fabrikam, dc=com\")\ncolItems.Filter = Array(\"Computer\")\nFor Each objItem in colItems\n    Wscript.Echo objItem.CN\nNext\n<\/pre>\n<p>Notice, too, that items included in the Filter have to be passed as an array, even if (as is the case here) you\u2019re only filtering on one thing. Because items are passed as an array, this means you can filter on <i>multiple<\/i> items. Need a script that returns both user and computer accounts? All you had to do was ask:<\/p>\n<pre class=\"codeSample\">Set colItems = GetObject _\n    (\"LDAP:\/\/ou=Servers, dc=fabrikam, dc=com\")\ncolItems.Filter = Array(\u201cUser\u201d, \"Computer\")\nFor Each objItem in colItems\n    Wscript.Echo objItem.CN\nNext\n<\/pre>\n","protected":false},"excerpt":{"rendered":"<p>Hey, Scripting Guy! How can I enumerate all the objects in an Active Directory OU? &#8212; RB Hey, RB. By the way, thanks: it\u2019s always nice to get an easy question every once in awhile! Enumerating all the objects in an OU is almost embarrassingly-simple: by default, any time you bind to an OU using [&hellip;]<\/p>\n","protected":false},"author":595,"featured_media":87096,"comment_status":"open","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"_acf_changed":false,"footnotes":""},"categories":[1],"tags":[7,43,3,5],"class_list":["post-71513","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-scripting","tag-active-directory","tag-ous","tag-scripting-guy","tag-vbscript"],"acf":[],"blog_post_summary":"<p>Hey, Scripting Guy! How can I enumerate all the objects in an Active Directory OU? &#8212; RB Hey, RB. By the way, thanks: it\u2019s always nice to get an easy question every once in awhile! Enumerating all the objects in an OU is almost embarrassingly-simple: by default, any time you bind to an OU using [&hellip;]<\/p>\n","_links":{"self":[{"href":"https:\/\/devblogs.microsoft.com\/scripting\/wp-json\/wp\/v2\/posts\/71513","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/devblogs.microsoft.com\/scripting\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/devblogs.microsoft.com\/scripting\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/devblogs.microsoft.com\/scripting\/wp-json\/wp\/v2\/users\/595"}],"replies":[{"embeddable":true,"href":"https:\/\/devblogs.microsoft.com\/scripting\/wp-json\/wp\/v2\/comments?post=71513"}],"version-history":[{"count":0,"href":"https:\/\/devblogs.microsoft.com\/scripting\/wp-json\/wp\/v2\/posts\/71513\/revisions"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/devblogs.microsoft.com\/scripting\/wp-json\/wp\/v2\/media\/87096"}],"wp:attachment":[{"href":"https:\/\/devblogs.microsoft.com\/scripting\/wp-json\/wp\/v2\/media?parent=71513"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/devblogs.microsoft.com\/scripting\/wp-json\/wp\/v2\/categories?post=71513"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/devblogs.microsoft.com\/scripting\/wp-json\/wp\/v2\/tags?post=71513"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}