PowerShell to find enabled user objects per OU in Active Directory

SO you’ve been tasked with trying to find out how many user objects exist i your domain, but the OU structure is so disorganised, you don’t know where to start?

This simple PowerShell script will tweeze out all any user objects no matter where they are hidden, so long as the account context you run it in can see them.

$outmatrix = @()
$ou=Get-ADOrganizationalUnit -filter * #-searchbase “ou=your,dc=domain,dc=name,dc=here,dc=com” -filter * -searchscope 1
foreach ($o in $ou)
{$count=@(Get-ADUser -searchbase $o -searchscope 1 -filter * |Where-Object {$_.enabled -eq $TRUE}).count

#Construct an object
$matrix = “” | Select “ou”, “count”
$matrix.ou = $o
$matrix.count = $count
$outmatrix += $matrix
$matrix = $null
$outmatrix |export-csv $filepath -notypeinformation

Just update the searchbase to provide a starting point for the search and search away!


Leave a Reply