Public/Get-ADSIOrganizationalUnit.ps1

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
function Get-ADSIOrganizationalUnit
{
<#
.SYNOPSIS
 This function will query Active Directory for Organization Unit Objects
 
.PARAMETER Name
 Specify the Name of the OU
  
.PARAMETER DistinguishedName
 Specify the DistinguishedName path of the OU
  
.PARAMETER All
 Will show all the OU in the domain
  
.PARAMETER GroupPolicyInheritanceBlocked
 Will show only the OU that have Group Policy Inheritance Blocked enabled.
  
.PARAMETER Credential
    Specify the Credential to use
  
.PARAMETER DomainDistinguishedName
    Specify the DistinguishedName of the Domain to query
  
.PARAMETER SizeLimit
    Specify the number of item(s) to output
  
.EXAMPLE
 Get-ADSIOrganizationalUnit
 
    This returns all the OU in the Domain (Result Size is 100 per default)
 
.EXAMPLE
 Get-ADSIOrganizationalUnit -name FX
 
    This returns the OU with the name FX
 
.EXAMPLE
 Get-ADSIOrganizationalUnit -name FX*
 
    This returns the OUs where the name starts by FX
 
.NOTES
 Francois-Xavier Cat
 LazyWinAdmin.com
 @lazywinadm
#>

    [CmdletBinding(DefaultParameterSetName = "All")]
    PARAM (
        [Parameter(ParameterSetName = "Name")]
        [String]$Name,
        
        [Parameter(ParameterSetName = "DistinguishedName")]
        [String]$DistinguishedName,
        
        [Parameter(ParameterSetName = "All")]
        [String]$All,
        
        [Switch]$GroupPolicyInheritanceBlocked,
        
        [Parameter(ValueFromPipelineByPropertyName = $true)]
        [Alias("Domain", "DomainDN")]
        [String]$DomainDistinguishedName = $(([adsisearcher]"").Searchroot.path),
        
        [Alias("RunAs")]
        [System.Management.Automation.PSCredential]
        [System.Management.Automation.Credential()]
        $Credential = [System.Management.Automation.PSCredential]::Empty,
        
        [Alias("ResultLimit", "Limit")]
        [int]$SizeLimit = '100'
    )
    BEGIN { }
    PROCESS
    {
        TRY
        {
            # Building the basic search object with some parameters
            $Search = New-Object -TypeName System.DirectoryServices.DirectorySearcher -ErrorAction 'Stop'
            $Search.SizeLimit = $SizeLimit
            $Search.SearchRoot = $DomainDistinguishedName
            
            
            If ($Name)
            {
                $Search.filter = "(&(objectCategory=organizationalunit)(name=$Name))"
                IF ($psboundparameters["GroupPolicyInheritanceBlocked"])
                {
                    $Search.filter = "(&(objectCategory=organizationalunit)(name=$Name)(gpoptions=1))"
                }
            }
            IF ($DistinguishedName)
            {
                $Search.filter = "(&(objectCategory=organizationalunit)(distinguishedname=$distinguishedname))"
                IF ($psboundparameters["GroupPolicyInheritanceBlocked"])
                {
                    $Search.filter = "(&(objectCategory=organizationalunit)(distinguishedname=$distinguishedname)(gpoptions=1))"
                }
            }
            IF ($all)
            {
                $Search.filter = "(&(objectCategory=organizationalunit))"
                IF ($psboundparameters["GroupPolicyInheritanceBlocked"])
                {
                    $Search.filter = "(&(objectCategory=organizationalunit)(gpoptions=1))"
                }
            }
            IF ($DomainDistinguishedName)
            {
                IF ($DomainDistinguishedName -notlike "LDAP://*") { $DomainDistinguishedName = "LDAP://$DomainDistinguishedName" }#IF
                Write-Verbose -Message "Different Domain specified: $DomainDistinguishedName"
                $Search.SearchRoot = $DomainDistinguishedName
            }
            IF ($PSBoundParameters['Credential'])
            {
                $Cred = New-Object -TypeName System.DirectoryServices.DirectoryEntry -ArgumentList $DomainDistinguishedName, $($Credential.UserName), $($Credential.GetNetworkCredential().password)
                $Search.SearchRoot = $Cred
            }
            If (-not $PSBoundParameters["SizeLimit"])
            {
                Write-Warning -Message "Default SizeLimit: 100 Results"
            }
            
            foreach ($ou in $($Search.FindAll()))
            {
                # Define the properties
                # The properties need to be lowercase!!!!!!!!
                $Properties = @{
                    "Name" = $ou.properties.name -as [string]
                    "DistinguishedName" = $ou.properties.distinguishedname -as [string]
                    "ADsPath" = $ou.properties.adspath -as [string]
                    "ObjectCategory" = $ou.properties.objectcategory -as [string]
                    "ObjectClass" = $ou.properties.objectclass -as [string]
                    "ObjectGuid" = $ou.properties.objectguid
                    "WhenCreated" = $ou.properties.whencreated -as [string] -as [datetime]
                    "WhenChanged" = $ou.properties.whenchanged -as [string] -as [datetime]
                    "usncreated" = $ou.properties.usncreated -as [string]
                    "usnchanged" = $ou.properties.usnchanged -as [string]
                    "dscorepropagationdata" = $ou.properties.dscorepropagationdata
                    "instancetype" = $ou.properties.instancetype -as [string]
                }
                
                # Output the info
                New-Object -TypeName PSObject -Property $Properties
            }
        }#TRY
        CATCH
        {
            Write-Warning -Message "[PROCESS] Something wrong happened!"
            Write-Warning -Message $error[0].Exception.Message
        }
    }#PROCESS
    END
    {
        Write-Verbose -Message "[END] Function Get-ADSIOrganizationalUnit End."
    }
}