-
Notifications
You must be signed in to change notification settings - Fork 1
/
Get-OUDetails.ps1
111 lines (94 loc) · 3.11 KB
/
Get-OUDetails.ps1
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
function Get-OUDetails {
<#
.SYNOPSIS
Get advanced details about an organizational unit (OU) in Active Directory.
.DESCRIPTION
THIS IS STILL A CONCEPT WORK IN PROGRESS
.NOTES
The Test-BlockInheritence, Test-IsCriticalSystemObject, and Test-IsHiddenOU functions were all created because
I would rather display an explicit value (eg: $false) than a null that implies $false. Likewise, I prefer to
display a $true or $false rather than 1 or a 0.
#>
Import-Module ActiveDirectory
$OUs = Get-ADOrganizationalUnit -Filter * -Properties CanonicalName, gPOptions, isCriticalSystemObject, showInAdvancedViewOnly | Sort-Object CanonicalName
foreach ($OU in $OUs) {
[array]$OUDetails += [PSCustomObject]@{
Name = $OU.Name
DistinguishedName = $OU.DistinguishedName
CanonicalName = $OU.CanonicalName
Parent = Get-ParentOU $OU
Child = Get-ChildOU $OU
BlockInheritance = Test-BlockInheritence $OU
CriticalLocation = Test-IsCriticalSystemObject $OU
ShowInAdvancedViewOnly = Test-IsHiddenOU $OU
}
}
# Return the OUDetails array as the result of this function
$OUDetails
}
function Get-ParentOU {
# Get the parent organizational unit of an OU in Active Directory
[CmdletBinding()]
param (
[Parameter()]
$OrganizationalUnit
)
$DN = $OrganizationalUnit.DistinguishedName
$ParentDN = ($DN.Replace("OU=$($OrganizationalUnit.Name),",''))
if ($ParentDN -notlike "DC=*") {
$ParentOU = Get-ADOrganizationalUnit -Identity "$ParentDN" -Properties CanonicalName
} else {
$ParentOU = $null
}
$ParentOU
}
function Get-ChildOU {
# List the child OUs for an organizational unit in Active Directory
[CmdletBinding()]
param (
[Parameter()]
$OrganizationalUnit
)
$DN = $OrganizationalUnit.DistinguishedName
$ChildOU = [array](Get-ADOrganizationalUnit -Filter * -SearchBase $DN -SearchScope OneLevel -Properties CanonicalName)
$ChildOU
}
function Test-BlockInheritence {
# Check if Block Inheritence is set on an organizational unit in Active Directory
[CmdletBinding()]
param (
[Parameter()]
$OrganizationalUnit
)
if ($OU.gPOptions -eq 1) {
$true
} else {
$false
}
}
function Test-IsCriticalSystemObject {
# Check if the OU is flagged as a critical system object, which indicates that it is a default location for new AD objects.
[CmdletBinding()]
param (
[Parameter()]
$OrganizationalUnit
)
if ($OrganizationalUnit.isCriticalSystemObject) {
$true
} else {
$false
}
}
function Test-IsHiddenOU {
# Check if the OU is shown in advanced view only, and hidden from the standard view in ADUC.
[CmdletBinding()]
param (
[Parameter()]
$OrganizationalUnit
)
if ($OrganizationalUnit.showInAdvancedViewOnly) {
$true
} else {
$false
}
}