This is a quick tip I recently discovered and wanted to share. The Active Directory PowerShell Module also displays constructed attributes in results. One useful attribute I use for Organizational Units (OU) is msDS-Approx-Immed-Subordinates, this attribute returns the number of direct descendants under any OU or container in Active Directory. Its doesn’t seem to be something that you can use in a filter but you can use it in your where-object clause.
#get all ou's and the number of direct descendants
get-adorganizationalunit -filter * -properties "msDS-Approx-Immed-Subordinates" | select `
name, "msDS-Approx-Immed-Subordinates", distinguishedname
#get ou's with no direct descendant
get-adorganizationalunit -filter * -properties "msDS-Approx-Immed-Subordinates" | select `
name, "msDS-Approx-Immed-Subordinates", distinguishedname | `
where {$_."msDS-Approx-Immed-Subordinates" -eq 0}
#get ou's with direct descendants
get-adorganizationalunit -filter * -properties "msDS-Approx-Immed-Subordinates" | select `
name, "msDS-Approx-Immed-Subordinates", distinguishedname | `
where {$_."msDS-Approx-Immed-Subordinates" -ne 0}
I put together a sample script to find and delete unused Organizational Units.
GitHub: FindandDeleteUnusedOUs.ps1
Hope you find this useful.
-Chad
from TechNet Blogs http://ift.tt/2DpLadI
via IFTTT
AD PowerShell Tip: How to Find Unused Organizational Units in Active Directory
![AD PowerShell Tip: How to Find Unused Organizational Units in Active Directory]()
Reviewed by Unknown
on
March 13, 2018
Rating:
No comments: