In the last post, we have described how to create a OU within the Active Directory. Now, let see how to get and modify some of their properties

I. Get OU properties

To get the properties of a specific OU, you can use a script similar to the following :

<———————————- Begin Script ————————————->

# Show how to get properties of an OU

# Select the OU you want to get properties from

$strOU=[adsi] “LDAP://OU=MYOU,DC=MyDomain,DC=LAB”

$strOU | Format-list *

<——————————- End of Script —————————————>

This script will list all the properties available

If you want to get only specify properties, you can change the last line of the script to something similar to

$strOU |Format-list description, name, street

Another way to get specific OU properties consist of using the Get() method. In some case, you will only be able to retrieve AD attributes or properties using the Get() method.

To use the get method, rewrite the script as follow. we have just changed the last line of the script

<———————————- Begin Script ————————————->

# Show how to get properties of an OU

# Select the OU you want to get properties from

$strOU=[adsi] LDAP://OU=MYOU,DC=MyDomain,DC=LAB”

$strOU.get(“Name”)

<——————————- End of Script —————————————>

II. Set OU properties

To set info, you simply need to use the SetInfo() method.

<———————————- Begin Script ————————————->

# Show how to get properties of an OU

# Select the OU you want to get properties from

$strOU=[adsi] “LDAP://OU=MYOU,DC=MyDomain,DC=LAB”

$strOU.put(“Description”; “Modified by PowerShell”)

$strOU.setInfo()

<——————————- End of Script —————————————>

III. Extra Script

In the past, a lot of sysadmins were using recursive function in order to get all the OU available within the Active Directory. To search all OU within Active Directory, you would probably perform a directory search . An example is provided here

The script below uses the vbscript approach used by a lot of sysadmins. We simply use a recursive function to get all the ou within the Active Directory

<———————————- Begin Script ————————————->

# Create the recursive function to go through all the Active Directory

function Rec($str)
{

$sub=$_.distinguishedName

#display the distinguishedName within the PowerShellConsole
$sub

# Recursive action: we bind to the next LDAP level
$newroot=[adsi]”LDAP://$sub”
# We get all the children object and we retrieve only the OU objects.
$strLevel=$newroot.psbase.children
$strlevel | where-object {$_.ObjectClass -eq “OrganizationalUnit”} | foreach-object {rec($_.distinguishedName)}

# Example if you need to display only the name and not the DN name, can be any properties of the OU Object
# $_.name

}
# Connect to AD
# If you do not specify an LDAP path, the script will try to connect automatically to the AD Domain
# if you want, you can specify an ldap path such as $root=[adsi] LDAP://DC=MyDomain,DC=COM”

$root=[adsi] “”

# We use the psbase.children property to get children object at the top container

$strOU=$root.psbase.children

# We use pipes, where-object and foreach-object cmdlet to get only the OU AD objects

$strOU | where-object {$_.ObjectClass -eq “OrganizationalUnit”} | foreach-object {rec($_.distinguishedName)}

<——————————- End of Script ———————————————————->

Till next time