AD: Quickly Determine OU of User using VBScript

I’m working on a few Active Directory scripts that require knowing the full path or “distinguished name” of the user object. All I know initially is the username and domain name and I found a script at Hey, Scripting Guy! that is really useful — it searches AD for the user’s OU information. The only problem I had with the script is that it was properly done and thus, really long. At 26 lines, give or take, it cluttered my code so I decided to cut it down drastically. It’s likely that my code isn’t efficient and will probably take down the server one day but whatever, it sure is teeny!

Original Code


Set objConnection = CreateObject("ADODB.Connection")
Set objCommand =   CreateObject("ADODB.Command")
objConnection.Provider = "ADsDSOObject"
objConnection.Open "Active Directory Provider"
Set objCommand.ActiveConnection = objConnection

objCommand.Properties("Page Size") = 1000
objCommand.Properties("Searchscope") = ADS_SCOPE_SUBTREE

objCommand.CommandText = _
    "SELECT distinguishedName FROM 'LDAP://dc=fabrikam,dc=com' “ & _
        "WHERE objectCategory='user' " & _
            "AND sAMAccountName='kenmyer'"
Set objRecordSet = objCommand.Execute

Do Until objRecordSet.EOF
    strDN = objRecordSet.Fields("distinguishedName").Value
    arrPath = Split(strDN, ",")
    intLength = Len(arrPath(1))
    intNameLength = intLength - 3
    Wscript.Echo Right(arrPath(1), intNameLength)

Shortened down to 7 lines and 1 object

Set rs = CreateObject("adodb.recordset")
  Connstring = "Provider=ADsDSOObject"
  strSQL = "SELECT distinguishedName FROM 'LDAP://dc=fabrikam,dc=com' WHERE objectCategory='user' AND sAMAccountName='kenmyer'"
  rs.Open strSQL, Connstring
    if not rs.eof and not rs.bof Then fullPath = rs("distinguishedName")
Set rs = Nothing

Chrissy is a Cloud and Datacenter Management & Data Platform MVP who has worked in IT for over 20 years. She is the creator of the popular SQL PowerShell module dbatools, holds a master's degree in Systems Engineering and is coauthor of Learn dbatools in a Month of Lunches. Chrissy is certified in SQL Server, Linux, SharePoint and network security. You can follow her on Twitter at @cl.

Posted in Active Directory, VBScript
2 comments on “AD: Quickly Determine OU of User using VBScript
  1. El Puño says:

    This is faster routine I use :

    1 – Get the Adspath of the user and put it in UserAdsPath

    ResultArray = Split(Replace(UserAdsPath, “LDAP://”, “”), “,”)

    ResultArray(0) is the CN name
    ResultArray(1) is the OU the user belongs to

    regards from El Puño, Denmark

    • Jorge says:

      Such, I wanted to consult you how serious this case ?. Thanks in advance for the help.


      ‘ Usage:
      ‘ cscript //Nologo userinfo.vbs

      ‘ List User properties as displayed in ADUC

      On Error Resume Next
      Dim objSysInfo, objUser
      Set objSysInfo = CreateObject(“ADSystemInfo”)

      ‘ Currently logged in User
      Set objUser = GetObject(“LDAP://” & objSysInfo.UserName)
      ‘ or specific user:
      ‘Set objUser = GetObject(“LDAP://CN=johndoe,OU=Users,DC=ss64,DC=com”)

      ‘WScript.Echo “DN: ” & objUser.distinguishedName

      ResultArray = Split(Replace(UserAdsPath, “LDAP://”, “”), “,”)

      WScript.Echo ResultArray(0)
      WScript.Echo ResultArray(1)

Leave a Reply

Your email address will not be published. Required fields are marked *