Get Azure AD Users Based On Organizational Unit

Learn how to export a list of Azure AD users based on which OU they belong to in on-premise AD. Yes, on-prem AD!

Getting a list of Azure AD users who belong to a particular organizational unit on-premise is easier than you think. In this article, we will show you how to do just that.

Although Azure has a flat structure and we cannot organize all the objects in various organizational units the way we are used to, we can still pull a list of Azure AD users who belong to a particular OU. The distinguished name of the OU is stored in the extension property named onPremisesDistinguishedName of the Get-AzureADUser.

In order to filter the users from a unique OU within the entire AD, you can use the wildcard & run a command similar to the below.

Get-AzureADUser -All $true | Where-Object {$_.ExtensionProperty.onPremisesDistibguishedName -like “*OU=Cloudiffic-Users*”}

You can give the full DN of the OU if you have multiple OUs with the same name in your on-premise AD.

Get-AzureADUser -All $true | Where-Object {$_.ExtensionProperty.onPremisesDistibguishedName -like “OU=Cloudiffic-Users, OU=Cloudiffic, DC=Cloudiffic, DC=COM”}

Leave a Reply

Your email address will not be published. Required fields are marked *