AD: Quickly Determine OU of User using VBScript

I’m working on a few Active Directory scripts that require knowing the full path or “distinguished name” of the user object. All I know initially is the username and domain name and I found a script at Hey, Scripting Guy! that is really useful — it searches AD for the user’s OU information. The only problem I had with the script is that it was properly done and thus, really long. At 26 lines, give or take, it cluttered my code so I decided to cut it down drastically. It’s likely that my code isn’t efficient and will probably take down the server one day but whatever, it sure is teeny!

Original Code


Set objConnection = CreateObject("ADODB.Connection")
Set objCommand =   CreateObject("ADODB.Command")
objConnection.Provider = "ADsDSOObject"
objConnection.Open "Active Directory Provider"
Set objCommand.ActiveConnection = objConnection

objCommand.Properties("Page Size") = 1000
objCommand.Properties("Searchscope") = ADS_SCOPE_SUBTREE

objCommand.CommandText = _
    "SELECT distinguishedName FROM 'LDAP://dc=fabrikam,dc=com' “ & _
        "WHERE objectCategory='user' " & _
            "AND sAMAccountName='kenmyer'"
Set objRecordSet = objCommand.Execute

Do Until objRecordSet.EOF
    strDN = objRecordSet.Fields("distinguishedName").Value
    arrPath = Split(strDN, ",")
    intLength = Len(arrPath(1))
    intNameLength = intLength - 3
    Wscript.Echo Right(arrPath(1), intNameLength)

Shortened down to 7 lines and 1 object

Set rs = CreateObject("adodb.recordset")
  Connstring = "Provider=ADsDSOObject"
  strSQL = "SELECT distinguishedName FROM 'LDAP://dc=fabrikam,dc=com' WHERE objectCategory='user' AND sAMAccountName='kenmyer'"
  rs.Open strSQL, Connstring
    if not rs.eof and not rs.bof Then fullPath = rs("distinguishedName")
Set rs = Nothing

Chrissy is a PowerShell MVP who has worked in IT for nearly 20 years, and currently serves as a Sr. Database Engineer in Belgium. Always an avid scripter, she attended the Monad session at Microsoft’s Professional Developers Conference in Los Angeles back in 2005 and has worked and played with PowerShell ever since. Chrissy is currently pursuing an MS in Systems Engineering at Regis University and helps maintain in her spare time. She holds a number of certifications, including those relating to SQL Server, SuSE Linux, SharePoint and network security. She recently became co-lead of the SQL PASS PowerShell Virtual Chapter. You can follow her on Twitter at @cl.

Posted in Active Directory, VBScript
2 comments on “AD: Quickly Determine OU of User using VBScript
  1. El Puño says:

    This is faster routine I use :

    1 – Get the Adspath of the user and put it in UserAdsPath

    ResultArray = Split(Replace(UserAdsPath, “LDAP://”, “”), “,”)

    ResultArray(0) is the CN name
    ResultArray(1) is the OU the user belongs to

    regards from El Puño, Denmark

    • Jorge says:

      Such, I wanted to consult you how serious this case ?. Thanks in advance for the help.


      ‘ Usage:
      ‘ cscript //Nologo userinfo.vbs

      ‘ List User properties as displayed in ADUC

      On Error Resume Next
      Dim objSysInfo, objUser
      Set objSysInfo = CreateObject(“ADSystemInfo”)

      ‘ Currently logged in User
      Set objUser = GetObject(“LDAP://” & objSysInfo.UserName)
      ‘ or specific user:
      ‘Set objUser = GetObject(“LDAP://CN=johndoe,OU=Users,DC=ss64,DC=com”)

      ‘WScript.Echo “DN: ” & objUser.distinguishedName

      ResultArray = Split(Replace(UserAdsPath, “LDAP://”, “”), “,”)

      WScript.Echo ResultArray(0)
      WScript.Echo ResultArray(1)

Leave a Reply

Your email address will not be published. Required fields are marked *