none
I need to move AD Users from a CSV to OUs from a CSV RRS feed

  • Question

  • Hi Guys,

    Basically what we have is a production domain and a dev domain.

    I have mirrored to OU structure identically, but many of the User accounts have been created in dirrering areas.

    I have done an export of all the users selecting the sAMAccountName, UserPrincipalName, and OU from the distinguoshedname, using @{n='ParentContainer';e={$_.distinguishedname -replace '^.+?,(CN|OU.+)','$1'} and exported to CSV.

    I was just wondring if anyone could help me with a script to move the AD Users in the CSV in the dev enviroment to the location in the same CSV, so to mirror both AD environments.

    Thanks in advance

    Si

    Tuesday, September 1, 2015 10:43 AM

Answers

  • You're using a ForEach-Object loop, so you need to use $_ as the variable for the current item in the loop. $MoveUsers is not needed.

    • Marked as answer by SidLea Tuesday, September 1, 2015 1:56 PM
    Tuesday, September 1, 2015 1:02 PM

All replies

  • Hi,

    Look into Move-ADObject:

    http://ss64.com/ps/move-adobject.html


    Tuesday, September 1, 2015 11:59 AM
  • OK, so I exported the following information from the production environmrnt by using -

    $users = Get-ADUser -Filter {(name -like '*(admin)*') -And (enabled -eq 'true')} | Select-Object sAMAccountName, Surname, UserPrincipalName, distinguishedname, @{n='ParentContainer';e={$_.distinguishedname -replace '^.+?,(CN|OU.+)','$1'}} | export-csv c:\temp\admins.csv

    Which got me the export I need.

    Could anyone tell me where I am going wrong with the following to move the users to the correct OU -

    $csvPath = "C:\temp\admins.csv"
       $MoveUsers = Import-Csv $csvPath | ForEach-Object {
        # Specify target OU.
        $TargetOU = $MoveUsers.ParentContainer
        # Retrieve DN of User.
        $UserDN = Get-ADUser -Identity $MoveUsers.distinguishedName
        # Move user to target OU.
        Move-ADObject -Identity $UserDN -TargetPath $TargetOU
    }

    This is the error I am receicing back -

    Get-ADUser : Cannot validate argument on parameter 'Identity'. The argument is null. Provide a valid value for
    the argument, and then try running the command again.
    At C:\temp\bulkmoveOU.ps1:6 char:36
    +     $UserDN = Get-ADUser -Identity $MoveUsers.distinguishedName
    +                                    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~
        + CategoryInfo          : InvalidData: (:) [Get-ADUser], ParameterBindingValidationException
        + FullyQualifiedErrorId : ParameterArgumentValidationError,Microsoft.ActiveDirectory.Management.Commands.Ge
       tADUser
     
    Move-ADObject : Cannot validate argument on parameter 'Identity'. The argument is null. Provide a valid value
    for the argument, and then try running the command again.
    At C:\temp\bulkmoveOU.ps1:8 char:29
    +     Move-ADObject -Identity $UserDN -TargetPath $TargetOU
    +                             ~~~~~~~
        + CategoryInfo          : InvalidData: (:) [Move-ADObject], ParameterBindingValidationException
        + FullyQualifiedErrorId : ParameterArgumentValidationError,Microsoft.ActiveDirectory.Management.Commands.Mo

    Tuesday, September 1, 2015 12:56 PM
  • You're using a ForEach-Object loop, so you need to use $_ as the variable for the current item in the loop. $MoveUsers is not needed.

    • Marked as answer by SidLea Tuesday, September 1, 2015 1:56 PM
    Tuesday, September 1, 2015 1:02 PM
  • I do not understand why new user of Windows always complicate the hell out of everything.  They always like to create new variables and reassing existing variables and add numerous silly and useless comments.  After that they write one line of code that they do not understand.

    Why???

    This is al you need:

    Import-Csv $csvPath | 
        ForEach-Object {
            Move-ADObject -Identity $_.ParentContainer -TargetPath $_.ParentContainer
        }

    Remember KISS the principal.  Live by it!


    \_(ツ)_/

    Tuesday, September 1, 2015 1:32 PM
  • Thanks, that worked a treat. Just apart from the users that have the "Protect Object from accidental deletion" ticked which I still get access denied. Well that's a start at least.

    Tuesday, September 1, 2015 1:33 PM