|
I don’t know if you are in the
position to do so, but if you are able I would consider consolidating your “many”
OUs. There have been a lot of discussions over what to use OUs for so I
won’t go into detail here, but I think the general consensus is to use
them primarily to aid in grouping for administrative control. GPO
application can be controlled by group membership. Especially with only
~500 users, I think you’re seeing the administrative headaches associated
with a complex OU structure. It’s just a suggestion, but I think it
might make life easier for you. Here is a quote from the book Microsoft
Windows Server 2003 Unleashed, and a link to the chapter (though this is
not an endorsement, I have not read the whole book): http://www.samspublishing.com/articles/article.asp?p=98126&rl=1
While there is a tendancy to use organizational units to structure the
design of Active Directory, OUs should not be created to just document the
organizational chart of the company. The fact that the organization has a Sales
department, a Manufacturing department, and a Marketing department doesn't
suggest that there should be these three Active Directory OUs. An administrator
should create organizational units if the departments will be administered
separately and/or policies will be applied differently to the various
departments. However if the departments will all be administered by the same IT
team, and the policies being applied will also be the same, having multiple OUs
is not necessary. Additionally, organizational units are not exposed to the directory,
meaning that if a user wants to send an e-mail to the members of an OU, he
would not see the OU structure nor the members in the OU grouping. To see members of an organizational structure, Active Directory groups
should be created. Groups are exposed to the directory and will be seen when a
user wants to list members and groups in the organization. Just my $.02 Rich ----------------------------------------------------------------------- From:
[EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Navroz Shariff Well, my company has many departments each
separted in AD with its own OU. Having over 500 users, it is hard to find which
specific OU they are located. I am aware that I can perform a search in AD but
having a script handy would make it much easier in doing the search. In
addition, having a functionality to export the results to a file would be great
for reporting which user belongs to what department. I have gone around
TechNet's script center searching for what I want but all scripts regarding
retrieving user account property values need values for CN, Thanks for all your replies. -Nav From:
[EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Al Mulnick Script? Have you seen Joeware.net's
adfind.exe ? How about DSQUERY? If you really wanted to do that in script you could. There's
likely enough examples to cobble together something like that on scriptcenter
(technet). Does that help? If not, can you expand on why you would want to know
the OU a user is in? Do you need to write this to a file? Use it for
something else? On 1/4/06, Navroz
Shariff <[EMAIL PROTECTED]>
wrote: Dear list, Does anyone know of a script that, when a
domain username is entered, would locate which OU the account is located in if,
for the sake of argument, the OU structure in AD was designed in a way that
user accounts were separated? Thanks advance, -Nav
|
