locked
Moving Multiple users to a different OU using Canonical Name RRS feed

  • Question

  • Hi Team,

    I am having a multiple users to move in to a different OU and they are provided with the Canonical Name. 

    I have the OU/OU/OU/DC/DC/DC /DC

    For example the input list is like 

    UserDN =XXXX

    TargetOU=xx.xx.xx.com/xx/xx/xx

    But i tried Translate-ADName and Convert-ADName but it is not converting or Translating the ADName  but throwing the error.

    Translate-ADName canonical $TargetOU -OutputType DN

    import-module ActiveDirectory
    
    $Imported = Import-Csv -Path "C:\Users\xxx\Desktop\move1.csv" 
    $Imported | ForEach-Object {
         # Retrieve DN of User.
         $UserDN  = (Get-ADUser -Identity $_.Username).distinguishedName
         $TargetOU = $_.TargetOU
         Write-Host " Moving Accounts ..... "
         # Move user to target OU.
         Move-ADObject  -Identity $UserDN  -TargetPath $TargetOU
         
     }
    Write-Host " Completed move " 
     $total = ($Imported).count
    Write-Host $total "User Moved Successfully" 
    
    Friday, September 6, 2019 7:37 PM

All replies

  • Canonical names are in the form: mydomain.com/West/Sales/Jim Smith

    So the order of elements is reversed from the order in distinguished names, other than the domain components.

    Edit: A reference:

    https://docs.microsoft.com/en-us/windows/win32/adschema/a-canonicalname

    Also, the canonicalName attribute is constructed (also called operational). This means the value is not saved in Active Directory. Instead the DC constructs the value from other attributes, like the distinguishedName, on request.


    Richard Mueller - MVP Enterprise Mobility (Identity and Access)


    Friday, September 6, 2019 8:10 PM
  • Have you tried this?

    https://gallery.technet.microsoft.com/scriptcenter/Translating-Active-5c80dd67


    --- Rich Matheisen MCSE&I, Exchange Ex-MVP (16 years)

    Friday, September 6, 2019 9:21 PM
  • i have tried to use the Convert-LHSADName but it is showing error message

    convert-LHSADName : The term 'convert-LHSADName' is not recognized as the name of a cmdlet, function, script file, or
    operable program. Check the spelling of the name, or if a path was included, verify that the path is correct and try
    again.
    At line:1 char:1
    + convert-LHSADName -identity xx.xx.xx.com/Function/KRC/Audit -Ou ...
    + ~~~~~~~~~~~~~~~~~
        + CategoryInfo          : ObjectNotFound: (convert-LHSADName:String) [], CommandNotFoundException
        + FullyQualifiedErrorId : CommandNotFoundException


    • Edited by Sachin151181 Saturday, September 7, 2019 6:22 AM
    Saturday, September 7, 2019 6:21 AM
  • You have to load the script first.

    . .\Convert-LHSADName.ps1


    \_(ツ)_/

    Saturday, September 7, 2019 6:26 AM
  • Thanks i can able to use it now. 

    I am using the Target OU in Canonical Form and using the convert in am changing this to the Distingushed name and storing to $dn

    I am getting the following error 

    Move-ADObject : Cannot convert 'System.Object[]' to the type 'System.String' required by parameter 'TargetPath'. Specified method is not supported.
    At E:\Sendhil\Powershell\MoveOU1.ps1:17 char:52
    +      Move-ADObject  -Identity $UserDN  -TargetPath $dn
    +                                                    ~~~
        + CategoryInfo          : InvalidArgument: (:) [Move-ADObject], ParameterBindingException
        + FullyQualifiedErrorId : CannotConvertArgument,Microsoft.ActiveDirectory.Management.Commands.MoveADObject

    import-module ActiveDirectory
    
    $Imported = Import-Csv -Path "C:\Temp\mvu.csv"
    $Imported | ForEach-Object {
         # Retrieve DN of User.
         $UserDN  = (Get-ADUser -Identity $_.Username).distinguishedName
      
        $TargetOU = $_.TargetOU
        
      $dn=Convert-LHSADName -Identity $_.TargetOU -OutputType dn
         Write-Host " Moving Accounts ..... "
         # Move user to target OU.
         Move-ADObject  -Identity $UserDN  -TargetPath $dn
         
     }
    Write-Host " Completed move " 
     $total = ($Imported).count
    Write-Host $total "User Moved Successfully" 
    

    Saturday, September 7, 2019 7:47 AM
  • Can you show us the value of $TargetOU and $dn after the conversion?

    The Convert-LHSADName function uses only the "Get" and "Set" methods of the NameTranslate COM object, and they should only be dealing with single objects, not arrays.


    --- Rich Matheisen MCSE&I, Exchange Ex-MVP (16 years)

    Saturday, September 7, 2019 3:34 PM
  • The Gallery function is faulty and returns an array of objects.  This may be due to changes in the APIs used or to mistakes.  THe function works but is way overworked for the results it promises.

    Here is how to get around the bugs:

    $result = Convert-LHSADName -Identity$_.TargetOU -OutputTypedn
    $dn = $results[-1]

    The output is always the last element of the array.


    \_(ツ)_/

    Saturday, September 7, 2019 4:59 PM
  • No longer having an AD to work with kinda limits me, but it looks like the "Invoke-Method" function emits stuff into the stream. I don't see where any of that's consumed. The last use of Invoke-Method is to "Get" the translated name so it makes sense it's always the last value.

    --- Rich Matheisen MCSE&I, Exchange Ex-MVP (16 years)

    Saturday, September 7, 2019 6:25 PM
  • Here is a simplified and fixed version of the Gallery script.  The Gal script has numerous coding errors that are causing this issue and other issues.

    Function Convert-CanonicalName{   
        [OutputType('System.String')] 
        Param(
                [Parameter(Mandatory)]
            	[string]$CanonicalName
        )
        
        Try{
            $NameTranslate = New-Object -ComObject NameTranslate
        
            [void]$NameTranslate.GetType().InvokeMember('Init', 'InvokeMethod', $NULL, $NameTranslate, @(3, 2))
            [void]$NameTranslate.GetType().InvokeMember('Set', 'InvokeMethod', $NULL, $NameTranslate, @(8,$CanonicalName))
            $NameTranslate.GetType().InvokeMember('Get', 'InvokeMethod', $NULL, $NameTranslate, @(1))
        }
        Catch{
            Throw $_
        }
    }         


    \_(ツ)_/


    • Edited by jrv Saturday, September 7, 2019 7:30 PM
    Saturday, September 7, 2019 7:29 PM
  • Here is a module in the PowerSHellGet Gallery:

    https://github.com/zloeber/PSAD/tree/master/docs/Functions

    It has a version of this that looks to be better designed and also contains numerous other functions that work with AD objects directly using ADSI.  It looks very useful.


    FInd-Module PSAD | Install-Module


    \_(ツ)_/

    Saturday, September 7, 2019 8:01 PM
  • No longer having an AD to work with kinda limits me, but it looks like the "Invoke-Method" function emits stuff into the stream. I don't see where any of that's consumed. The last use of Invoke-Method is to "Get" the translated name so it makes sense it's always the last value.

    --- Rich Matheisen MCSE&I, Exchange Ex-MVP (16 years)

    I posted to the author requesting a fix.  The "Invoke" functions need to add [void] to the method invoke and set functions and that issue will be resolved.

    Overall the function is over-designed which makes it hard for new users to understand.  Most of the over-design can be fixed by using net classes and eliminating the parameter decoration.  I suspect that some issues are a result of trying to maintain V2 compatibility.


    \_(ツ)_/

    Saturday, September 7, 2019 8:02 PM
  • Hi,

    Was your issue resolved?

    If you resolved it using our solution, please "mark it as answer" to help other community members find the helpful reply quickly.

    If you resolve it using your own solution, please share your experience and solution here. It will be very beneficial for other community members who have similar questions.

    If no, please reply and tell us the current situation in order to provide further help.

    Best Regards,

    Lee


    Just do it.

    Friday, October 4, 2019 8:26 AM