As an IT administrator or systems engineer, one of the most common Active Directory (AD) management tasks is identifying which Organizational Unit (OU) a computer belongs to.
In this tutorial, I’ll explain to you multiple methods to find a computer’s OU using PowerShell.
What Is an OU?
An Organizational Unit (OU) in Active Directory is a container used to organize users, computers, groups, and other objects logically. OUs help administrators apply Group Policy Objects (GPOs) and delegate permissions efficiently.
For example:
OU=Workstations,OU=NewYork,DC=Company,DC=localIn this distinguished name (DN):
OU=Workstationsis the computer’s OU.OU=NewYorkis the parent OU.DC=Company,DC=localis the domain.
Now, let’s explore how to find this OU using PowerShell.
Before running any of the commands below, ensure that:
- You have Active Directory PowerShell module installed.
- Install it via RSAT or use:
Add-WindowsFeature RSAT-AD-PowerShell
- Install it via RSAT or use:
- You are running PowerShell as an administrator.
- You are logged in with domain credentials that have permission to query AD.
Check out Delete User Profiles Using PowerShell in Windows 11
Method 1: Using Get-ADComputer
The simplest and most direct way to find a computer’s OU is by using the Get-ADComputer cmdlet in PowerShell. This cmdlet queries Active Directory for computer objects and returns their properties, including the DistinguishedName, which contains the OU path.
Let me show you a few examples.
Example 1: Find OU of a Single Computer
Here is the PowerShell script to find the OU of a single computer.
Get-ADComputer -Identity "PC-12345" | Select-Object DistinguishedNameExplanation:
-Identityspecifies the computer name.- The
DistinguishedNameproperty shows the full AD path, including the OU.
Example Output:
DistinguishedName : CN=PC-12345,OU=Workstations,OU=NewYork,DC=Company,DC=localFrom this, we can see that the computer “PC-12345” resides in the Workstations OU under NewYork.
Example 2: Extract Only the OU Path
If you only want the OU portion (not the CN or DC parts), you can use a little PowerShell string manipulation:
$dn = (Get-ADComputer -Identity "PC-12345").DistinguishedName
$ou = ($dn -split ",CN=")[0] -replace "^CN=.*?,", ""
$ouThis command extracts and displays only the OU hierarchy.
Read Track User Login History on Windows Using PowerShell
Method 2: Using Get-ADComputer with -Properties
By default, Get-ADComputer returns limited properties. You can expand the output by adding the -Properties * parameter.
Here is an example.
Get-ADComputer -Identity "PC-12345" -Properties * | Select-Object Name, DistinguishedName, CanonicalNameExplanation:
-Properties *retrieves all available AD attributes.CanonicalNamegives a more readable format, e.g.:Company.local/NewYork/Workstations/PC-12345
This makes it easier to visually identify the OU path.
Check out Set the Default Printer Using PowerShell in Windows
Method 3: Finding OU for Multiple Computers
In enterprise environments, you often need to find OUs for multiple computers simultaneously. You can do this by combining Get-ADComputer with ForEach-Object.
Here is an example.
Example 1: Using a List of Computer Names
$computers = Get-Content "C:\computers.txt"
foreach ($comp in $computers) {
$obj = Get-ADComputer -Identity $comp -ErrorAction SilentlyContinue
if ($obj) {
[PSCustomObject]@{
ComputerName = $obj.Name
OUPath = ($obj.DistinguishedName -split ",",2)[1]
}
}
} | Export-Csv "C:\Computer_OUs.csv" -NoTypeInformationExplanation:
- Reads computer names from a text file.
- Queries each computer in AD.
- Extracts the OU path and exports results to a CSV file.
This is ideal for auditing or inventory reports.
Check out Set Password for Local User in Windows 11 Using PowerShell
Method 4: Using Get-ADOrganizationalUnit for Targeted Searches
If you want to find all computers within a specific OU, you can combine Get-ADOrganizationalUnit with Get-ADComputer.
Let me show you an example.
Example:
$ou = "OU=Workstations,OU=NewYork,DC=Company,DC=local"
Get-ADComputer -SearchBase $ou -Filter * | Select-Object Name, DistinguishedNameExplanation:
-SearchBaselimits the search to a specific OU.-Filter *retrieves all computers within that OU.
This method is great for OU-based filtering — for example, listing all computers in your “Servers” or “RemoteOffices” OUs.
Check out How to Set the Time Zone Using PowerShell in Windows
Method 5: Using Get-ADObject (Alternative Approach)
If for some reason you don’t have Get-ADComputer available (e.g., using older systems), you can use the more generic Get-ADObject.
Get-ADObject -Filter {ObjectClass -eq "computer" -and Name -eq "PC-12345"} | Select-Object DistinguishedNameExplanation:
Get-ADObjectcan query any AD object type.- The filter ensures only computer objects are returned.
Although less efficient than Get-ADComputer, this method works in restricted environments or legacy systems.
Method 6: Exporting OU Data for All Computers
To generate a full inventory of computers and their OUs, you can run:
Get-ADComputer -Filter * -Properties CanonicalName |
Select-Object Name, CanonicalName |
Export-Csv "C:\All_Computers_OU_List.csv" -NoTypeInformationExplanation:
- Retrieves all computers in AD.
- Exports their name and OU path in a readable format.
- The CSV file can be opened in Excel for reporting or auditing purposes.
This is particularly useful for compliance checks or migration planning.
Read How to Update PowerShell on Windows 11?
Method 7: Using PowerShell Remoting (For Remote Queries)
If you want to check the OU of a remote computer from that system’s context, you can use PowerShell Remoting.
Invoke-Command -ComputerName "PC-12345" -ScriptBlock {
(Get-ADComputer $env:COMPUTERNAME).DistinguishedName
}Explanation:
- Runs the command remotely on the target machine.
- Retrieves the OU based on the computer’s own hostname.
This method is handy for remote diagnostics or automated scripts across multiple machines.
Troubleshooting Common Issues
Now, let me show you some common issues that you might face while running these PowerShell cmdlets.
- Error: “Cannot find an object with identity”
Ensure the computer name is correct and exists in AD. Use Get-ADComputer -Filter * | Select Name to list all computers.
- Error: “The term ‘Get-ADComputer’ is not recognized”
Import the AD module manually by using the below cmdlet:
Import-Module ActiveDirectory- Access Denied
To fix this error, Run PowerShell as Administrator or use credentials:
Get-ADComputer -Identity "PC-12345" -Credential (Get-Credential)Conclusion
In this tutorial, I explained several practical methods to find the Organizational Unit (OU) of a computer using PowerShell. We explored how to use Get-ADComputer, Get-ADObject, and Get-ADOrganizationalUnit to retrieve OU information for single or multiple computers, as well as how to export results for reporting.
Here is a summary:
| Method | Description | Use Case |
|---|---|---|
Get-ADComputer | Basic and most common | Single or few computers |
-Properties CanonicalName | Human-readable path | Reports |
-SearchBase | Filter by OU | OU-specific queries |
| Bulk Export | All computers in AD | Auditing |
| Remoting | Remote queries | Automation |
You may also like the following tutorials:
Bijay Kumar is an esteemed author and the mind behind PowerShellFAQs.com, where he shares his extensive knowledge and expertise in PowerShell, with a particular focus on SharePoint projects. Recognized for his contributions to the tech community, Bijay has been honored with the prestigious Microsoft MVP award. With over 15 years of experience in the software industry, he has a rich professional background, having worked with industry giants such as HP and TCS. His insights and guidance have made him a respected figure in the world of software development and administration. Read more.
