Recipe 5.3 Enumerating the Objects in an OU

5.3.1 Problem

You want to enumerate all the objects in an OU.

5.3.2 Solution

The following solutions will enumerate all the objects directly under an OU. Look at the Discussion section for more on how to display all objects under an OU regardless of depth. Using a graphical user interface
  1. Open the Active Directory Users and Computers snap-in.

  2. If you need to change domains, right-click on "Active Directory Users and Computers" in the left pane, select Connect to Domain, enter the domain name, and click OK.

  3. In the left pane, browse to the OU you want to view.

  4. Click on it. The contents of the OU will be displayed in the right pane. Using a command-line interface
> dsquery * "<OrgUnitDN>" -limit 0 -scope onelevel Using VBScript
set objOU = GetObject("LDAP://<OrgUnitDN>")
for each objChildObject in objOU
    Wscript.Echo objChildObject.Name

5.3.3 Discussion Using a graphical user interface

By default, ADUC will display only 2,000 objects. To view more than 2000 objects, select View Filter Options. In the box beside Maximum number of items displayed per folder:, put the maximum number of objects you want to display. Using a command-line interface

Using -limit 0, all objects under the OU will be displayed. If -limit is not specified, 100 will be shown by default. You can also specify your own number if you want to only display a limited number of objects.

The -scope onelevel option causes only direct child objects of the OU to be displayed. If you want to display all objects regardless of depth, add -scope subtree. Using VBScript

When a for each loop iterates over the contents of an OU, paging will be enabled so that all child objects will be returned regardless of how many there are. If you want to display all child objects regardless of depth, you have to implement a recursive function, such as the following:

' Using "" for the second parameter means that the there will be no 
' indention for the first level of objects displayed.
DisplayObjects "LDAP://<OrgUnitDN>", ""

' DisplayObjects takes the ADsPath of the object to display child
' objects for and the second is the number of spaces (indention) 
' to use when printing the first parameter
Function DisplayObjects( strADsPath, strSpace)
   set objObject = GetObject(strADsPath)
   Wscript.Echo strSpace & strADsPath
   for each objChildObject in objObject
      DisplayObjects objChildObject.ADsPath, strSpace & " "
End Function

This code is nearly identical to that shown in Recipe 5.2. The only difference is that I didn't use the Filter method to restrict the type of objects displayed.

    Chapter 3. Domain Controllers, Global Catalogs, and FSMOs
    Chapter 6. Users
    Appendix A. Tool List