You can use this script if you want to count the object types in the Active Directory forest. The script performs these steps:

  • list the domain name in the current Active Directory forest
  • get the Active Directory forest level mode
  • for each domain, the script counts the following object types :
    • User
    • Contact
    • Security group
    • Distribution lists
    • Computer
    • Server
    • Domain Controller
    • Organizational unit
    • Group policy
  • the result output is sent to a csv file located in the folder “c:\temp”
#Get Domain List
$objForest = [System.DirectoryServices.ActiveDirectory.Forest]::GetCurrentForest()
$DomainList = @($objForest.Domains | Select-Object Name,DomainMode)
$fct_lvl_mode_Forest = $objForest.ForestMode

$array = @() 
 
#Act on each domain
foreach($Domain in $DomainList){
	$Domain_name = $Domain.Name
	$fct_lvl_mode_Domain = $Domain.DomainMode
	
	Write-Host "Checking $Domain_name" -fore red
	$ADsPath = [ADSI]"LDAP://$Domain_name"
	$objSearcher = New-Object System.DirectoryServices.DirectorySearcher($ADsPath)
	$objSearcher.Pagesize = 100000
	$objSearcher.SearchScope = "Subtree"

	#User
	$objSearcher.Filter = "(&(objectCategory=person)(objectClass=user))"
 	$colResults = $objSearcher.FindAll()
	$cnt_user = $colResults.count

	#Contact
	$objSearcher.Filter = "(objectClass=contact)"
 	$colResults = $objSearcher.FindAll()
	$cnt_contact = $colResults.count

	#Security Group
	$objSearcher.Filter = "(groupType:1.2.840.113556.1.4.803:=2147483648)"
 	$colResults = $objSearcher.FindAll()
	$cnt_group = $colResults.count

	#Distribution Group
	$objSearcher.Filter = "(&(objectCategory=group)(!(groupType:1.2.840.113556.1.4.803:=2147483648)))"
 	$colResults = $objSearcher.FindAll()
	$cnt_dl = $colResults.count

	#Computer
	$objSearcher.Filter = "(&(objectCategory=computer)(!(operatingSystem=*server*)))"
 	$colResults = $objSearcher.FindAll()
	$cnt_computer = $colResults.count

	#Server
	$objSearcher.Filter = "(&(objectCategory=computer)(operatingSystem=*server*)(!(userAccountControl:1.2.840.113556.1.4.803:=8192)))"
 	$colResults = $objSearcher.FindAll()
	$cnt_server = $colResults.count

	#DC
	$objSearcher.Filter = "(&(objectCategory=computer)(userAccountControl:1.2.840.113556.1.4.803:=8192))"
 	$colResults = $objSearcher.FindAll()
	$cnt_dc = $colResults.count

	#OU
	$objSearcher.Filter = "(objectCategory=organizationalUnit)"
 	$colResults = $objSearcher.FindAll()
	$cnt_ou = $colResults.count

	#GPO
	$objSearcher.Filter = "(objectCategory=groupPolicyContainer)"
 	$colResults = $objSearcher.FindAll()
	$cnt_gpo = $colResults.count

	$Properties = @{domain=$Domain_name;domain_mode=$fct_lvl_mode_Domain;forest_mode=$fct_lvl_mode_Forest;user=$cnt_user;contact=$cnt_contact;group=$cnt_group;dl=$cnt_dl;workstation=$cnt_computer;server=$cnt_server;dc=$cnt_dc;ou=$cnt_ou;gpo=$cnt_gpo}
	$Newobject = New-Object PSObject -Property $Properties
	$array +=$newobject

} 
$array | ConvertTo-Csv -NoTypeInformation -Delimiter ";" | Foreach-Object {$_ -replace '"', ''} | Out-File "c:\temp\ad_info.csv" -Encoding ASCII

Reference

Active Directory Service Interfaces
Active Directory Service Interfaces (ADSI) is a set of COM interfaces used to access the features of directory services from different network providers. ADSI is used in a distributed computing environment to present a single set of directory service interfaces for managing network resources. Administrators and developers can use ADSI services to enumerate and manage the resources in a directory service, no matter which network environment contains the resource.
ADSI enables common administrative tasks, such as adding new users, managing printers, and locating resources in a distributed computing environment.

ADSI Edit (adsiedit.msc)
Active Directory® Service Interfaces Editor (ADSI Edit) is a Lightweight Directory Access Protocol (LDAP) editor that you can use to manage objects and attributes in Active Directory. ADSI Edit (adsiedit.msc) provides a view of every object and attribute in an Active Directory forest. You can use ADSI Edit to query, view, and edit attributes that are not exposed through other Active Directory Microsoft Management Console (MMC) snap-ins: Active Directory Users and Computers, Active Directory Sites and Services, Active Directory Domains and Trusts, and Active Directory Schema.

Count the object types in the Active Directory forest

Leave a Reply

Your email address will not be published. Required fields are marked *