The active directory I have to deal with is laid out as such: the domain contains many OUs. One of these OUs is named "Primary OU". Within this OU are several OUs named with location of global offices (ie "Chicago" "Paris").
Any user account that is an actual flesh and bone person is put into the OU named for the office they work in as their primary OU. Any user account that is an alias, generic account, or otherwise not directly tied to a real person, has the "Primary OU" OU set as their primary OU.
Data-wise, this primary OU distinction is the only thing that indicates which users are real people, and which users are not. There is no group that contains only real people, no indicator in any field that they are real people or not, and making any changes to active directory or any user accounts is strictly forbidden.
My task is writing a query that will only get all actual flesh and bone people.
Unfortunately LDAP is not exactly my strong suit and the only way I've come up with is searching each of these office sub OUs individually and putting all the results together, but there are a lot of offices and it would require a change to the query if any offices were added, which I need to avoid.
Is there a way to query all users within a particular OU's "sub" OUs, but not return any users directly in the parent OU?
Simply open the “User Accounts” report, specify the path to the OU you're interested in and run the report. You'll get a list of the members of that OU with the following user account properties: name, logon name and status.
All you need to do is open ADUC, navigate to your desired OU, and click the Export List button. This will export all of the accounts in the OU to a tab delimited text file.
Yes, sure - you would need to:
1) Bind to the particular OU
DirectoryEntry myOU = new DirectoryEntry("LDAP://OU=MyOU,......,DC=MyCompany,DC=com");
2) Enumerate all its sub-OU's
DirectorySearcher subOUsearcher = new DirectorySearcher(myOU);
subOUsearcher.SearchScope = SearchScope.OneLevel; // don't recurse down
subOUsearcher.Filter = "(objectClass=organizationalUnit)";
foreach(SearchResult subOU in subOUsearcher.FindAll())
{
// stick those Sub OU's into a list and then handle them
}
3) One-by-one enumerate all the users in each of the sub-OU's and stick them into a global list of users
DirectorySearcher userSearcher = new DirectorySearcher(myCurrentSubOu);
userSearcher.SearchScope = SearchScope.OneLevel; // don't recurse down
userSearcher.Filter = "(objectClass=user)";
foreach(SearchResult user in userSearcher.FindAll())
{
// stick those users into a list being built up
}
4) Return that list
Marc
// Create a new DirectorySearcher that starts at the root.
// You can start it anywhere you want though
// by providing a value in the DirectoryEntry constructor.
DirectorySearcher searcher = new DirectorySearcher(new DirectoryEntry());
// Set the scope to Subtree in order to search all children.
searcher.SearchScope = SearchScope.Subtree;
// Set the filter to only look for Organizational Units
// that have the name you are looking for.
searcher.Filter = "(&(objectClass=organizationalUnit)(name=" + ouName + "))";
// If you are looking for only one result then do the following two things.
SearchResult result = searcher.FindOne();
DirectoryEntry newDir = result.GetDirectoryEntry();
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With