Home
Getting Started
Browse by Category
Browse by Cmdlet
How-To
Scripts
UI Mapping
Events
PowerShell for OCS 2007 R2
Fun Zone
About Us
Contact Us
Microsoft Lync Server 2010 provides two cmdlets – Get-CsUser and Get-CsAdUser – that return information about user accounts. (Get-CsUser returns information only for user accounts that have been enabled for Lync Server; Get-CsAdUser returns information for all your Active Directory user accounts, regardless of whether those accounts have been enabled for Lync Server.) Because administrators often want to work with all the accounts found in an organizational unit, both of these cmdlets include a –OU parameter; when included in a command, this parameter causes the cmdlet to return all the user accounts found in the specified OU, as well as any child OUs. For example, this command returns information about all the user accounts in the Redmond OU:
Get-CsAdUser –OU "ou=Redmond,dc=litwareinc,dc=com"
So what’s wrong with that? Nothing; the cmdlet – and the –OU parameter – work great. However, there is one possible catch here. (Yes, we know. But when isn’t there at least one possible catch?) Suppose the Redmond OU has a child OU, an OU named Finance (ou=Finance,ou=Redmond,dc=litwareinc,dc=com) . Let’s pretend the two OUs – and their user accounts – look like this:
REDMOND Ken Myer Pilar Ackerman
FINANCE Jonathan Haas Kim Abercrombie
Let’s further pretend that we’ve just run this command:
Get-CsAdUser –OU "ou=Redmond,dc=litwareinc,dc=com" | Select-Object DisplayName
Here are the display names that get returned when we run the command:
Ken MyerPilar AckermanJonathan HaasKim Abercrombie
As you can see, we get back the names of the two users in the Redmond OU (Ken Myer and Pilar Ackerman). However, we also get back the names of the two users in the Finance OU (Jonathan Haas and Kim Abercrombie). And that’s the potential problem: what if we don’t want the users from the child OU? What if we only want the users found in the parent OU (Redmond)?
If you’re thinking, “I bet this is the place where they show us the cool little trick that causes the –OU parameter to ignore child OUs when returning data,” well, we’re afraid you might be a little disappointed: as far as we know, there isn’t any trick that can do that. To the best of our knowledge, you can’t directly use Get-CsUser or Get-CsAdUser to return information from a parent OU while ignoring any child OUs; the cmdlets just aren’t built that way. However, you can return data from a single OU by using a Windows PowerShell script similar to this one:
$strFilter = "(objectCategory=user)"
$ou = "LDAP://" + $args[0]
$objDomain = New-Object System.DirectoryServices.DirectoryEntry($ou)$objSearcher = New-Object System.DirectoryServices.DirectorySearcher$objSearcher.SearchRoot = $objDomain$objSearcher.PageSize = 1000$objSearcher.Filter = $strFilter$objSearcher.searchScope = "OneLevel"
$colPropList = "Path"foreach($i in $colPropList) {[void]$objSearcher.PropertiesToLoad.Add($i)}$colresults = $objSearcher.FindAll()
foreach($objResult in $colResults) { $x = $objResult.Path $x = $x -replace "LDAP://", "" Get-CsAdUser -Identity $x | Select-Object DisplayName, CsEnabled }
We won’t explain this script in any great detail; suffice to say that:
In other words (and assuming that you saved this script under the name C:\Scripts\Get-OU.ps1) you’d issue a command similar to this:
C:\Scripts\Get-OU.ps1 "ou=Redmond,dc=litwareinc,dc=com"
And, with any luck, you should get back something that looks like this:
DisplayName CsEnabled----------- --------- Ken Myer TruePilar Ackerman False
Hey, where there’s a will there’s a way, right?