Archive for August 17th, 2007

Moving AD objects

Another new cmdlet in the 1.0.4 pack is Move-QADObject which allows you to move AD objects: users, groups, computers, OUs within the current domain.

The syntax is pretty easy:

Move-QADObject -Identity object-to-move -NewParentContainer target

Identity is the default parameter so you can skip the switch. You can supply almost anything as the parameter as long is it can identify the object in a unique fashion: samAccountName, DN, canonical name, domain\user, UPN, SID, GUID, etc.

The -NewParentContainer switch has a handy alias -to. The actual parameter is again pretty much anything unique enough. In my opinion DN or canonical name would make sense in most cases.

And the best of that all: the cmdlet accepts pipeline.

Here’s a bunch of examples of how this all works:

# Move a user
Move-QADObject dsotnikov -to qsft.local/employees/cto

# Move by location
Get-QADUser -City London | Move-QADObject -to qsft.local/employees/london

# Move all disabled account
Get-QADUser -Disabled | Move-QADObject -to qsft.local/disabled_accounts

# Use csv: first row is "object,target",
# then each column has comma-separated object and container identities

Import-CSV c:\tomove.csv | ForEach { Move-QADObject $_.object -to $ }

# Move groups, computers, etc.
Move-QADObject qsft\researchers -to qsft.local/groups

Get-QADComputer ny* | Move-QADObject -to qsft.local/ny/computers

# Move OU (with all objects and subcontainers)
Move-QADObject qsft.local/users/london -to qsft.local/employees/eu/uk

So next time you have to completely reconfigure your AD domain you know what to do, right? 😉


Tags: , , , , , , ,

My Recent Tweets


The posts on this blog are provided “as is” with no warranties and confer no rights. The opinions expressed on this site are mine and mine alone, and do not necessarily represent those of my employer - WSO2 or anyone else for that matter. All trademarks acknowledged.

© 2007-2014 Dmitry Sotnikov

August 2007

%d bloggers like this: