View object OU

  • 146 Views
  • Last Post 28 June 2018
manasrrp6 posted this 27 June 2018

Can any one help how to view any object's OU by command line at any target computer CMD console, without at ADUC window of DNS server.
I used 
gpresult /v | more
It scroll a very long output.
--
With Warm Regards,
Manas Dash.+91 9437615424
+91 7400342191
Skype : manasrrp6
Plant a Tree & Save the Earth.

Order By: Standard | Newest | Votes
michael1 posted this 28 June 2018

Oh absolutely. Specifically problem #1.

The original small function I listed does a lookup on root DSE in order to get the default naming context, and it does it every time. But that information is a constant for a given domain.

What I use in "production" code is the below (note that this pre-dates the AD module and this is just part of a larger script). It only does a single lookup on the root DSE per script execution and only a single lookup on the default NC. So the first call is the same as before while subsequent calls are much faster.

$global:rootDSE = $null
$global:
defaultNC = $null

function getRootDSE
{
if( $null -eq $global:rootDSE )
{
$global:
rootDSE = New-Object System.DirectoryServices.DirectoryEntry( 'LDAP://RootDSE' )
}

$global:rootDSE
}

function getdefaultNC
{
if( $null -eq $global:
defaultNC )
{
$rootDSE = getRootDSE
$global:defaultNC = $rootDSE.Properties[ 'defaultNamingContext' ].Value -as [String]
}

$global:
defaultNC
}

function getObjectOU( [string] $objName )
{
##
## More-or-less equivalent to
## dsquery user domainroot -samid
## or
## dsquery computer domainroot -name
##
## the result just doesn't have double-quotes around it
##

$ds = New-Object System.DirectoryServices.DirectorySearcher
$ds.Filter = "(|(cn=$objName)(cn=$($objName)$)(samaccountname=$objName)(samaccountname=$($objName)$))"
$ds.SearchRoot = 'LDAP://' + ( getdefaultNC )

$r = $ds.FindAll()

$r |% { $.Properties[ 'distinguishedName' ] -ne $null } |% { $ }
}

show

kurtbuff posted this 28 June 2018

Do you mean optimizations like these?
https://blogs.technet.microsoft.com/ashleymcglone/2017/07/12/slow-code-top-5-ways-to-make-your-powershell-scripts-run-faster/

show

michael1 posted this 27 June 2018

Unfortunately, that requires the AD RSAT to be installed. Perhaps something like this, which only requires domain membership:

function getObjectOU( [string] $objName )
{
$search = $objName

$rootDSE = New-Object System.DirectoryServices.DirectoryEntry( 'LDAP://RootDSE' )
$defaultNC = $rootDSE.Properties[ 'defaultNamingContext' ].Value -as [String]
$filter = "(|(cn=$search)(cn=$($search)$))"

$ds = New-Object System.DirectoryServices.DirectorySearcher
$ds.Filter = $filter
$ds.SearchRoot = 'LDAP://' + $defaultNC

$r = $ds.FindAll()

$r |% { $.Properties[ 'distinguishedName' ] -ne $null } |% { $ }
}


(This would be slow for lots of objects, but the obvious optimizations would repair that.)

show

kurtbuff posted this 27 June 2018

Since you're using gpresult, I presume you're looking at either user
objects or computer objects.

Powershell is (IMHO) much better for this:

"get-aduser -id userid | select DistinguishedName" or "get-adcomputer
-id us-it-kbuffl | select DistinguishedName " will return relevant
data, such as:

DistinguishedName : CN=Kurt
Buff,OU=Infrastructure,OU=IT,OU=Users,OU=US,DC=example,DC=com
and
DistinguishedName :
CN=US-IT-KBUFFL,OU=IT,OU=Workstations,OU=Computers,OU=US,DC=example,DC=com

show

DhirajHaritwal posted this 27 June 2018

Try something like

 

gpresult /v | findstr OU

 

 

Regards,

 

Dhiraj

 

 

 

show

Close