Active Directory Organizational Unit (OU) (Create, Manage, Delete, Query)
Use the Active Directory Organizational Unit (OU) Tasks to create an Active Directory Organizational Unit; or to change, delete or query all Organizational Units:
- in a specific Active Directory folder (optionally including subfolders).
- with an OU name that matches a specific wildcard pattern.
- without any objects.
With Create Active Directory Organizational Unit, you can create an Active Directory Organizational Unit with a specific name in a specific Active Directory folder.
With Manage Active Directory Organizational Unit, you can set and change the properties of Organizational Units:
- Zip/Postal Code
- Name (only for single OUs)
For example: you can target a group of Active Directory Organizational Units and change their address and location.
With Delete Active Directory Organizational Unit, you can delete Active Directory Organizational Units. Combined with the filter on Active Directory Organizational Units without any objects, for example, you can use this Task to clean up unused Active Directory Organizational Units.
With Query Active Directory Organizational Unit, you can obtain overviews of all Active Directory Organizational Units, filtered by Active Directory folder, OU property, OU name or empty folder. Per Agent, the detailed Job results show all the queried Organizational Unit Properties.
The query results shows the total number of Organizational Units. Per Organizational Unit, the detailed results show all the queried Organizational Unit properties.
- If you are going to run the Task on a Domain controller, you can leave the Domain controller field on the Settings tab empty and select Local Agent (domain controller) instead.
- In the Filter by property field, use wildcards only in combination with the operators LIKE and NOT LIKE.
When you configure a Task to change or delete Active Directory Organizational Units that match a set of criteria, there is a risk that more Active Directory Organizational Units are targeted than expected. By selecting the option Fail this Task if the number of items affected exceeds [x], you can create a safety net that prevents undesired results.
When you browse for a specific OU, this information is pasted automatically in the relevant field and takes the following format: OU=IT,OU=Amsterdam,OU=Netherlands,DC=d-energy,DC=local. However, if you set a parameter in this field, the data will have to be provided at the moment of input - in the correct format. To provide an example of the format, copy a sample path and paste it as the default value for the relevant parameter. With the Input setting Show previous value, the example will be shown whenever input is required for the parameter.
- The execution speed of Active Directory Queries may depend on the number of additional Active Directory properties that are to be reported in the query. On the Computer Properties tab, you can select a maximum number of 90 Active Directory properties.
- When browsing for an Organizational Unit, the list of Organizational Units that is shown depends on the Security context and the Domain controller. If the Domain controller field is empty, the list of Organizational Units depends on the Domain.
- The filter on empty Organizational Units also targets Organizational Units that only contain other Organizational Units that are also empty. For example, you could have an Organizational Unit A, which contains Organizational Unit B, which in turn contains Organizational Unit C. If none of these Organizational Units contain any other objects, then all three Organizational Units will be targeted by a Task that filters on empty Organizational Units.
- It is possible to abort long running Active Directory Query Tasks. It may take around 10 seconds for the abort to be detected by the Agent, after which the Job will fail with status Aborted. Long running Active Directory Tasks that update, move or delete Active Directory objects cannot be aborted - the Task will always run until it is completed.