View object OU

  • 51 Views
  • Last Post 4 weeks ago
manasrrp6 posted this 4 weeks ago

Can any one help how to view any object's OU by command line at any target computer CMD console, without at ADUC window of DNS server.
I used 
gpresult /v | more
It scroll a very long output.
--
With Warm Regards,
Manas Dash.+91 9437615424
+91 7400342191
Skype : manasrrp6
Plant a Tree & Save the Earth.

Order By: Standard | Newest | Votes
DhirajHaritwal posted this 4 weeks ago

Try something like

 

gpresult /v | findstr OU

 

 

Regards,

 

Dhiraj

 

 

 

show

kurtbuff posted this 4 weeks ago

Since you're using gpresult, I presume you're looking at either user
objects or computer objects.

Powershell is (IMHO) much better for this:

"get-aduser -id userid | select DistinguishedName" or "get-adcomputer
-id us-it-kbuffl | select DistinguishedName " will return relevant
data, such as:

DistinguishedName : CN=Kurt
Buff,OU=Infrastructure,OU=IT,OU=Users,OU=US,DC=example,DC=com
and
DistinguishedName :
CN=US-IT-KBUFFL,OU=IT,OU=Workstations,OU=Computers,OU=US,DC=example,DC=com

show

michael1 posted this 4 weeks ago

Unfortunately, that requires the AD RSAT to be installed. Perhaps something like this, which only requires domain membership:

function getObjectOU( [string] $objName )
{
$search = $objName

$rootDSE = New-Object System.DirectoryServices.DirectoryEntry( 'LDAP://RootDSE' )
$defaultNC = $rootDSE.Properties[ 'defaultNamingContext' ].Value -as [String]
$filter = "(|(cn=$search)(cn=$($search)$))"

$ds = New-Object System.DirectoryServices.DirectorySearcher
$ds.Filter = $filter
$ds.SearchRoot = 'LDAP://' + $defaultNC

$r = $ds.FindAll()

$r |% { $.Properties[ 'distinguishedName' ] -ne $null } |% { $ }
}


(This would be slow for lots of objects, but the obvious optimizations would repair that.)

show

kurtbuff posted this 4 weeks ago

Do you mean optimizations like these?
https://blogs.technet.microsoft.com/ashleymcglone/2017/07/12/slow-code-top-5-ways-to-make-your-powershell-scripts-run-faster/

show

michael1 posted this 4 weeks ago

Oh absolutely. Specifically problem #1.

The original small function I listed does a lookup on root DSE in order to get the default naming context, and it does it every time. But that information is a constant for a given domain.

What I use in "production" code is the below (note that this pre-dates the AD module and this is just part of a larger script). It only does a single lookup on the root DSE per script execution and only a single lookup on the default NC. So the first call is the same as before while subsequent calls are much faster.

$global:rootDSE = $null
$global:
defaultNC = $null

function getRootDSE
{
if( $null -eq $global:rootDSE )
{
$global:
rootDSE = New-Object System.DirectoryServices.DirectoryEntry( 'LDAP://RootDSE' )
}

$global:rootDSE
}

function getdefaultNC
{
if( $null -eq $global:
defaultNC )
{
$rootDSE = getRootDSE
$global:defaultNC = $rootDSE.Properties[ 'defaultNamingContext' ].Value -as [String]
}

$global:
defaultNC
}

function getObjectOU( [string] $objName )
{
##
## More-or-less equivalent to
## dsquery user domainroot -samid
## or
## dsquery computer domainroot -name
##
## the result just doesn't have double-quotes around it
##

$ds = New-Object System.DirectoryServices.DirectorySearcher
$ds.Filter = "(|(cn=$objName)(cn=$($objName)$)(samaccountname=$objName)(samaccountname=$($objName)$))"
$ds.SearchRoot = 'LDAP://' + ( getdefaultNC )

$r = $ds.FindAll()

$r |% { $.Properties[ 'distinguishedName' ] -ne $null } |% { $ }
}

show

Close