![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(140.8, 73%, 23%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3ESM%3C/text%3E%3C/svg%3E)
Active Directory
A set of directory-based technologies included in Windows Server.
6,645 questions
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(128, 94%, 22%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EIX%3C/text%3E%3C/svg%3E)
Hi,
You can get the OUs as follows
$OUs = Get-ADOrganizationalUnit -Filter * | Where-Object {Get-ADObject -SearchBase $_.DistinguishedName -SearchScope OneLevel -Filter *}|
Where-Object {([array](Get-ADObject -SearchBase $_.DistinguishedName -SearchScope OneLevel -Filter {ObjectClass -ne 'computer'})).count -eq 0}
There is a provider of Active Directory and the Get-Acl cmdlet can get the ACL objects for you.
Set-Location AD:
(Get-Acl -Path $OU.DistinguishedName).Access
This link can be helpful.
https://devblogs.microsoft.com/scripting/use-powershell-to-explore-active-directory-security/
Best Regards,
Ian Xue
============================================
If the Answer is helpful, please click "Accept Answer" and upvote it.
Note: Please follow the steps in our documentation to enable e-mail notifications if you want to receive the related email notification for this thread.