OU Management with the Nodinite LDAP Web API
Comprehensive Organizational Unit (OU) management operations for LDAP directories using the Nodinite LDAP Web API. This page covers all 6 OU-specific operations with detailed XML examples.
✅ CRUD Operations: Select, Create, Update, Delete OUs
✅ Reorganization: Rename and Move OUs within directory structure
✅ Hierarchy Management: Create nested OU structures programmatically
✅ Batch Support: Process multiple OUs in single operations
✅ Flexible Queries: Use searchFilter for precise OU targeting
Overview
OrganizationalUnit operations are available in the Operations section of the OrganizationalUnit record within the request message. All operations utilize the With record to define search criteria and scope.
The OU-related operations are structured in the request schema under the OrganizationalUnit entity type.
Operations Summary
| Operation | Description | Multiple Records |
|---|---|---|
| Select | Retrieve OU records from LDAP | ✅ Yes |
| Create | Create new OU with properties | ❌ No |
| Update | Update existing OU properties | ✅ Yes |
| Delete | Delete OU and all children | ✅ Yes |
| Rename | Rename OU (CN part) | ❌ No |
| MoveTo | Move OUs to different location | ✅ Yes |
Select
The Select operation retrieves OrganizationalUnit objects from the LDAP catalog using the search criteria provided in the With record.
Example: Select all OUs beginning with 'Old'
<ns0:LDAP xmlns:ns0="http://integrationsoftware.se/BizTalk/Adapters/LDAP/Request/1.0">
<Batches guid="67A6C24E-4282-4C87-AAE9-344C871531E9" returnReponseMessageOnExceptions="true">
<Batch guid="2B25B9E6-4AF2-4094-9AE7-E1E4C99B6C8D">
<OrganizationalUnit>
<With DC="DC=ibiz,DC=local" searchScope="Subtree" expectedMatchCount="*"
searchFilter="(name=Old*)"/>
<Operations>
<Select/>
</Operations>
</OrganizationalUnit>
</Batch>
</Batches>
</ns0:LDAP>
💡 Tip: Use
searchScope="Subtree"to search recursively down the directory tree.
Create
The Create operation creates a new OrganizationalUnit within the location found using the With record search criteria.
Attributes
name (required)
The name of the OU to be created.
allowUpdateIfExists (optional)
Allow the OU to be updated with the properties collection content if the OU already exists. When false (default), the create operation will fail if the OU already exists.
Properties Element
The name-value pair collection with attributes for the OU object to be set by the operation.
Example: Create a nested OU with allowUpdateIfExists
<ns0:LDAP xmlns:ns0="http://integrationsoftware.se/BizTalk/Adapters/LDAP/Request/1.0">
<Batches guid="50CAC759-345A-479A-98AF-95B9FB515C8A" returnReponseMessageOnExceptions="true">
<Batch guid="2B25B9E6-4AF2-4094-9AE7-E1E4C99B6C8D">
<OrganizationalUnit>
<With OU="OU=Old hackers" DC="DC=ibiz,DC=local" searchScope="Base"
expectedMatchCount="1"/>
<Operations>
<Create name="3l1t hackers3" allowUpdateIfExists="true">
<Properties>
<Property name="description" value="secret society."/>
</Properties>
</Create>
</Operations>
</OrganizationalUnit>
</Batch>
</Batches>
</ns0:LDAP>
📌 Note: The
allowUpdateIfExistsflag enables idempotent OU creation - useful for automated provisioning scripts.
Update
The Update operation modifies existing OU properties for one or multiple OUs returned by the query.
Properties Element
The attributes to be updated are provided in the name-value properties collection.
Example: Update OU description
<ns0:LDAP xmlns:ns0="http://integrationsoftware.se/BizTalk/Adapters/LDAP/Request/1.0">
<Batches guid="50CAC759-345A-479A-98AF-95B9FB515C8A" returnReponseMessageOnExceptions="true">
<Batch guid="2B25B9E6-4AF2-4094-9AE7-E1E4C99B6C8D">
<OrganizationalUnit>
<With OU="OU=Old hackers" DC="DC=ibiz,DC=local" searchScope="Base"
expectedMatchCount="1"/>
<Operations>
<Update>
<Properties>
<Property name="description" value="Other secret society."/>
</Properties>
</Update>
</Operations>
</OrganizationalUnit>
</Batch>
</Batches>
</ns0:LDAP>
📌 Note: The response shows data before and after the operation for verification.
Delete
The Delete operation removes the OU and all its children from the LDAP catalog.
⚠️ Warning: This operation deletes the OU and recursively removes all child objects (users, groups, nested OUs). Use
expectedMatchCountcarefully to prevent unintended deletions.
Example: Delete a specific OU
<ns0:LDAP xmlns:ns0="http://integrationsoftware.se/BizTalk/Adapters/LDAP/Request/1.0">
<Batches guid="EC117D12-3B90-42C0-AF52-B1501623A637" returnReponseMessageOnExceptions="true">
<Batch guid="2B25B9E6-4AF2-4094-9AE7-E1E4C99B6C8D">
<OrganizationalUnit>
<With OU="OU=happy hackers,OU=Old hackers" DC="DC=ibiz,DC=local" searchScope="Base"
expectedMatchCount="1"/>
<Operations>
<Delete/>
</Operations>
</OrganizationalUnit>
</Batch>
</Batches>
</ns0:LDAP>
The response SearchResult displays the OU found for deletion, and the operation result confirms deletion with details about removed objects.
Rename
The Rename operation changes the name of an OU. The target name must not already exist, or the operation will fail.
Attributes
name (required)
The new name for the OU object.
⚠️ Warning: The target name must be unique. If an OU with the new name already exists, the operation will fail.
Example: Rename an OU
<ns0:LDAP xmlns:ns0="http://integrationsoftware.se/BizTalk/Adapters/LDAP/Request/1.0">
<Batches guid="E9DAB4D9-757B-4C2A-9372-93C2F80F3EA0" returnReponseMessageOnExceptions="true">
<Batch guid="2B25B9E6-4AF2-4094-9AE7-E1E4C99B6C8D">
<OrganizationalUnit>
<With OU="OU=3l1t hackers,OU=Old hackers" DC="DC=ibiz,DC=local" searchScope="Base"
expectedMatchCount="1"/>
<Operations>
<Rename name="3l1t hackers2"/>
</Operations>
</OrganizationalUnit>
</Batch>
</Batches>
</ns0:LDAP>
💡 Tip: The response displays the OU with data before and after the update. Use
returnPropertiesto limit the number of attributes returned.
MoveTo
The MoveTo operation moves OUs found by the With search criteria to the destination location specified in the operation arguments.
Attributes
DC (required)
Domain Component for the destination.
OU (required)
Organizational Unit path for the destination.
CN (optional)
Common Name for the destination (rarely used for OU moves).
✅ Feature: Multiple records are supported in a single request. For example, you can move all OUs beginning with 'A*' from anywhere in the tree to a specific destination.
Example: Move one OU into another OU
<ns0:LDAP xmlns:ns0="http://integrationsoftware.se/BizTalk/Adapters/LDAP/Request/1.0">
<Batches guid="2B25B9E6-4AF2-4094-9AE7-E1E4C99B6C8E">
<Batch transactionScopeOption="Required" continueOnError="false"
guid="2B25B9E6-4AF2-4094-9AE7-E1E4C99B6C8D">
<OrganizationalUnit>
<With OU="OU=happy customers,OU=Old hackers" DC="DC=ibiz,DC=local" searchScope="Base"
expectedMatchCount="1"/>
<Operations>
<MoveTo OU="OU=3l1t hackers2,OU=Old hackers" DC="DC=ibiz,DC=local"/>
</Operations>
</OrganizationalUnit>
</Batch>
</Batches>
</ns0:LDAP>
📌 Note: When moving an OU, all child objects (users, groups, nested OUs) move with it, maintaining the hierarchy.
Common Use Cases
Directory Restructuring
Use MoveTo and Rename operations to reorganize your directory structure without recreating objects or breaking references.
Automated Provisioning
Combine Create with allowUpdateIfExists to build idempotent provisioning scripts that can be safely re-executed.
Cleanup & Decommissioning
Use Select with searchFilter to identify OUs matching specific patterns, then Delete to remove obsolete organizational structures.
Multi-Tenant Management
Create hierarchical OU structures for each tenant or department, then use Select to query tenant-specific information.
Disaster Recovery
Query existing OU structures with Select, document the hierarchy, and use Create to rebuild structures in recovery scenarios.
Next Step
- Review the Request Schema for complete message structure
- Explore the Response Schema for understanding operation results
- Learn about User Management for populating OUs with users
- Learn about Group Management for OU-based group organization
- Check Logging for troubleshooting and auditing