diff --git a/server/ldap-admin/internal/config/config.go b/server/ldap-admin/internal/config/config.go
index f9f82767..6a0cd74f 100644
--- a/server/ldap-admin/internal/config/config.go
+++ b/server/ldap-admin/internal/config/config.go
@@ -12,10 +12,11 @@ type Config struct {
 	Auth           types.Auth
 	SourceRabbitMq string
 	Ldap           struct {
-		Host     string
-		BindDN   string
-		Password string
-		BaseDN   string
-		RootDN   string
+		Host          string
+		BindDN        string
+		Password      string
+		BaseDN        string
+		RootDN        string
+		PeopleGroupOu string
 	}
 }
diff --git a/server/ldap-admin/internal/logic/getdepartmentslogic.go b/server/ldap-admin/internal/logic/getdepartmentslogic.go
index 226e6a94..d5f40c6b 100644
--- a/server/ldap-admin/internal/logic/getdepartmentslogic.go
+++ b/server/ldap-admin/internal/logic/getdepartmentslogic.go
@@ -42,10 +42,14 @@ type DNItem struct {
 
 func (l *GetDepartmentsLogic) GetDepartments(req *types.Request, userinfo *auth.UserInfo) (resp *basic.Response) {
 	//从ldap获取组织架构数据
+	rootCn := strings.Split(l.svcCtx.Config.Ldap.RootDN, ",")
+	if len(rootCn) == 0 {
+		return resp.SetStatusWithMessage(basic.CodeServiceErr, "root dn is not set")
+	}
 	searchRequest := ldap.NewSearchRequest(
 		l.svcCtx.Config.Ldap.BaseDN, //这里后续需要修改，不同的人只能查询他的下属列表
 		ldap.ScopeWholeSubtree, ldap.NeverDerefAliases, 0, 0, false,
-		"(objectClass=*)", //所有object
+		"(&(objectClass=*)(!(ou="+l.svcCtx.Config.Ldap.PeopleGroupOu+"))(!("+rootCn[0]+")))", //所有object但是不包括people以及root用户
 		nil,
 		nil,
 	)
@@ -59,9 +63,9 @@ func (l *GetDepartmentsLogic) GetDepartments(req *types.Request, userinfo *auth.
 	//每个DN存入map
 	for _, v := range searchResult.Entries {
 		//如果是root用户则跳过
-		if v.DN == l.svcCtx.Config.Ldap.RootDN {
+		/*if v.DN == l.svcCtx.Config.Ldap.RootDN {
 			continue
-		}
+		}*/
 		sortNum++
 		attribute := make(map[string]interface{})
 		for _, attr := range v.Attributes {