Is it not possible to get all groups from an OU using only ADSI search? I can't use the Active Directory module as it is not installed on our users desktops.
I would love to loop through an OU and get all the groups the user is a member of.
Get AD groups from OU using only ADSI
Forum rules
Do not post any licensing information in this forum.
Any code longer than three lines should be added as code using the 'Select Code' dropdown menu or attached as a file.
Do not post any licensing information in this forum.
Any code longer than three lines should be added as code using the 'Select Code' dropdown menu or attached as a file.
Re: Get AD groups from OU using only ADSI
Yes, you can access AD with ADSI. Your search engine is a good place to start with to learn how to use ADSI with PowerSHell.
Example: https://petri.com/managing-active-direc ... owershell/
Example: https://petri.com/managing-active-direc ... owershell/
Re: Get AD groups from OU using only ADSI
Thanks jvierra,
I have read that article but it doesn't show how to get groups from an OU. I don't want what a user is a member of, I want just the groups from a specific OU. I can't find anything that pertains to that.
[edit]
I don't want what the user is a member of anymore, just need groups in the OU.
I have read that article but it doesn't show how to get groups from an OU. I don't want what a user is a member of, I want just the groups from a specific OU. I can't find anything that pertains to that.
[edit]
I don't want what the user is a member of anymore, just need groups in the OU.
Re: Get AD groups from OU using only ADSI
That was an example of how to use ADSI. Look at the API docs for a complete set of examples. I just did a quick search. I have numerous bits of code but not one that addresses your exact issue.
Here is a sampler I wrote years ago. It has many examples of different methods of accessing AD with ADSI. This example should work on any AD local domain. It will show you how to access and enumerate objects in OUs or containers.
I will look for an example I have on how to work with user objects.
Note that the "memberOf" property of a user object contains all groups the user is a direct member of.
Here is a sampler I wrote years ago. It has many examples of different methods of accessing AD with ADSI. This example should work on any AD local domain. It will show you how to access and enumerate objects in OUs or containers.
I will look for an example I have on how to work with user objects.
Note that the "memberOf" property of a user object contains all groups the user is a direct member of.
- Attachments
-
- Demo-ADSITreeView.psf
- (23.67 KiB) Downloaded 67 times
Re: Get AD groups from OU using only ADSI
Here is another one that shows how to manage a user object.
- Attachments
-
- Demo-ADUpdateForm.psf
- (23.63 KiB) Downloaded 87 times
Re: Get AD groups from OU using only ADSI
Here is another one that demonstrates more ways to work with user objects.
- Attachments
-
- Demo-ADAddUserForm.psf
- (26.64 KiB) Downloaded 64 times
Re: Get AD groups from OU using only ADSI
Thanks again jvierra,
I'll take a look at the treeview one, it looks like what I was looking for. Everything on the internet only deals with users and what they are associated with.
I'll take a look at the treeview one, it looks like what I was looking for. Everything on the internet only deals with users and what they are associated with.
Re: Get AD groups from OU using only ADSI
The whole trick is to learn how to walk through the containers at all levels and how to do restricted searches in a container or in a subtree. Once you see how this is accomplished in the many methods then you can choose the best method and acquire the specific objects. All objects in AD are just Net Framework objects so all PS and Net rules apply although AD itself can be challenging as it is not the same kind of object system as NetF.
Re: Get AD groups from OU using only ADSI
Yeah, I was making it more complicated than it needed to be. The treeview demo worked perfectly. I was able to see how it called OU's and ported it to my script.
Appreciate the help.
Appreciate the help.