Script Repository

Objects located in Organizational Unit

April 24, 2017

This script generates and emails an HTML-formatted report containing Active Directory objects located in the Organizational Unit on which it is executed and matching a certain LDAP filter. It also allows skipping certain Organizational Units located within the listed OU.

To generate the reports upon request, you can create a Custom Command for the Organizational Unit object type that runs the script. To schedule the reports, you need to create a Scheduled Task and include the necessary OU in the Activity Scope.

To add the script to a Custom Command or Scheduled Task, use the Run a program or PowerShell script action.


  • $searchFilter - specifies a LDAP search filter string that will be used to find the objects you need;
  • $reportProperties - specifies LDAP display names of the object attributes you want to include in the report;
  • $excludedOuNames - specifies names of sub-OUs that will be skipped. Pass an empty array not to skip any sub-OUs;
  • $to - specifies email addresses of the recipient(s) of the report;
  • $subject - specifies the email message subject;
  • $reportHeader - specifies the report header;
  • $reportFooter - specifies the report footer.
Edit Remove
$searchFilter = "(&(objectCategory=person)(objectClass=user))" # TODO: modify me
$reportProperties = @("description", "physicalDeliveryOfficeName", "department")
$excludedOuNames = @("Service Accounts", "Disabled Accounts") # TODO modify me

# E-mail message settings
$to = "" # TODO: modify me
$subject = "Users in OU '%name%'" # TODO: modify me
$reportHeader = "<h2><b>Users in OU '%name%'</b></h2>" # TODO: modify me
$reportFooter = "<hr /><p><i>Please do not reply to this e-mail, it has been sent to you for notification purposes only.</i></p>" # TODO: modify me

function IsDescendantOfOu($userDN, $excludedOuNames)
    foreach ($ouName in $excludedOuNames)
        if ($userDN.Contains("OU=$ouName,"))
            return $True
    return $False

# Find objects matching the LDAP filter
$searcher = $Context.TargetObject
$searcher.SearchFilter = $searchFilter
$searcher.SearchScope = "ADS_SCOPE_SUBTREE"
$searcher.PageSize = 500
$propertiesToLoad = $reportProperties + @("distinguishedName", "objectGuid")

    # Get the default Web Interface address
    $webInterfaceAddress = "%adm-WebInterfaceUrl%"
    if ([System.String]::IsNullOrEmpty($webInterfaceAddress))
        $Context.LogMessage("Default Web Interface address not set for Adaxes service. For details, see", "Warning")
    # Get display names of all properties
    $culture = [System.Globalization.CultureInfo]::CurrentCulture
    $attributeFriendlyNamesCache = [Softerra.Adaxes.Directory.AttributeFriendlyNamesCache]::GetInstance($culture)
    # Build HTML table
    $table = "<table border='1'>"
    $table += "<tr><th>User display name</th>"
    foreach ($propertyLdapName in $reportProperties)
        # Add property name to the report
        if ($attributeFriendlyNamesCache.HasFriendlyName($propertyLdapName))
            $propertyName = $attributeFriendlyNamesCache.GetFriendlyName($propertyLdapName, "user")
            $propertyName = $propertyLdapName

        $table += "<th>$propertyName</th>"

    $table += "</tr>"
    # Add user info to the report
    $searchResultIterator = $searcher.ExecuteSearch()
    $users = $searchResultIterator.FetchAll()

    foreach ($user in $users)
        # Skip users located in excluded OUs
        if (IsDescendantOfOu $user.Properties["distinguishedName"].Value $excludedOuNames)
        # Add user info to the report
        # Add display name and link to view in the Web Interface
        $guid = [Guid]$userID.Properties["objectGuid"].Value
        $userDisplayName = [Softerra.Adaxes.Utils.ObjectNameHelper]::GetObjectName($userID.AdsPath, "IncludeParentPath")
        $tableRow = "<tr><td><a href='$webInterfaceAddress`ViewObject.aspx?guid=$guid'>$userDisplayName</a></td>"

        # Add the specified properties
        foreach ($propertyLdapName in $reportProperties)
            $value = $userID.Properties[$propertyLdapName].Values
            if ($value.Length -gt 1)
                $value = $value -join "; "
            $tableRow += "<td>$value</td>"

        $tableRow += "</tr>"
        $table += $tableRow
    # Finish building the HTML table
    $table += "</table>"
    $htmlReport = $reportHeader + $table + $reportFooter

    # Send mail
    $Context.SendMail($to, $subject, $NULL, $htmlReport)
    # Release resources used by the search

Comments ( 0 )
No results found.
Leave a comment