Document Active Directory Organization

PowerShell version 1.0 script to document the organizational structure specified by the manager and directReports attributes of Active Directory objects, on the "Organization" tab of ADUC.

5 Star
1,438 times
Add to favorites
Active Directory
E-mail Twitter Digg Facebook
Sign in to ask a question

  • How do I exclude disabled users?
    3 Posts | Last post December 19, 2016
    • I have 25k disabled accounts! :)  Excluding an OU would be another way for me to accomplish this goal.  I could always filter the data manually but who wants to do that?? 
    • You need to add a clause to the filter (or filters) to exclude disabled users (objects). To exclude disabled top level managers, replace this code:
          # Filter on objects with no manager and at least one direct report.
          $Filter = "(&(!manager=*)(directReports=*))"
      with this:
          # Filter on enabled objects with no manager and at least one direct report.
          $Filter = "(&(!manager=*)(directReports=*)(!(userAccountControl:1.2.840.113556.1.4.803:=2)))"
      And to exclude all disabled direct reports replace this code:
          # Search for all objects that report to this object.
          $Filter = "(manager=$ReportDN)"
      with this:
          # Search for all enabled objects that report to this object.
          $Filter = "(&(manager=$ReportDN)(!(userAccountControl:1.2.840.113556.1.4.803:=2)))"
      Note that the new filters cause word wrapping in this comment. They need to be one line (unless you use a line continuation character).
    • Sorry, when I saved my reply, the PowerShell statements no longer word wrapped. So you can ignore my last note.
  • well explained...
    1 Posts | Last post October 24, 2014