0

I have the directory structure

test.com
--Hosting
----ParentCompany
------ChildCompany1
--------SubChildCompany1
----------Users  <==== Trying to get users from here
----------Groups
----------Workstations
--------Users
--------Groups
--------Workstations

I am using the command

Get-ADUser -Filter * -Properties * -server <servername> -SearchBase "OU=Users,OU=SubChildCompany1,OU=ChildCompany1,OU=ParentCompany,OU=Hosting,DC=test,DC=com"

For some reason this command is unable to get any user objects out of the nested Users ou under SubChildCompany1. If I do the same search but only drill down to the ChildCompany1 Users OU, I can get all users in that container? I know I could refactor the schema of the directory but at this point that is not an option, so I was wonder if anyone else has seen this behavior? Thanks.

CodePoet
  • 3
  • 2
  • That looks like the right command, I don't know why it isn't working. Perhaps try using a filter instead like `Get-ADUser -Filter "DistinguishedName -like '*OU=Users,OU=SubChildCompany1,OU=ChildCompany1,OU=ParentCompany,OU=Hosting,DC=test,DC=com'"` and see if you get better results. – TheMadTechnician Nov 30 '18 at 00:51

2 Answers2

0

In AD Users and Computers, right click the OU and click Properties. Then on the Attribute Editor tab, check the distinguishedName attribute to make sure it matches what you're using for the SearchBase.

It is possible that it's not an OU, but just a container, which means the distinguishedName will start with CN= rather than OU=.

Gabriel Luci
  • 38,328
  • 4
  • 55
  • 84
0

Thanks for the input. I ended up having to pass the credentials to the command. Apparently if you need to search anywhere outside of the default OUs you need to pass the credentials along with it? It even worked without the SearchBase by using the basic Get-ADUser as long as I included the credentials.

CodePoet
  • 3
  • 2