header image

Moving Users in Active Directory

Posted by: | January 6, 2012 | No Comment |

Moving users between OUs in Active Directory is a straight forward task

 

DON’T RUN THIS AS ONE SCRIPT OR ALL BUT THE FIRST MOVE WILL FAIL. COMMENT OUT THE BITS YOU DON’T NEED

if (-not (Get-Module ActiveDirectory)){            
  Import-Module ActiveDirectory            
}            
            
$name = "NEWTON Isaac"            
$ou = "OU=England,DC=Manticore,DC=org"            
$target = "OU=United Kingdom,DC=Manticore,DC=org"            
            
$dn = "cn=$name,$ou"            
            
"`nMicrosoft"            
Get-ADUser -Identity $dn |             
Move-ADObject -TargetPath $target            
            
"`nAD provider"            
Get-ChildItem -Path AD:\$ou |             
where {$_.objectclass -eq "user" -and $_.Name -eq "NEWTON Isaac"} |             
Move-Item -Destination Ad:\$target            
            
"`nQuest"            
Get-QADUser -Identity $name -SizeLimit 3000 |            
Move-QADObject -NewParentContainer $target            
            
            
"`nScript"            
$user = [adsi]"LDAP://$dn"            
$newou = [adsi]"LDAP://$target"            
$user.MoveTo($newou)

For the Microsoft cmdlet & provider and the Quest cmdlet I’ve used the get user code you saw previously and piped it to a move cmdlet.  The Microsoft and Quest cmdlets both have a generic cmdlet for moving AD objects.  Doing it this way has the advantage of being able to test you’ve got the right user & then pipe to move.

The script uses [adsi] to get the user and new OU and then uses the MoveTo() method to perform the move.

 

All of the code I’m showing in this series will be bare bones like this – that way you can take your favourite one & put it in your function rather than me supplying multiple copies of the wrapper code

under: PowerShell and Active Directory