PowerShell - Limit the search to only one OU

Question

Ive got this cmdlet and I'd like to limit the results to only one OU:

Get-ADUser -Filter  {(Enabled -eq $false)} | ? { ($_.distinguishedname -notlike '*Disabled Users*') }

Now Ive tried to use

-searchbase "ou=FirstOU,dc=domain,dc=com"

But if I use -SearchBase I get this error:

Where-Object : A parameter cannot be found that matches parameter name 'searchb
ase'.
At line:1 char:114
+ Get-ADUser -Filter  {(Enabled -eq $false)} | ? { ($_.distinguishedname -notli
ke '*Disabled Users*') } -searchbase <<<<  "ou=FirstOU,dc=domain,dc=com"
    + CategoryInfo          : InvalidArgument: (:) [Where-Object], ParameterBi
   ndingException
    + FullyQualifiedErrorId : NamedParameterNotFound,Microsoft.PowerShell.Comm
   ands.WhereObjectCommand

What Im trying to do is to get all the disabled users from a specific OU, BUT, there is an OU INSIDE that FirstOU that I want to exclude: the "Disabled Users" OU.

as you might have guessed I want to find disabled users in a specific OU that are not in the "Disabled Users" OU inside that OU.

my structure:

Forest
   FirstOU
      Users,groups,etc...
      Disabled Users OU

score 15 · Answer 1 · edited Dec 17 '15 at 10:25

15

The easiest way to limit the search to one OU is using SearchScope:

Get-ADUser -Filter  {(Enabled -eq $false)} -SearchScope OneLevel -SearchBase "ou=FirstOU,dc=domain,dc=com"

edited Dec 17 '15 at 10:25

Froggiz

3,043
1
19
30

answered Dec 17 '15 at 09:27

Thorfinn Thomassen

151
1
2

+1 For use of `SearchScope` to limit search to that first OU, and not spend time parsing the nested one. – user66001 Mar 09 '16 at 20:25

score 10 · Accepted Answer · answered Jun 04 '14 at 15:17

10

The -SearchBase parameter has to be used with Get-ADUser, not Where-Object (aliased by ?). This should work:

Get-ADUser -Filter {(Enabled -eq $false)} -SearchBase "ou=FirstOU,dc=domain,dc=com" | ? { ($_.distinguishedname -notlike '*Disabled Users*') }

answered Jun 04 '14 at 15:17

Tim Ferrill

428
4
8

1

-1 Most efficient method of searching only a single OU is using `-SearchScope` as in [Thorfinn Thomassen's](http://serverfault.com/users/327631) [answer](http://serverfault.com/questions/601797/powershell-limit-the-search-to-only-one-ou/#743656) in this question. Using Where-Object makes the Get-AdUser return the nested OU as well whose contents should end up being all eliminated by end of processing. – user66001 Mar 09 '16 at 20:21
Also, your answer contains a subset of the same information as [Hopelessn00b's](http://serverfault.com/users/118258) [answer](http://serverfault.com/questions/601797/powershell-limit-the-search-to-only-one-ou/#601801). Suggest your answer be removed to avoid duplication. – user66001 Mar 09 '16 at 20:24

score 3 · Answer 3 · answered Jun 04 '14 at 15:19

Easiest way would be to put the -SearchBase before the -Filter.

Get-ADUser -searchbase "ou=FirstOU,dc=domain,dc=com" -Filter {(Enabled -eq $false)} | ? { ($_.distinguishedname -notlike '*Disabled Users*') }

Gets around the problem of having to use -SearchBase with Get-ADUser, and not Where-Object (? is aliased to Where-Object in PowerShell) by running the Where-Object after you've already passed your -SearchBase to Get-ADUser.

PowerShell - Limit the search to only one OU

3 Answers3