How to Get User Organizational Unit Using PowerShell

1. Introduction to Active Directory Module
2. Use the Get AD User Filter Parameter in PowerShell

The Get-ADUser command is convenient for finding AD user accounts, building reports, etc. It is also a great way to pull users and their properties from the active directory.

One of those properties is the current organizational unit location of the AD object. This article will discuss how to query for the organizational unit of the active directory user object using PowerShell.

Introduction to Active Directory Module

Before we proceed with the next section of the article, it is worth noting that we need to install and import the AD module to use AD commands. The AD module has a prerequisite package called the Remote Server Administration Tools or the RSAT.

We can install RSAT by adding it to the Roles and Features panel. Once added and installed, the package should come automatically with the Active Directory module.

We can import the module into our PowerShell session using the snippet below.

Example Code:

Import-Module ActiveDirectory

Use the Get AD User Filter Parameter in PowerShell

The Filter parameter allows a user to provide a conditional statement as the parameter’s value. When the condition is met, Get-ADUser will return user accounts matching that condition.

It is similar to the Where-Object cmdlet, but the only difference is the Filter parameter is contained within the Get-ADUser cmdlet. The below example uses the Filter parameter.

This example provides an Active Directory attribute and sets a condition. The Filter parameter accepts wildcards, so putting an asterisk value (*) to the parameter will get all the User objects.

Example Code:

Get-ADUser -Filter * -Properties *

Output:

DistinguishedName : CN=AArton,OU=Marketing,DC=test,DC=com
Enabled           : False
GivenName         : Aardvark
Name              : AArton
ObjectClass       : user
ObjectGUID        : 8fc5e4a8-1fda-42ab-9406-a1e6356dd467
SamAccountName    : AArton
SID               : S-1-1-21-4117812001-3332493942-656130396-3163
Surname           : Arton
UserPrincipalName : AArton
<SNIP>

Out of all the user object properties, we have the DistinguishedName property. A Distinguished Name comprises zero or more Relative Distinguished Name components that identify the object’s location.

This statement means the Distinguished Name property is the current location or the user’s Organizational Unit. To get the user’s Organizational Unit, we can pipe the Select-Object command to our previous example.

Example Code:

Get-ADUser -Filter "samAccountName -eq AArton" -Properties * | Select-Object DistinguishedName

Output:

DistinguishedName : CN=AArton,OU=Marketing,DC=test,DC=com