Move-ADObject to OU that has same Display Name

Welcome Forums General PowerShell Q&A Move-ADObject to OU that has same Display Name

Viewing 2 reply threads
  • Author
    Posts
    • #122001
      Participant
      Topics: 6
      Replies: 15
      Points: 23
      Rank: Member

      Hello,

      I have a script that works perfectly if I'm moving user's from one ou to the Disabled Users ou that have different display names, but if the Disabled Users OU has the same display name as the user being moved, it gives a can't move ad object error the object is in use. Please help me to modify my script so that it will move the AD-Object to the Disabled Users OU even if there's another user in Disabled Users OU with the same name. Thank you for your help.

      Import-Module ActiveDirectory
      $users= Import-Csv -Path "C:\O365AccountsTermed\Test11518.csv"

      $DisabledDate = Get-Date
      $LeaveDate = Get-Date -Format "dddd dd MMMM yyyy"
      $DisabledBy = Get-ADUser "$env:username" -properties Mail
      $DisabledByEmail = $DisabledBy.Mail
      $LegalHoldUser = Get-ADuser -Filter * -SearchBase 'ou=LegalHold,dc=xxx,dc=com' -Properties * | Select-object -Expand SamAccountName

      $TargetOU = "ou=Disabled Users,dc=xxx

      ,dc=com"
      
      
      foreach ($user in $users)
      {
            $SamAccountName = $User.SamAccountName
            $UserDN  = (Get-ADUser -Identity $User.SamAccountName) 
           
            Set-ADUser $User.SamAccountName -Description "Disabled by $($DisabledBy.name) on $DisabledDate per Ticket INC0065513"
      
            $ADgroups = Get-ADPrincipalGroupMembership -Identity $User.SamAccountName | where { ($_.Name -ne 'DisabledUsers') }
      
            Add-ADGroupMember -Identity "DisabledUsers" -Members $User.SamAccountName
      
            $group = get-adgroup "DisabledUsers" -properties @("primaryGroupToken")
            Get-ADuser $User.SamAccountName | Set-ADuser -replace @{primaryGroupID=$group.primaryGroupToken}
      
            Remove-ADPrincipalGroupMembership -Identity $($User.SamAccountname) -MemberOf $ADgroups.SamAccountName -Confirm:$false
      
            Disable-ADAccount -Identity $($User.SamAccountname)
      
            If ($LegalHoldUser -notcontains $User.SamAccountname)
          {
            Move-ADObject -Identity $UserDN -targetpath $TargetOU
          }
      }
    • #122014
      Participant
      Topics: 2
      Replies: 31
      Points: 48
      Rank: Member

      I see you're importing the users from a CSV file.  Are there unique properties, such as UPN,  in the file that you can use instead of the samaccount name?

    • #122016
      Participant
      Topics: 6
      Replies: 15
      Points: 23
      Rank: Member

      Hi Richard,

      I have one column of SamAccountNames with SamAccountName being the header.

      • #122037
        Participant
        Topics: 6
        Replies: 15
        Points: 23
        Rank: Member

        Hello,

        I have a script that works perfectly if I'm moving user's from one ou to the Disabled Users ou that have different display names, but if the Disabled Users OU has the same display name as the user being moved, it gives a can't move ad object error the object is in use. Please help me to modify my script so that it will move the AD-Object to the Disabled Users OU even if there's another user in Disabled Users OU with the same name. Thank you for your help.

        Import-Module ActiveDirectory
        $users= Import-Csv -Path "C:\O365AccountsTermed\Test11518.csv"

        $DisabledDate = Get-Date
        $LeaveDate = Get-Date -Format "dddd dd MMMM yyyy"
        $DisabledBy = Get-ADUser "$env:username" -properties Mail
        $DisabledByEmail = $DisabledBy.Mail
        $LegalHoldUser = Get-ADuser -Filter * -SearchBase 'ou=LegalHold,dc=xxx,dc=com' -Properties * | Select-object -Expand SamAccountName

        $TargetOU = "ou=Disabled Users,dc=xxx,dc=com"

        foreach ($user in $users)
        {
        $SamAccountName = $User.SamAccountName
        $UserDN = (Get-ADUser -Identity $User.SamAccountName).distinguishedName

        Set-ADUser $User.SamAccountName -Description "Disabled by $($DisabledBy.name) on $DisabledDate per Ticket INC0065513"

        $ADgroups = Get-ADPrincipalGroupMembership -Identity $User.SamAccountName | where { ($_.Name -ne 'DisabledUsers') }

        Add-ADGroupMember -Identity "DisabledUsers" -Members $User.SamAccountName

        $group = get-adgroup "DisabledUsers" -properties @("primaryGroupToken")
        Get-ADuser $User.SamAccountName | Set-ADuser -replace @{primaryGroupID=$group.primaryGroupToken}

        Remove-ADPrincipalGroupMembership -Identity $($User.SamAccountname) -MemberOf $ADgroups.SamAccountName -Confirm:$false

        Disable-ADAccount -Identity $($User.SamAccountname)

        If ($LegalHoldUser -notcontains $User.SamAccountname)
        {
        Move-ADObject -Identity $UserDN -targetpath $TargetOU
        }
        }

Viewing 2 reply threads
  • The topic ‘Move-ADObject to OU that has same Display Name’ is closed to new replies.