PowerShell Move-ADObject -identity issue RRS feed

  • Question

  • I've tried  multiple values for the -identity of the Move-ADObject  cmdlet, and i cant get it working.  its either a null value or cant find object error

    tried using the $username variable, tried distinguished name and the GUID.  The goal is type in a userid and have it disable the acct, change password, move them to the former employee ou and a few other things. as you can see i get the GUID and then try to pass it to Move-ADObject and it errors...

    changing password and disabling the account work fine

    PowerShell Code

    Write-Host 'This Script is for the Termination of Coventry Employees'
        Write-Host ' '
        Read-Host 'Press Enter to Begin'
        Write-Host ' '

        $username = (Read-Host "Enter Username:  ")
        $UserGuid = Get-ADUser $username |select objectGUID   ## gets the GUID for the user because the Move-ADOBJECT cmd needs GUID or distinguide name which is string and wont take the Variable $username
        Set-ADAccountPassword -Identity $username -Reset -NewPassword (ConvertTo-SecureString -AsPlainText "Temppassword123#" -Force )

        Move-ADobject $UserGuid -TargetPath 'OU=Former Employees ,OU=DomainUsers Win7,DC=Domain,DC=local'

        Disable-ADAccount -Identity $username

    Script OUTPUT and ERROR


    This Script is for the Termination of Coventry Employees

    Press Enter to Begin: 

    Enter Username:  : ztest


    Move-ADObject : Cannot validate argument on parameter 'Identity'. The Identity property on the argument is null or empty.
    At line:18 char:19
    +     Move-ADobject $UserGuid -TargetPath 'OU=Former Employees 3,OU=...
    +                   ~~~~~~~~~
        + CategoryInfo          : InvalidData: (:) [Move-ADObject], ParameterBindingValidationException
        + FullyQualifiedErrorId : ParameterArgumentValidationError,Microsoft.ActiveDirectory.Management.Commands.MoveADObject

    Wednesday, October 17, 2018 2:50 PM

All replies

  • I would use:

    $UserGuid = (Get-ADUser $username).ObjectGUID

    Also, $UserName should be the sAMAccountName (pre-Windows 2000 logon name in ADUC) of the user. If it is the Relative Distinguished Name (the RDN, also called the common name), it won't work unless it matches the sAMAccountName. If you know the RDN is unique, you can filter:

    $UserGuid = (Get-ADUser -Filter {Name -eq $username}).ObjectGUID
    Edit: I see that the PowerShell property exposed by Get-ADUser is objectGUID (not GUID), and it is converted into a string (the objectGUID attribute is a byte array).

    Richard Mueller - MVP Enterprise Mobility (Identity and Access)

    Thursday, October 18, 2018 1:31 PM