Mark Minasi's Tech Forum
Register Calendar Latest Topics Chat
 
 
 


Reply
  Author   Comment  
jsclmedave

Administrator
Registered:
Posts: 435
Reply with quote  #1 

PowerShell Problem Solver: Finding Empty Organizational Units in Active Directory

Posted on April 13, 2016 by Jeff Hicks in PowerShell 

https://www.petri.com/powershell-problem-solver-finding-empty-organizational-units-active-directory


I was working with another "this will be easy" task today.  Search for ALL of the OUs that do not have any user or computer objects in them, basically Empty OUs.

Jeff's example was spot on and I didn't even have to do anything to them once found just dump them to a file to be worked later.

Code:

 Get-ADOrganizationalUnit -filter * -Properties Description -PipelineVariable pv | Select DistinguishedName,Name,Description,
@{Name="Children"; Expression = {Get-ADObject -filter * -SearchBase $pv.distinguishedname |
Where { $_.objectclass -ne "organizationalunit"} |
Measure-Object | Select -ExpandProperty Count }} | Where {$_.children -eq 0}
Get-ADOrganizationalUnit : The server has returned the following error: invalid enumeration context.
At line:1 char:14
+ ... Testing02 = Get-ADOrganizationalUnit -filter * -Properties Descriptio ...
+                 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    + CategoryInfo          : NotSpecified: (:) [Get-ADOrganizationalUnit], ADException
    + FullyQualifiedErrorId : The server has returned the following error: invalid enumeration context.,Microsoft.ActiveDirectory.Management.Commands.GetADOrganizationalUnit
 



Huh..?

After some digging I realized there may be a limitation on what can be returned similar to what I had ran into while working with results from Exchange & Lync.

The answer for me - due to our size - was to include the -ResultPageSize switch which I set to 0.

Code:

Get-ADOrganizationalUnit -filter * -ResultPageSize 0 -Properties Description -PipelineVariable pv | Select DistinguishedName,Name,Description,
@{Name="Children"; Expression = {Get-ADObject -filter * -SearchBase $pv.distinguishedname |
Where { $_.objectclass -ne "organizationalunit"} |
Measure-Object | Select -ExpandProperty Count }} | Where {$_.children -eq 0}


BINGO!

Now I checked a couple to see if I had what I wanted then I dumped it to a file for the requester.

Thanks Jeff!!



__________________
Tim Bolton @jsclmedave
Email: [string](0..20|%{[char][int](32+('527377347976847978324785847679797514357977').substring(($_*2),2))}) -replace ' '  

New to the forum? Please Read this
0
cj_berlin

Avatar / Picture

Senior Member
Registered:
Posts: 199
Reply with quote  #2 
Hi,

I don't like the inner search clause in this script. It basically enumerates (as opposed to counts) all objects within an OU where all it really needs is to know whether there is one. What I would do is replace

Code:

Get-ADObject -filter * -SearchBase $pv.distinguishedname |
Where { $_.objectclass -ne "organizationalunit"} 


by

Code:

Get-ADObject -Filter {objectclass -ne "organizationalunit"} -SearchBase $pv.distinguishedname -ResultSetSize 1


so that Get-ADObject terminates the moment it finds the first element.

__________________
Evgenij Smirnov

My personal blog (German): http://www.it-pro-berlin.de/
My stuff on PSGallery: https://www.powershellgallery.com/profiles/it-pro-berlin.de/
0
jsclmedave

Administrator
Registered:
Posts: 435
Reply with quote  #3 
Quote:
Originally Posted by cj_berlin
Hi,

I don't like the inner search clause in this script. It basically enumerates (as opposed to counts) all objects within an OU where all it really needs is to know whether there is one. What I would do is replace

Code:
 Get-ADObject -filter * -SearchBase $pv.distinguishedname | Where { $_.objectclass -ne "organizationalunit"} 


by

Code:
 Get-ADObject -Filter {objectclass -ne "organizationalunit"} -SearchBase $pv.distinguishedname -ResultSetSize 1 


so that Get-ADObject terminates the moment it finds the first element.


Thank You for pointing that out!!!  That was the thing that was bugging me that was so obvious I could not see it.

WOW!!  Yesterday 20 - 23 mintues

Today - Total Elapsed Time: 00:03:41.5424078  ..!

THANK YOU!!


Code:


$elapsed = [System.Diagnostics.Stopwatch]::StartNew() 
Get-ADOrganizationalUnit -filter * -ResultPageSize 0 -Properties Description -PipelineVariable pv | Select DistinguishedName,Name,Description,
@{Name="Children"; Expression = {Get-ADObject -Filter {objectclass -ne "organizationalunit"} -SearchBase $pv.distinguishedname -ResultSetSize 1 |
Measure-Object | Select -ExpandProperty Count }} | Where {$_.children -eq 0} 
Write-Output "Total Elapsed Time: $($elapsed.Elapsed.ToString())"





__________________
Tim Bolton @jsclmedave
Email: [string](0..20|%{[char][int](32+('527377347976847978324785847679797514357977').substring(($_*2),2))}) -replace ' '  

New to the forum? Please Read this
0
Previous Topic | Next Topic
Print
Reply

Quick Navigation: