Directory object not found error with Get-ADUser (and other cmdlets)
Say you want a spreadsheet of all users in the default Users OU. Easy. You open the Active Directory Module for Windows PowerShell and enter this cmdlet:
Get-ADUser -Filter * -SearchBase “OU=Users,DC=domain,DC=com” -Properties “Description” | fl Name, SamAccountName, Enabled, Description
And you get this error:
Get-ADUser : Directory object not found
At line:1 char:1
+ Get-ADUser -SearchBase “OU=Users,DC=domain,DC=com” -Filter * -Properties …
+ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+ CategoryInfo : ObjectNotFound: (:) [Get-ADUser], ADIdentityNotFoundException
+ FullyQualifiedErrorId : Directory object not found,Microsoft.ActiveDirectory.Management.Commands.GetADUser
“Directory object not found?” You say. “But I know there are user objects in there. I can see them in ADUC.”
Before you injure yourself banging your head on your desk, the fix is very simple. Change “OU=Users” to “CN=Users”. When you search the builtin OrganizationalUnits in Active Directory, you need to use CN instead of OU.
Nice one. I was wondering what was wrong on my code haha 🙂
Glad I was able to help.
I have a custom OU and with in that i have Users, changing it to “OU=MyOU, CN=Users” i get the error still.
Trying with “CN=MyOU,CN=Users” also results in the error… any thoughts
Try “OU=MyOU,OU=Users…”
I’m not in a position to test it right now, but it can’t make the problem worse, right? I’ll test it when I get to the office tomorrow.
Heh. I just noticed that my example of the wrong way in the OP was actually the right way. I corrected it to be incorrect.
Matthew, how did you create the sub-OU? Was it created prior to upgrading your domain to 2008 (It seems to me that you used to be able to create OUs inside the default containers with an older version of AD.) or perhaps created using a third party tool or ADSIEdit? Using ADUC, you can’t create OUs under the builtin containers like Users or Computers.
I would have expected “OU=MyOU,CN=Users…” to work. Since it doesn’t, I’m not sure what would.
Is it feasible to move MyOU to another location within the tree?
Awesome! Worked for me! Thank you much!
Guru .. its worked .. gr8 .. thanks a lot 🙂
Thanks a ton for the tip, I was banging my head..:)
Thank you so much.. unfortunately i already had injured myself before i found this lol.
Hello.
That doesnt work for me 🙁
I have created a group (xxxDomainUser) which contains the active user in the domain.
This group is in the organization unit “ActiveUsers” under “MyBusiness” under xxx.local (Domain name).
Is there a difference between normal servers and Small Business Server 2011?
I get always the error:
Get-ADUser: Directory object not found
At line: 1 char: 1
+ Get-ADUser filter * -SearchBase “CN = ActiveUsers, OU = MyBusiness, DC = xxx …
+ CategoryInfo: ObjectNotFound: (:) [Get-ADUser], ADIdentityNotFoundException
+ FullyQualifiedErrorId: Directory object not found, Microsoft.ActiveDirectory.Management.Commands.GetADUser
greetings Daniel