Hi Guys,

Basically what we have is a production domain and a dev domain.

I have mirrored to OU structure identically, but many of the User accounts have been created in dirrering areas.

I have done an export of all the users selecting the sAMAccountName, UserPrincipalName, and OU from the distinguoshedname, using @{n='ParentContainer';e={$_.distinguishedname -replace '^.+?,(CN|OU.+)','$1'} and exported to CSV.

I was just wondring if anyone could help me with a script to move the AD Users in the CSV in the dev enviroment to the location in the same CSV, so to mirror both AD environments.

Thanks in advance

Si

Hi,

Look into Move-ADObject:

http://ss64.com/ps/move-adobject.html

OK, so I exported the following information from the production environmrnt by using -

$users = Get-ADUser -Filter {(name -like '*(admin)*') -And (enabled -eq 'true')} | Select-Object sAMAccountName, Surname, UserPrincipalName, distinguishedname, @{n='ParentContainer';e={$_.distinguishedname -replace '^.+?,(CN|OU.+)','$1'}} | export-csv c:\temp\admins.csv

Which got me the export I need.

Could anyone tell me where I am going wrong with the following to move the users to the correct OU -

$csvPath = "C:\temp\admins.csv"
   $MoveUsers = Import-Csv $csvPath | ForEach-Object {
    # Specify target OU.
    $TargetOU = $MoveUsers.ParentContainer
    # Retrieve DN of User.
    $UserDN = Get-ADUser -Identity $MoveUsers.distinguishedName
    # Move user to target OU.
    Move-ADObject -Identity $UserDN -TargetPath $TargetOU
}

This is the error I am receicing back -

Get-ADUser : Cannot validate argument on parameter 'Identity'. The argument is null. Provide a valid value for
the argument, and then try running the command again.
At C:\temp\bulkmoveOU.ps1:6 char:36
+     $UserDN = Get-ADUser -Identity $MoveUsers.distinguishedName
+                                    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    + CategoryInfo          : InvalidData: (:) [Get-ADUser], ParameterBindingValidationException
    + FullyQualifiedErrorId : ParameterArgumentValidationError,Microsoft.ActiveDirectory.Management.Commands.Ge
   tADUser
 
Move-ADObject : Cannot validate argument on parameter 'Identity'. The argument is null. Provide a valid value
for the argument, and then try running the command again.
At C:\temp\bulkmoveOU.ps1:8 char:29
+     Move-ADObject -Identity $UserDN -TargetPath $TargetOU
+                             ~~~~~~~
    + CategoryInfo          : InvalidData: (:) [Move-ADObject], ParameterBindingValidationException
    + FullyQualifiedErrorId : ParameterArgumentValidationError,Microsoft.ActiveDirectory.Management.Commands.Mo

You're using a ForEach-Object loop, so you need to use $_ as the variable for the current item in the loop. $MoveUsers is not needed.

I do not understand why new user of Windows always complicate the hell out of everything.  They always like to create new variables and reassing existing variables and add numerous silly and useless comments.  After that they write one line of code that they do not understand.

Why???

This is al you need:

Import-Csv $csvPath | 
    ForEach-Object {
        Move-ADObject -Identity $_.ParentContainer -TargetPath $_.ParentContainer
    }

Remember KISS the principal.  Live by it!

Thanks, that worked a treat. Just apart from the users that have the "Protect Object from accidental deletion" ticked which I still get access denied. Well that's a start at least.