Recipe 5.2 Enumerating the OUs in a Domain
5.2.1 Problem
You want to enumerate all containers
and
OUs in a domain, which effectively displays the structure of the
domain.
5.2.2 Solution
5.2.2.1 Using a graphical user interface
Open the Active Directory Users and Computers snap-in. If you need to change domains, right-click on
"Active Directory Users and
Computers" in the left pane, select Connect to
Domain, enter the domain name, and click OK. In the left pane, you can browse the directory structure.
5.2.2.2 Using a command-line interface
The following command will enumerate all OUs in the domain of the
user running the command.
> dsquery ou domainroot
5.2.2.3 Using VBScript
' This code recursively displays all container and organizationalUnit
' objects under a specified base. Using "" for the second parameter means
' that there will be no indention for the first level of objects displayed.
DisplayObjects "LDAP://<DomainDN>", ""
' DisplayObjects takes the ADsPath of the object to display
' child objects for and the number of spaces (indention) to
' use when printing the first parameter
Function DisplayObjects( strADsPath, strSpace)
set objObject = GetObject(strADsPath)
Wscript.Echo strSpace & strADsPath
objObject.Filter = Array("container","organizationalUnit")
for each objChildObject in objObject
DisplayObjects objChildObject.ADsPath, strSpace & " "
next
End Function
5.2.3 Discussion
5.2.3.1 Using a graphical user interface
If you want to expand all containers and OUs within an OU, you have
to manually expand each one within ADUC; there is no
"expand all" option.
5.2.3.2 Using a command-line interface
To enumerate both OUs and containers, you have to a use a more
generic dsquery command. The following command
will display all containers and OUs in the domain of the user running
the command:
> dsquery * domainroot -filter
"(|(objectcategory=container)(objectcategory=organizationalunit))" -scope subtree
-limit 0
5.2.3.3 Using VBScript
When iterating over the contents of an OU using a for
each loop, paging will be enabled so that all child objects
will be returned (instead of only 1,000 per the administrative
limit). In order to display all child container objects regardless of
depth, I used a recursive function called
DisplayObjects.
|