You can actually do this one pretty easily with a very simply query (ou=*)
The RDN attribute (rDNAttID) of organizationalUnit objects is ou. It is indexed. Once all of the DNs have been returned, you simply sort them[1] to slap them into a hierarchical structure. The thing is, do you just want OU's? Maybe you also want containers if you are looking at the whole domain. At that point you need to enhance the filter to |(ou=*)(objectcategory=container) Anyway, assuming you just want OUs, here is a fun way to get this info if you just want to dump to the console. F:\>adfind -default -f "(ou=*)" canonicalname -nodn -nolabel -q |sort joe.com/Domain Controllers joe.com/Exchange joe.com/Exchange/joeware2 joe.com/Exchange/joeware2/Contacts joe.com/Exchange/joeware2/MailGroups joe.com/Exchange/joeware2/MailUsers joe.com/TestOU joe.com/TestOU/AdModTests joe.com/TestOU/AdModTests2 joe.com/TestOU/AdModUndeleteTest joe.com/TestOU/AdModUndeleteTest/admod-betaadd joe.com/TestOU/ashtest joe.com/TestOU/Disabled joe.com/TestOU/l1 joe.com/TestOU/l1/l2 joe.com/TestOU/l1/l2/l3 joe.com/TestOU/l1/l2/l3/l4 joe.com/TestOU/movetree joe.com/TestOU/movetree2 joe.com/TestOU/Protected joe.com/TestOU/rangetest joe.com/TestOU/TestCode joe.com/TestOU/TestComputers joe.com/TestOU/TestGroupsOU joe.com/TestOU/TestUni joe.com/TestOU/TestUsers2OU joe.com/TestOU/TestUsersOU joe.com/TestOU/TestUsersOU/SUBOU Oh as for SQL Queries... I don't use those against AD. AD is an LDAP directory so I use LDAP queries. I don't use LDAP Queries against SQL Server.... People that tend to use a lot of SQL queries start to complain when they can't do things that they can normally do in the SQL query that they can do against SQL Servers... The easy way to avoid this is not to use SQL Queries. Oh one last thing, in Al's example. You can actually use objectcategory=organizationalunit, you don't need to expand it to the full DN of that class in that directory. That way you can be more generic in your query. The qp will expand objectcategory=organizationalunit into the appropriate string for the local directory. joe [1] The sort in this case involves splitting the DNs apart (say ldap_explode_dn), reversing the order of the pieces and sorting on that or alternatively returning the canonicalName with the DNs and sorting the DNs based on the canonicalName. For instance if I have an OU of OU=l4,OU=l3,OU=l2,OU=l1,OU=TestOU,DC=joe,DC=com, the canonicalName is joe.com/TestOU/l1/l2/l3/l4. -----Original Message----- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Mulnick, Al Sent: Monday, March 07, 2005 11:27 AM To: [email protected] Subject: RE: [ActiveDir] OU's listed I haven't done it lately, but I would assume you can bind to the root and iterate the children looking for OU objects. You could also create a query that searches the domain for objectClass of organizationalUnit and then add each of the ones you find to the application nodes. An example ldap query that would do it would be: (&(objectClass=organizationalUnit)(objectCategory=CN=Organizational-Unit,CN= Schema,CN=Configuration,DC=root_domain,DC=com)) Ask for just the names or the DN's to be returned. LDAP dialect is more familiar to me than SQL, but I would imagine either could be done. Al -----Original Message----- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Stelley, Douglas Sent: Monday, March 07, 2005 11:07 AM To: [email protected] Subject: [ActiveDir] OU's listed Is there a way to query Active Directory and return all OU's? perhaps a SQL query? I can use "dsquery ou" I suppose, but I'm writing a .net that can be a front end for our help desk in easing simple user management tasks. I have a hard coded version, but I'd like to have a query that will return all available OU's in a drop down select box for user moves within this domain. Thanks Doug Stelley This time, like all time, is a very good one if we but know what to do with it. - Ralph Waldo Emerson Confidentiality Notice: The information contained in this message may be legally privileged and confidential information intended only for the use of the individual or entity named above. If the reader of this message is not the intended recipient, or the employee or agent responsible to deliver it to the intended recipient, you are hereby notified that any release, dissemination, distribution, or copying of this communication is strictly prohibited. If you have received this communication in error please notify the author immediately by replying to this message and deleting the original message. Thank you. List info : http://www.activedir.org/List.aspx List FAQ : http://www.activedir.org/ListFAQ.aspx List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ List info : http://www.activedir.org/List.aspx List FAQ : http://www.activedir.org/ListFAQ.aspx List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/
