AD: Quickly Determine OU of User using VBScript

I’m working on a few Active Directory scripts that require knowing the full path or “distinguished name” of the user object. All I know initially is the username and domain name and I found a script at Hey, Scripting Guy! that is really useful — it searches AD for the user’s OU information. The only problem I had with the script is that it was properly done and thus, really long. At 26 lines, give or take, it cluttered my code so I decided to cut it down drastically. It’s likely that my code isn’t efficient and will probably take down the server one day but whatever, it sure is teeny!


Set objConnection = CreateObject(“ADODB.Connection”)
Set objCommand = CreateObject(“ADODB.Command”)
objConnection.Provider = “ADsDSOObject”
objConnection.Open “Active Directory Provider”
Set objCommand.ActiveConnection = objConnection

objCommand.Properties(“Page Size”) = 1000
objCommand.Properties(“Searchscope”) = ADS_SCOPE_SUBTREE

objCommand.CommandText = _
“SELECT distinguishedName FROM ‘LDAP://dc=fabrikam,dc=com’ “ & _
“WHERE objectCategory=’user’ ” & _
“AND sAMAccountName=’kenmyer'”
Set objRecordSet = objCommand.Execute

Do Until objRecordSet.EOF
strDN = objRecordSet.Fields(“distinguishedName”).Value
arrPath = Split(strDN, “,”)
intLength = Len(arrPath(1))
intNameLength = intLength – 3
Wscript.Echo Right(arrPath(1), intNameLength)

Set rs = CreateObject(“adodb.recordset”)
Connstring = “Provider=ADsDSOObject”
strSQL = “SELECT distinguishedName FROM ‘LDAP://dc=fabrikam,dc=com’ WHERE objectCategory=’user’ AND sAMAccountName=’kenmyer'”
rs.Open strSQL, Connstring
if not rs.eof and not rs.bof Then fullPath = rs(“distinguishedName”)
Set rs = Nothing

Chrissy is a Cloud and Datacenter Management & Data Platform MVP who has worked in IT for over 20 years. She is the creator of the popular SQL PowerShell module dbatools, holds a master's degree in Systems Engineering and is coauthor of Learn dbatools in a Month of Lunches. Chrissy is certified in SQL Server, Linux, SharePoint and network security. You can follow her on Twitter at @cl.

Posted in Active Directory, VBScript
2 comments on “AD: Quickly Determine OU of User using VBScript
  1. El Puño says:

    This is faster routine I use :

    1 – Get the Adspath of the user and put it in UserAdsPath

    ResultArray = Split(Replace(UserAdsPath, “LDAP://”, “”), “,”)

    ResultArray(0) is the CN name
    ResultArray(1) is the OU the user belongs to

    regards from El Puño, Denmark

    • Jorge says:

      Such, I wanted to consult you how serious this case ?. Thanks in advance for the help.


      ‘ Usage:
      ‘ cscript //Nologo userinfo.vbs

      ‘ List User properties as displayed in ADUC

      On Error Resume Next
      Dim objSysInfo, objUser
      Set objSysInfo = CreateObject(“ADSystemInfo”)

      ‘ Currently logged in User
      Set objUser = GetObject(“LDAP://” & objSysInfo.UserName)
      ‘ or specific user:
      ‘Set objUser = GetObject(“LDAP://CN=johndoe,OU=Users,DC=ss64,DC=com”)

      ‘WScript.Echo “DN: ” & objUser.distinguishedName

      ResultArray = Split(Replace(UserAdsPath, “LDAP://”, “”), “,”)

      WScript.Echo ResultArray(0)
      WScript.Echo ResultArray(1)

Leave a Reply