Get a Quick Count of Users in Each OU
You never know when you need odd little tidbits of information out of Active Directory. Here’s a quick script you can run using the Active Directory Module for PowerShell to get a count of users in each of your OUs. Just replace “ou=Employees,dc=domain,dc=com” with the CN path to OU you use for all user accounts.
$BaseOU = "ou=Employees,dc=domain,dc=com"
$DNs = (Get-ADOrganizationalUnit -Filter * –SearchBase $BaseOU | `
Select DistinguishedName)
”” | out-file c:\temp\count.txt
foreach ($DN in $DNs) {
$DN | Out-File C:\temp\count.txt -append
(get-aduser -filter * -SearchBase $DN.DistinguishedName).count | `
Out-File c:\temp\count.txt -append
}
[edited to make it more readable]
|
This will give you a file (c:\temp\count.txt) that looks something like this:
| DistinguishedName —————– OU=Dallas,OU=Employees,DC=domain,DC=com25DistinguishedName —————– OU=HQ,OU=Employees,DC=domain,DC=com308DistinguishedName —————– OU=NewYork,OU=Employees,DC=domain,DC=com45 |
It’s not pretty. If you want to impress anyone, you’ll have to pretty it up.
If you have a very simple structure in which all of your users are in a single OU or if all you want is a count of all users in your domain, all you need is this one line of code: (get-aduser -Filter *).count.
Try to execute the sript, constantly receive errors from the last line I think. Have any suggestions about that?
Get-ADUser : Cannot validate argument on parameter ‘SearchBase’. The argument is null. Supply a non-null argument and try the command
again.
At line:1 char:98
+ foreach ($DN in $DNs) {$DN | out-file c:\temp\count.txt -append (get-aduser -filter * -SearchBase <<<< $DistinguishedName).count |
Out-File c:\temp\count.txt -append}
+ CategoryInfo : InvalidData: (:) [Get-ADUser], ParameterBindingValidationException
+ FullyQualifiedErrorId : ParameterArgumentValidationError,Microsoft.ActiveDirectory.Management.Commands.GetADUser
Get-ADUser : Cannot validate argument on parameter 'SearchBase'. The argument is null. Supply a non-null argument and try the command
again.
At line:1 char:98
+ foreach ($DN in $DNs) {$DN | out-file c:\temp\count.txt -append (get-aduser -filter * -SearchBase <<<< $DistinguishedName).count |
Out-File c:\temp\count.txt -append}
+ CategoryInfo : InvalidData: (:) [Get-ADUser], ParameterBindingValidationException
+ FullyQualifiedErrorId : ParameterArgumentValidationError,Microsoft.ActiveDirectory.Management.Commands.GetADUser
Sorry, Rini. Totally my fault. I left out a few characters (see $DN. below). This should work:
$BaseOU = “ou=Employees,dc=domain,dc=com”
$DNs = (Get-ADOrganizationalUnit -Filter * –SearchBase $BaseOU | Select DistinguishedName)
”” | out-file c:\temp\count.txt
foreach ($DN in $DNs) {
$DN | Out-File C:\temp\count.txt -append
(get-aduser -filter * -SearchBase $DN.DistinguishedName).count | Out-File c:\temp\count.txt -append
}
Hello,
you can try this one, better formated output and number of disabled users added.
# — Beginning of the Script —
Write-Host “*********************************************************************************************” -ForegroundColor Yellow
Write-Host “This is a script to get number of users from OUs one level below OU=Users,OU=Arizona,DC=contoso,DC=local” -ForegroundColor Yellow
Write-Host “*********************************************************************************************” -ForegroundColor Yellow
If (!(get-module activedirectory)) {
Import-Module activeDirectory
}
Write-Host “Please wait, gathering information …” -ForegroundColor Yellow
$OUs = Get-ADOrganizationalUnit -filter * -searchbase ‘OU=Users,OU=Arizona,DC=contoso,DC=local’ -SearchScope OneLevel
$myresults = @()
foreach ($ou in $OUs) {
$results = New-Object PSObject
$results | Add-Member -membertype NoteProperty -Name OU_Name -Value “”
$results | Add-Member -membertype NoteProperty -Name Number_of_Users -Value “”
$results | Add-Member -membertype NoteProperty -Name Disabled_Users -Value “”
$results.OU_Name = $ou.name
$users = get-aduser -Filter * -SearchBase $ou
$numb = $users | measure
$results.Number_of_Users = $numb.count
$dis = $users | where {$_.Enabled -eq $false} | measure
$results.Disabled_Users = $dis.count
$myresults += $results
}
$myresults
$myresults > .\results.txt
Write-Host “”
Write-host “End of the script, please press any key to close the window. You can also find results in the file results.txt in the folder of this script.” -ForegroundColor Green
Read-Host
# — End of the script —
This is what you get
OU_Name Number_of_Users Disabled_Users
——- ————— ————–
Common 1068 976
External 821 11
AAA 3768 50
BBB 1071 28
CCC 767 7
BBBB 528 10
TestCompany 5 2
Glue 3016 89
UNKNOWN 0 0
Black 1347 37
Excellent, trezor! And if you wanted to be able to specify an OU as the SearchBase, you could add this line at the beginning:
Param([string]$SearchBase=$(throw "No value entered for the OU's DN. Must be in format `"ScriptName.ps1 `'OU=users,DC=domain,DC=com`'`"."))and then change
$OUs = Get-ADOrganizationalUnit -filter * -searchbase ‘OU=Users,OU=Arizona,DC=contoso,DC=local’ -SearchScope OneLevelto
$OUs = Get-ADOrganizationalUnit -filter * -searchbase $SearchBaseYou would have to run the script like
PS>ScriptName.ps1 'OU=Users,OU=Arizona,DC=contoso,DC=local'which is a little awkward, but usable.