PowerShell Problem Solver: Finding Empty Organizational Units in Active Directory - Mark Minasi's Tech Forum

Mark Minasi's Tech Forum

MR&D, Home of Mark Minasi > Categories > Group Policy > PowerShell Problem Solver: Finding Empty Organizational Units in Active Directory

Note: Your browser does not have JavaScript enabled. Many features may not work properly without it. Please enable JavaScript in your browser settings.

Author

Comment

jsclmedave

Administrator
Registered:1451575820
Posts: 417

Posted 1476818427 · Edited	Reply with quote #1

PowerShell Problem Solver: Finding Empty Organizational Units in Active Directory Posted on April 13, 2016 by Jeff Hicks in PowerShell https://www.petri.com/powershell-problem-solver-finding-empty-organizational-units-active-directory I was working with another "this will be easy" task today. Search for ALL of the OUs that do not have any user or computer objects in them, basically Empty OUs. Jeff's example was spot on and I didn't even have to do anything to them once found just dump them to a file to be worked later. Code: Get-ADOrganizationalUnit -filter * -Properties Description -PipelineVariable pv \| Select DistinguishedName,Name,Description, @{Name="Children"; Expression = {Get-ADObject -filter * -SearchBase $pv.distinguishedname \| Where { $_.objectclass -ne "organizationalunit"} \| Measure-Object \| Select -ExpandProperty Count }} \| Where {$_.children -eq 0} Get-ADOrganizationalUnit : The server has returned the following error: invalid enumeration context. At line:1 char:14 + ... Testing02 = Get-ADOrganizationalUnit -filter * -Properties Descriptio ... + ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ + CategoryInfo : NotSpecified: (:) [Get-ADOrganizationalUnit], ADException + FullyQualifiedErrorId : The server has returned the following error: invalid enumeration context.,Microsoft.ActiveDirectory.Management.Commands.GetADOrganizationalUnit Huh..? After some digging I realized there may be a limitation on what can be returned similar to what I had ran into while working with results from Exchange & Lync. The answer for me - due to our size - was to include the -ResultPageSize switch which I set to 0. Code: Get-ADOrganizationalUnit -filter * -ResultPageSize 0 -Properties Description -PipelineVariable pv \| Select DistinguishedName,Name,Description, @{Name="Children"; Expression = {Get-ADObject -filter * -SearchBase $pv.distinguishedname \| Where { $_.objectclass -ne "organizationalunit"} \| Measure-Object \| Select -ExpandProperty Count }} \| Where {$_.children -eq 0} BINGO! Now I checked a couple to see if I had what I wanted then I dumped it to a file for the requester. Thanks Jeff!! __________________ Tim Bolton @jsclmedave Email: [string](0..20\|%{[char][int](32+('527377347976847978324785847679797514357977').substring(($_2),2))}) -replace ' ' New to the forum? Please Read this*
0 0 0

cj_berlin

Senior Member
Registered:1451592353
Posts: 177

Posted 1476821460	Reply with quote #2

Hi, I don't like the inner search clause in this script. It basically enumerates (as opposed to counts) all objects within an OU where all it really needs is to know whether there is one. What I would do is replace Code: Get-ADObject -filter * -SearchBase $pv.distinguishedname \| Where { $_.objectclass -ne "organizationalunit"} by Code: Get-ADObject -Filter {objectclass -ne "organizationalunit"} -SearchBase $pv.distinguishedname -ResultSetSize 1 so that Get-ADObject terminates the moment it finds the first element. __________________ Evgenij Smirnov My personal blog (German): http://www.it-pro-berlin.de/ My stuff on PSGallery: https://www.powershellgallery.com/profiles/it-pro-berlin.de/
0 1 1

jsclmedave

Administrator
Registered:1451575820
Posts: 417

Posted 1476883137	Reply with quote #3

Quote: Originally Posted by cj_berlin Hi, I don't like the inner search clause in this script. It basically enumerates (as opposed to counts) all objects within an OU where all it really needs is to know whether there is one. What I would do is replace Code: Get-ADObject -filter * -SearchBase $pv.distinguishedname \| Where { $_.objectclass -ne "organizationalunit"} by Code: Get-ADObject -Filter {objectclass -ne "organizationalunit"} -SearchBase $pv.distinguishedname -ResultSetSize 1 so that Get-ADObject terminates the moment it finds the first element. Thank You for pointing that out!!! That was the thing that was bugging me that was so obvious I could not see it. WOW!! Yesterday 20 - 23 mintues Today - Total Elapsed Time: 00:03:41.5424078 ..! THANK YOU!! Code: $elapsed = [System.Diagnostics.Stopwatch]::StartNew() Get-ADOrganizationalUnit -filter * -ResultPageSize 0 -Properties Description -PipelineVariable pv \| Select DistinguishedName,Name,Description, @{Name="Children"; Expression = {Get-ADObject -Filter {objectclass -ne "organizationalunit"} -SearchBase $pv.distinguishedname -ResultSetSize 1 \| Measure-Object \| Select -ExpandProperty Count }} \| Where {$_.children -eq 0} Write-Output "Total Elapsed Time: $($elapsed.Elapsed.ToString())" __________________ Tim Bolton @jsclmedave Email: [string](0..20\|%{[char][int](32+('527377347976847978324785847679797514357977').substring(($_2),2))}) -replace ' ' New to the forum? Please Read this*
0 0 0

Previous Topic | Next Topic

Print

Quick Navigation: