Need Help Moving AD-Object to OU that has same Display Names

Welcome Forums General PowerShell Q&A Need Help Moving AD-Object to OU that has same Display Names

Viewing 1 reply thread
  • Author
    Posts
    • #122232
      Participant
      Topics: 6
      Replies: 15
      Points: 23
      Rank: Member

      Hello,

      I have a script that works perfectly if I'm moving user's from one ou to the Disabled Users ou that have different display names, but if the Disabled Users OU has the same display name as the user being moved, it gives a can't move ad object error the object is in use. Please help me to modify my script so that it will move the AD-Object to the Disabled Users OU even if there's another user in Disabled Users OU with the same name. Thank you for your help.

      Import-Module ActiveDirectory
      $users= Import-Csv -Path "C:\O365AccountsTermed\Test11518.csv"

      $DisabledDate = Get-Date
      $LeaveDate = Get-Date -Format "dddd dd MMMM yyyy"
      $DisabledBy = Get-ADUser "$env:username" -properties Mail
      $DisabledByEmail = $DisabledBy.Mail
      $LegalHoldUser = Get-ADuser -Filter * -SearchBase 'ou=LegalHold,dc=xxx,dc=com' -Properties * | Select-object -Expand SamAccountName

      $TargetOU = "ou=Disabled Users,dc=xxx,dc=com"

      foreach ($user in $users)
      {
      $SamAccountName = $User.SamAccountName
      $UserDN = (Get-ADUser -Identity $User.SamAccountName).distinguishedName

      Set-ADUser $User.SamAccountName -Description "Disabled by $($DisabledBy.name) on $DisabledDate per Ticket INC0065513"

      $ADgroups = Get-ADPrincipalGroupMembership -Identity $User.SamAccountName | where { ($_.Name -ne 'DisabledUsers') }

      Add-ADGroupMember -Identity "DisabledUsers" -Members $User.SamAccountName

      $group = get-adgroup "DisabledUsers" -properties @("primaryGroupToken")
      Get-ADuser $User.SamAccountName | Set-ADuser -replace @{primaryGroupID=$group.primaryGroupToken}

      Remove-ADPrincipalGroupMembership -Identity $($User.SamAccountname) -MemberOf $ADgroups.SamAccountName -Confirm:$false

      Disable-ADAccount -Identity $($User.SamAccountname)

      If ($LegalHoldUser -notcontains $User.SamAccountname)
      {
      Move-ADObject -Identity $UserDN -targetpath $TargetOU
      }
      }

    • #122267
      Participant
      Topics: 1
      Replies: 23
      Points: 164
      Helping Hand
      Rank: Participant
      • #122273
        Participant
        Topics: 6
        Replies: 15
        Points: 23
        Rank: Member

        Hi John,

        Sorry about that. I was thinking something was wrong with my account. I do apologize.

Viewing 1 reply thread
  • The topic ‘Need Help Moving AD-Object to OU that has same Display Names’ is closed to new replies.