Related features:

Related Powershell Guides:

  • Home
  • PowerShell
  • How to list users from multiple OUs using PowerShell

How to list users from multiple OUs using PowerShell

The Get-ADUser cmdlet is a fundamental PowerShell command for getting user account information from Active Directory (AD). Whether you need to audit user accounts, generate reports, or perform bulk operations, Get-ADUser provides powerful filtering and search capabilities. However, when dealing with multiple organizational units (OUs) and complex filtering requirements, the process can become time-consuming and require advanced scripting knowledge.

PowerShell

Using the Get-ADUser command to get AD users from multiple OUs:

  1. Choose which domain you want to generate the report for.
  2. Select the LDAP filters that you'll use as parameters for generating the report.
  3. Within the Properties parameter, specify additional user object properties that should appear in the report.
  4. Establish the format in which you want to export the report.
  5. Double-check that you've adhered to the appropriate syntax when writing the script.
  6. Use Windows PowerShell to write and execute the script.
  7. To generate the report in a different format—or to add additional properties to the reports—modify the script accordingly.
    Import-Module ActiveDirectory
    $ous = 'OU=Sample1,DC=example1,DC=com','OU=Sample2,DC=example2,DC=com'
    $ous | ForEach-Object {
    Get-ADUser -Filter * -SearchBase $_ |
    Select Name, DistinguishedName
    } | Export-CSV -Path "C:\export.csv" -NoTypeInformation
ADManager Plus

Listing AD users from multiple OUs using ADManager Plus:

  1. Navigate to Reports > General Reports > All Users.
  2. Select the required domain and OU to filter users.
  3. Click Generate.
  4. After the report generates, click Export As to download in HTML, CSV, XLS, or PDF.
How to list users from multiple OUs using PowerShell
Start your free trial

Example use cases and scripts

Example 1: Get all users from multiple specific OUs

Retrieve all user accounts from sales and marketing organizational units in your domain.

$ous = 'OU=Sales,DC=contoso,DC=com','OU=Marketing,DC=contoso,DC=com'
$ous | ForEach { Get-ADUser -Filter * -SearchBase $_ }

This script defines multiple OUs and retrieves all users from each specified organizational unit.

Example 2: Export users from multiple OUs to CSV

Generate a CSV file containing usernames and email addresses from multiple departments.

$ous = 'OU=IT,DC=contoso,DC=com','OU=HR,DC=contoso,DC=com','OU=Finance,DC=contoso,DC=com'
$ous | ForEach { Get-ADUser -Filter * -SearchBase $_ -Properties EmailAddress | Select Name,SamAccountName,EmailAddress } | Export-CSV "C:\Users\MultiOU_Report.csv" -NoTypeInformation

This exports user details from IT, HR, and finance OUs into a single CSV file with specific attributes.

Example 3: Get enabled users from child OUs

Retrieve only enabled user accounts including all sub-OUs within a parent OU.

Get-ADUser -Filter {Enabled -eq $true} -SearchBase "OU=Corporate,DC=contoso,DC=com" -SearchScope Subtree -Properties Department,Title

This queries all enabled users within the corporate OU and all its child OUs, including department and title information.

Supported parameters

Parameters Description
-Identity Specifies an AD user object by distinguished name, GUID, security identifier, or SAM account name
-Filter Specifies a query string using PowerShell Expression Language to retrieve multiple objects
-SearchBase Specifies the AD path to search under (OU or container distinguished name (DN))
-SearchScope Specifies the scope of AD search (Base, OneLevel, or Subtree)
-Properties Specifies which user properties to retrieve (default returns a limited set)
-LDAPFilter Specifies an LDAP query string for filtering users

Limitation of using PowerShell to get AD users

  • Complex syntax requirements: Even minor syntax errors or typos can cause complete script failure, requiring debugging time.
  • Limited error handling: Scripts fail silently or with cryptic errors when encountering special characters or permission issues.
  • Manual loop construction: Retrieving users from multiple OUs requires for-each loops and array management.
  • Export format restrictions: Changing export formats requires script modifications and additional cmdlets.
  • Property selection complexity: Adding or removing user attributes requires script editing and re-execution.
  • Special character handling: OU names with special characters require escape sequences and careful string handling.
  • No visual preview: Cannot preview results before export without running separate commands.

Highlights of using ADManager Plus to get AD users

  • Script-free operation: Complete all user reporting tasks through an intuitive web interface without writing any code.
  • 200+ prebuilt reports: Access comprehensive user reports covering all aspects of AD user management out-of-the-box.
  • Multi-OU selection: Select multiple OUs with simple checkboxes. No need for arrays or loops.
  • One-click export: Export reports instantly in CSV, PDF, HTML, and XLS formats without additional commands.
  • Custom report builder: Create tailored reports with drag-and-drop attribute selection and visual query builders.
  • Automated scheduling: Set up recurring reports with email delivery using the built-in scheduler.
  • Real-time preview: View report results instantly before exporting with live data preview.

Get the list of AD users from multiple OUs with ADManager Plus

Try it now for free

FAQs

To retrieve users from multiple OUs, create an array of OU distinguished names and use ForEach-Object to iterate through them with Get-ADUser:

$ous = @('OU=Sales,DC=domain,DC=com','OU=HR,DC=domain,DC=com')
$ous | ForEach-Object { Get-ADUser -Filter * -SearchBase $_ }

This approach allows you to query multiple organizational units in a single script execution.

OneLevel searches only the immediate children of the specified OU, excluding sub-OUs. Subtree searches the entire hierarchy including all nested OUs. For multiple OU scenarios:

  • Use OneLevel when you need users from specific OUs only.
  • Use Subtree when you want all users, including those in child OUs.
  • Default is Subtree if not specified.

Include the -Properties parameter to retrieve additional attributes, then pipe the results through Export-CSV:

$ous = @('OU=IT,DC=contoso,DC=com','OU=Finance,DC=contoso,DC=com')
$users = foreach ($ou in $ous) {
Get-ADUser -Filter * -SearchBase $ou -Properties EmailAddress, Department, Title |
Select Name, SamAccountName, EmailAddress, Department, Title
}
$users | Export-CSV "C:\Reports\MultiOU_Users.csv" -NoTypeInformation

Common performance issues and solutions:

  • Large result sets: Use specific filters instead of -Filter *
  • Too many properties: Only request properties you need with -Properties
  • Network latency: Query domain controllers closer to your location
  • Inefficient loops: Use pipeline operations instead of nested for-each loops
  • No pagination: For large datasets, implement result limiting with -ResultSetSize

Combine OU iteration with filter conditions. For example, to get only enabled users with email addresses:

$ous = @('OU=Sales,DC=domain,DC=com','OU=Marketing,DC=domain,DC=com')
$ous | ForEach-Object {
Get-ADUser -Filter {Enabled -eq $true -and EmailAddress -like "*"} -SearchBase $_
}

Yes, specify the -Server parameter for each domain:

$ouList = @(
@{OU='OU=Users,DC=domain1,DC=com'; Server='dc1.domain1.com'},
@{OU='OU=Users,DC=domain2,DC=com'; Server='dc2.domain2.com'}
)
foreach ($item in $ouList) {
Get-ADUser -Filter * -SearchBase $item.OU -Server $item.Server
}

Get-ADUser returns these properties by default:

  • DistinguishedName
  • Enabled
  • GivenName
  • Name
  • ObjectClass
  • ObjectGUID
  • SamAccountName
  • SID
  • Surname
  • UserPrincipalName

To retrieve additional properties like EmailAddress, Department, or Manager, use the -Properties parameter.

OUs with special characters require proper escaping. For OUs containing commas, use backslash ("\").

If the OU name is "Sales, North America":

$ou = 'OU=Sales\, North America,DC=contoso,DC=com'
Get-ADUser -Filter * -SearchBase $ou

For parentheses or other special characters, use single quotes and escape as needed.

There's no hard limit on the number of OUs you can query, but consider:

  • Memory usage: Large result sets consume significant RAM
  • Execution time: More OUs mean longer processing time
  • Network bandwidth: Each query generates network traffic
  • Domain controller load: Excessive queries can impact DC performance

For optimal performance, batch large queries or implement pagination when dealing with 50+ OUs.

To generate a summary report with user counts per OU:

$ous = @('OU=Sales,DC=domain,DC=com','OU=IT,DC=domain,DC=com')
$report = foreach ($ou in $ous) {
$users = Get-ADUser -Filter * -SearchBase $ou -SearchScope OneLevel
[PSCustomObject]@{
OU = $ou
UserCount = $users.Count
}
}
$report | Format-Table -AutoSize
The one-stop solution to Active Directory Management and Reporting
Highlights AD Management Active Directory Reports Exchange Management Popular products
Email Download Link