Get AD groups from OU using only ADSI

Ask your PowerShell-related questions, including questions on cmdlet development!
Forum rules
Do not post any licensing information in this forum.

Any code longer than three lines should be added as code using the 'Select Code' dropdown menu or attached as a file.
This topic is 1 year and 11 months old and has exceeded the time allowed for comments. Please begin a new topic or use the search feature to find a similar but newer topic.
Locked
User avatar
B Daring
Posts: 90
Last visit: Mon Feb 05, 2024 3:00 pm
Answers: 2
Has voted: 1 time

Get AD groups from OU using only ADSI

Post by B Daring »

Is it not possible to get all groups from an OU using only ADSI search? I can't use the Active Directory module as it is not installed on our users desktops.

I would love to loop through an OU and get all the groups the user is a member of.
jvierra
Posts: 15439
Last visit: Tue Nov 21, 2023 6:37 pm
Answers: 30
Has voted: 4 times
Been upvoted: 33 times

Re: Get AD groups from OU using only ADSI

Post by jvierra »

Yes, you can access AD with ADSI. Your search engine is a good place to start with to learn how to use ADSI with PowerSHell.

Example: https://petri.com/managing-active-direc ... owershell/
User avatar
B Daring
Posts: 90
Last visit: Mon Feb 05, 2024 3:00 pm
Answers: 2
Has voted: 1 time

Re: Get AD groups from OU using only ADSI

Post by B Daring »

Thanks jvierra,

I have read that article but it doesn't show how to get groups from an OU. I don't want what a user is a member of, I want just the groups from a specific OU. I can't find anything that pertains to that.

[edit]
I don't want what the user is a member of anymore, just need groups in the OU.
jvierra
Posts: 15439
Last visit: Tue Nov 21, 2023 6:37 pm
Answers: 30
Has voted: 4 times
Been upvoted: 33 times

Re: Get AD groups from OU using only ADSI

Post by jvierra »

That was an example of how to use ADSI. Look at the API docs for a complete set of examples. I just did a quick search. I have numerous bits of code but not one that addresses your exact issue.

Here is a sampler I wrote years ago. It has many examples of different methods of accessing AD with ADSI. This example should work on any AD local domain. It will show you how to access and enumerate objects in OUs or containers.

I will look for an example I have on how to work with user objects.

Note that the "memberOf" property of a user object contains all groups the user is a direct member of.
Attachments
Demo-ADSITreeView.psf
(23.67 KiB) Downloaded 67 times
jvierra
Posts: 15439
Last visit: Tue Nov 21, 2023 6:37 pm
Answers: 30
Has voted: 4 times
Been upvoted: 33 times

Re: Get AD groups from OU using only ADSI

Post by jvierra »

Here is another one that shows how to manage a user object.
Attachments
Demo-ADUpdateForm.psf
(23.63 KiB) Downloaded 87 times
jvierra
Posts: 15439
Last visit: Tue Nov 21, 2023 6:37 pm
Answers: 30
Has voted: 4 times
Been upvoted: 33 times

Re: Get AD groups from OU using only ADSI

Post by jvierra »

Here is another one that demonstrates more ways to work with user objects.
Attachments
Demo-ADAddUserForm.psf
(26.64 KiB) Downloaded 64 times
User avatar
B Daring
Posts: 90
Last visit: Mon Feb 05, 2024 3:00 pm
Answers: 2
Has voted: 1 time

Re: Get AD groups from OU using only ADSI

Post by B Daring »

Thanks again jvierra,

I'll take a look at the treeview one, it looks like what I was looking for. Everything on the internet only deals with users and what they are associated with.
jvierra
Posts: 15439
Last visit: Tue Nov 21, 2023 6:37 pm
Answers: 30
Has voted: 4 times
Been upvoted: 33 times

Re: Get AD groups from OU using only ADSI

Post by jvierra »

The whole trick is to learn how to walk through the containers at all levels and how to do restricted searches in a container or in a subtree. Once you see how this is accomplished in the many methods then you can choose the best method and acquire the specific objects. All objects in AD are just Net Framework objects so all PS and Net rules apply although AD itself can be challenging as it is not the same kind of object system as NetF.
User avatar
B Daring
Posts: 90
Last visit: Mon Feb 05, 2024 3:00 pm
Answers: 2
Has voted: 1 time

Re: Get AD groups from OU using only ADSI

Post by B Daring »

Yeah, I was making it more complicated than it needed to be. The treeview demo worked perfectly. I was able to see how it called OU's and ported it to my script.

Appreciate the help.
This topic is 1 year and 11 months old and has exceeded the time allowed for comments. Please begin a new topic or use the search feature to find a similar but newer topic.
Locked