The management of users along with computers and resources in extensive Active Directory (AD) environments becomes more efficient through organizational units (OUs). Having the complete list of users in a specific OU is necessary for performing audits and data migrations, complying with security reviews, as well as meeting compliance requirements. This blog examines the most efficient methods of achieving OU reporting through PowerShell commands while demonstrating how Lepide simplifies the process.
How to Use PowerShell to List Users from a Specific OU?
1. List All Users in an OU
The first step to listing users in an OU is to find the DistinguishedName of the OU. To do this, from Active Directory Users and Computers (ADUC), right-click on the OU and select Properties. If the Attribute Editor is not visible, enable “Advanced Features“ from the ADUC view menu.
Once you know the DistinguishedName, you can enter the PowerShell command below:
Get-ADUser -Filter * -SearchBase "OU=YourOU,DC=domain,DC=com" | Select Name, DistinguishedName
This command lists all users directly within the specified OU, displaying their names and distinguished names. You can include additional properties, such as SamAccountName, GivenName, or Surname, by modifying the Select statement:
Get-ADUser -Filter * -SearchBase "OU=YourOU,DC=domain,DC=com" -Property * | Select Name, SamAccountName, GivenName, Surname
Exporting the results to a CSV file for further analysis is also straightforward:
Get-ADUser -Filter * -SearchBase "OU=YourOU,DC=domain,DC=com" | Select Name, SamAccountName | Export-Csv -Path "OU-Users.csv" -NoTypeInformation
2. Get Users in an OU and All Sub-OUs
If your OU contains nested OUs and you want to include all users from these sub-containers, use the -SearchScope Subtree parameter:
Get-ADUser -Filter * -SearchBase "OU=YourOU,DC=domain,DC=com" -SearchScope Subtree | Select Name, DistinguishedName
The command executes a search across the target OU along with all subordinate OUs, providing complete user account data.
How Lepide Helps
Lepide Auditor for Active Directory quickly fetches and displays a comprehensive list of all users within a selected Organizational Unit (OU), making it easy to review account status, lock status, and other key details at a glance. Screenshot of user report is given below:
Moreover, Lepide AD Auditor includes multiple pre-defined reports and alerts to audit Active Directory changes. An example of these reports is the Organizational Unit Changes Report, which is shown below:
