Counting Users by OU with PowerShell

I’ve been following a discussion thread in the PowerShell forum at ScriptingAnswers.com. The post is about counting the number of users in an OU. Well that sounds like fun. We got him started using the Quest AD cmdlets. I thought I’d share some of the code I posted.

The test code he is posting is using Write-Host, which makes puppies cringe everywhere. But this is PowerShell so we need to be thinking about objects. With objects I can sort on a property, export to a CSV, send to a file or whatever. I decided it would be helpful to have an object for each OU that included the OU name, distinguishedname, total number of users, total enabled users and total disabled users. You could also get a count of expired and/or non-expired.

As with most tasks, there is usually several ways to accomplish it. Here’s my approach using the Quest cmdlets.


get-qadobject -type organizationalunit |
foreach {
$u=get-qaduser -SearchRoot $_.dn -SizeLimit 500 -PageSize 2000 -searchscope Onelevel
$total=($u | measure-object).count
$disabled=($u | where {$_.AccountIsDisabled} | Measure-Object).count
$Enabled=$total-$disabled
New-Object psobject -Property @{
Name=$_.Name;
OU=$_.DN;
Description=$_.Description;
TotalUsers=$Total;
Enabled=$Enabled;
Disabled=$Disabled
}
}

The code first gets all organizational units in the domain. You could use the -Searchroot parameter if you wanted to narrow the search. Each OU is then piped to a foreach-object. Here I’m getting all the users specifying the search root. I’ve added some optional parameters for paging but the cmdlet usually is pretty good about these sorts of things. Although one parameter that is important here is SearchScope. Because I’m counting each OU I don’t want to get a count of users in any child OUs. Setting the SearchScope to OneLevel will only return objects in the immediate container. It won’t recursively search.

Once I have the user count, I measure the total number of of users. Then I get a count of all disabled users. Since an account can only be disabled or enabled, the enabled count should be the difference. Finally, I use New-Object to write a custom object to the pipeline with properties for the OU and my user counts.

If you have the Microsoft AD provider and cmdlets, here’s a version you can use:

Get-ADOrganizationalUnit -filter * -property Description |
foreach {
$u=Get-ADUser -filter * -searchbase $_.distinguishedname -ResultPageSize 2000 -resultSetSize 500 -searchscope Onelevel
$total=($u | measure-object).count
$Enabled=($u | where {$_.Enabled} | Measure-Object).count
$Disabled=$total-$Enabled
New-Object psobject -Property @{
Name=$_.Name;
OU=$_.Distinguishedname;
Description=$_.Description;
TotalUsers=$Total;
Enabled=$Enabled;
Disabled=$Disabled
}
}

If you’d like to learn more about managing Active Directory with PowerShell, as luck would have it I’ve written a book on the subject. You can check it out on my Books and Training page.

Updating Multi-Valued Active Directory Properties Part 2

A few weeks ago I posted about updating multi-valued attributes in Active Directory. Part 1 covered how to accomplish this in PowerShell using ADSI. In Part 2 I’ll show you how to accomplish this using the free Active Directory cmdlets from Quest Software. As you’ll see, the over all process isn’t that much different. Except that using cmdlets simplifies a lot of the typing. Continue reading

PowerShell Deep Dive Formatting and Extensions

I just found out I will be presenting at the PowerShell Deep Dive April 18-19 that is part of TEC 2011. This promises to be THE PowerShell event everyone has been waiting for. I’ll be presenting on format and type extensions.

Mastering Format and Type Extensions

Windows PowerShell is designed with administrators in mind. The goal is to present the most useful information to you with the least amount of effort. But sometimes you need something out of the box. Do you have a preferred way to view process objects that requires scripting every time? Does your script create a custom object that you would like formatted in a specific manner? This session will explain PowerShell’s formatting system and how to master it with your own formatting and type extension files, including how to incorporate these files into your scripts and modules

I’m excited about this conference and home to see many of you there. Seats are limited so make your plans sooner rather than later. Here’s the place to start.

PowerShell: The Ultimate Ginsu Knife

You don’t have to stay up until the wee hours of the morning looking for an amazing tool that slices and dices like the famed Ginsu Knife. Are you looking for a way to speed up your work? Are you tired of the same old routine? Would you be surprised that your answer is already at your fingertips? Windows PowerShell is the amazing tool that can slice, dice, mince, sort, group and more all of your data. But wait…there’s more. Continue reading

New Book Project – Reviewers Needed

While at Microsoft TechEd, I signed the paperwork to write a second edition of Managing Active Directory with Windows PowerShell: TFM for SAPIEN Press. It’s hard to believe so much has happened since that book hit the shelves in less than 2 years. The 2nd edition will continue to include coverage of Quest Software’s PowerShell comdlets (naturally updated and expanded where necessary). Almost all of the ADSI content will be dropped and I’ll be explaining how to use the Microsoft ActiveDirectory provider and cmdlets. My goal is to write a book that is really two books in one.

To that end I’ll be in need of some rock-solid and reliable technical reviewers. I need 4-5 people who will have time and resources over the next 4-6 months to read manuscripts, test out code samples and provide constructive feedback. Ideally, a reviewer should be able to run the Quest cmdlets and the Microsoft cmdlets with either a Windows Server 2008 R2 domain controller or the Active Directory Management Gateway Service. Please DO NOT use your production environment. You will need to test from a Windows 7 desktop. It would be helpful to have reviewers from a variety of organizations from small 100 user companies to 10,000 plus.  Selected reviewers will receive a free printed copy of the final book and a $50 gift card (not to mention my grateful thanks and the admiration of your peers).

If you are interested, send me an email ([email protected]). Tell me about your PowerShell background, the scope of your Active Directory environment that you can test with and anything else you think I should know. If you are selected, you’ll get an email from me. If you aren’t selected, you’ll go on my list of alternate reviewers should people drop out early in the process.

I’m looking forward to the project and trust you will be as well.