Finding an OU






Finding an OU

Problem

You want to find a specific OU within an Active Directory domain.

Solution

Using a graphical user interface
  1. Open the ADUC snap-in.

  2. If you need to change domains, right-click on the Active Directory Users and Computers label in the left pane, select Connect to Domain, enter the domain name, and click OK.

  3. Right-click on the domain node and select Find.

  4. In the Find drop-down box, select Organizational Unit. In the Named: text box, enter the name of the OU.

  5. Click Find Now.

Using a command-line interface
	> adfind default f "ou=<OU Name>"

Using VBScript
	Set objCommand = CreateObject("ADODB.Command")
	Set objConnection = CreateObject("ADODB.Connection")
	objConnection.Provider = "ADsDSOObject"
	objConnection.Open "Active Directory Provider"
	objCommand.ActiveConnection = objConnection

	strBase = "<LDAP://<DomainDN>>"
	strOUName = "Finance"
	strFilter = "(&(objectCategory=organizationalUnit)" _
	  "&(name=" & strOUName & "))"
	strAttributes = "distinguishedName"
	strQuery = strBase & ";" & strFilter & ";" & strAttributes & ";subtree"

	objCommand.CommandText = strQuery
	objCommand.Properties("Page Size") = 100
	objCommand.Properties("Timeout") = 30
	objCommand.Properties("Cache Results") = False
	Set objRecordSet = objCommand.Execute

	While Not objRecordSet.EOF
	  strName = objRecordSet.Fields("distinguishedName").Value
	  Wscript.Echo "Distinguished Name: " & strName
	  objRecordSet.MoveNext
	Wend

	objConnection.Close

Discussion

In a heavily nested environment, you may need to locate an OU based on its name when you don't necessarily know its location. By using the ADUC GUI or a command-line tool with a search scope of subtree, you can easily recurse through the entire domain structure to find an OU based on its name, description, or any other attributes. In VBScript, you can use an ADO query to find objects that possess the specific attributes that you're looking for.

When designing your Active Directory structure, you should try to keep OU nesting from becoming too deep, since processing many levels of Group Policy Objects can greatly increase the logon times for your clients. In the interests of keeping things simple, it's often a good idea to keep your OU structure shallow whenever possible.


See Also

Recipe 5.2, Recipe 5.4, and MSDN: VBScript ADO Programming



 Python   SQL   Java   php   Perl 
 game development   web development   internet   *nix   graphics   hardware 
 telecommunications   C++ 
 Flash   Active Directory   Windows