Home » IT - Microsoft » Count the object types in the Active Directory forest

Count the object types in the Active Directory forest

Escribe tu dirección de correo electrónico para suscribirte a este blog, y recibir notificaciones de nuevos mensajes por correo.

Join 5 other followers

March 2016
« Feb   May »



All messages posted to this blog are provided "AS IS" with no warranties, and confer no rights. The content of this site are personal opinions and might not represent the Microsoft Corporation view. Regarding any sample code that we provide: This Sample Code is provided for the purpose of illustration only and is not intended to be used in a production environment. THIS SAMPLE CODE AND ANY RELATED INFORMATION ARE PROVIDED "AS IS" WITHOUT WARRANTY OF ANY KIND, EITHER EXPRESSED OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE IMPLIED WARRANTIES OF MERCHANTABILITY AND/OR FITNESS FOR A PARTICULAR PURPOSE. This blog serves 2 purposes. Firstly, I want to share information with other IT pros about the technologies we work with and how to solve problems we often face. Secondly, I use my blog as a notebook. There's so much to learn and remember in our jobs that it's impossible to keep up. By blogging, I have a notebook that I can access from anywhere. Anything you do to your IT infrastructure, applications, services, computer or anything else is 100% down to your own responsibility and liability. Mcselles bears no responsibility or liability for anything you do. Please independently confirm anything you read on this blog before doing whatever you decide to do.

You can use this script if you want to count the object types in the Active Directory forest. The script performs these steps:

  • list the domain name in the current Active Directory forest
  • get the Active Directory forest level mode
  • for each domain, the script counts the following object types :
    • User
    • Contact
    • Security group
    • Distribution lists
    • Computer
    • Server
    • Domain Controller
    • Organizational unit
    • Group policy
  • the result output is sent to a csv file located in the folder “c:\temp”

#Get Domain List
$objForest = [System.DirectoryServices.ActiveDirectory.Forest]::GetCurrentForest()
$DomainList = @($objForest.Domains | Select-Object Name,DomainMode)
$fct_lvl_mode_Forest = $objForest.ForestMode

$array = @()
#Act on each domain
foreach($Domain in $DomainList){
    $Domain_name = $Domain.Name
    $fct_lvl_mode_Domain = $Domain.DomainMode
    Write-Host "Checking $Domain_name" -fore red
    $ADsPath = [ADSI]"LDAP://$Domain_name"
    $objSearcher = New-Object System.DirectoryServices.DirectorySearcher($ADsPath)
    $objSearcher.Pagesize = 100000
    $objSearcher.SearchScope = "Subtree"

    $objSearcher.Filter = "(&(objectCategory=person)(objectClass=user))"
     $colResults = $objSearcher.FindAll()
    $cnt_user = $colResults.count

    $objSearcher.Filter = "(objectClass=contact)"
     $colResults = $objSearcher.FindAll()
    $cnt_contact = $colResults.count

    #Security Group
    $objSearcher.Filter = "(groupType:1.2.840.113556.1.4.803:=2147483648)"
     $colResults = $objSearcher.FindAll()
    $cnt_group = $colResults.count

    #Distribution Group
    $objSearcher.Filter = "(&(objectCategory=group)(!(groupType:1.2.840.113556.1.4.803:=2147483648)))"
     $colResults = $objSearcher.FindAll()
    $cnt_dl = $colResults.count

    $objSearcher.Filter = "(&(objectCategory=computer)(!(operatingSystem=*server*)))"
     $colResults = $objSearcher.FindAll()
    $cnt_computer = $colResults.count

    $objSearcher.Filter = "(&(objectCategory=computer)(operatingSystem=*server*)(!(userAccountControl:1.2.840.113556.1.4.803:=8192)))"
     $colResults = $objSearcher.FindAll()
    $cnt_server = $colResults.count

    $objSearcher.Filter = "(&(objectCategory=computer)(userAccountControl:1.2.840.113556.1.4.803:=8192))"
     $colResults = $objSearcher.FindAll()
    $cnt_dc = $colResults.count

    $objSearcher.Filter = "(objectCategory=organizationalUnit)"
     $colResults = $objSearcher.FindAll()
    $cnt_ou = $colResults.count

    $objSearcher.Filter = "(objectCategory=groupPolicyContainer)"
     $colResults = $objSearcher.FindAll()
    $cnt_gpo = $colResults.count

    $Properties = @{domain=$Domain_name;domain_mode=$fct_lvl_mode_Domain;forest_mode=$fct_lvl_mode_Forest;user=$cnt_user;contact=$cnt_contact;group=$cnt_group;dl=$cnt_dl;workstation=$cnt_computer;server=$cnt_server;dc=$cnt_dc;ou=$cnt_ou;gpo=$cnt_gpo}
    $Newobject = New-Object PSObject -Property $Properties
    $array +=$newobject

$array | ConvertTo-Csv -NoTypeInformation -Delimiter ";" | Foreach-Object {$_ -replace ‘"’, ”} | Out-File "c:\temp\ad_info.csv" -Encoding ASCII

ReferenceActive Directory Service Interfaces
Active Directory Service Interfaces (ADSI) is a set of COM interfaces used to access the features of directory services from different network providers. ADSI is used in a distributed computing environment to present a single set of directory service interfaces for managing network resources. Administrators and developers can use ADSI services to enumerate and manage the resources in a directory service, no matter which network environment contains the resource.
ADSI enables common administrative tasks, such as adding new users, managing printers, and locating resources in a distributed computing environment.

ADSI Edit (adsiedit.msc)
Active Directory® Service Interfaces Editor (ADSI Edit) is a Lightweight Directory Access Protocol (LDAP) editor that you can use to manage objects and attributes in Active Directory. ADSI Edit (adsiedit.msc) provides a view of every object and attribute in an Active Directory forest. You can use ADSI Edit to query, view, and edit attributes that are not exposed through other Active Directory Microsoft Management Console (MMC) snap-ins: Active Directory Users and Computers, Active Directory Sites and Services, Active Directory Domains and Trusts, and Active Directory Schema.

Source: https://www.shellandco.net/count-the-object-types-in-the-active-directory-forest/


Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s

Microsoft on the Issues

News and perspectives on legal, public policy and citizenship topics

Mike Crowley's Whiteboard

“There are no limits to what you can accomplish when you are supposed to be doing something else."


There Be Dragons

Ken Cenerelli

My life in software development

VMware, Windows, Virtualization (Servers & Desktops)

VMware, Windows, Virtualization (Servers & Desktops)

Just a random "Microsoft Server / Client Tech" info..

"Feeding Your Training and Technology Obsessions"


WordPress.com is the best place for your personal blog or business site.


Documentación técnica, notas y apuntes sobre Administración de Sistemas, Servidores, Redes y más

Microsoft Taste

Mary's Blog

%d bloggers like this: