Script not moving Active Directory Objects

Welcome Forums General PowerShell Q&A Script not moving Active Directory Objects

  • This topic has 10 replies, 5 voices, and was last updated 1 year ago by
    Participant
    .
Viewing 5 reply threads
  • Author
    Posts
    • #162756
      Participant
      Topics: 1
      Replies: 4
      Points: 23
      Rank: Member

      Hello PS Gurus,
      I have a PS script used to manipulate Active Directory accounts; it was working fine when running on one of our old Domain controllers (Win2008). However, we upgraded our DCs to Win2016 and decided to move this script to run on a separate Windows 2016 server. The main issue is that the script – which now runs on that separate server but invokes a session on the new DC – is no longer moving AD accounts to different OUs.
      -The log shows this error:
      “The input object cannot be bound to any parameters for the command either because the command does not take pipeline
      input or the input and its properties do not match any of the parameters that take pipeline input.”
      – And here’s the portion of the script that moves the AD account to a different OU but is not working:
      “Get-ADUser $Student.sAMAccountName | Move-ADObject -TargetPath “OU=Old,OU=Students,DC=CH,DC=MCC,DC=edu” -ErrorAction Continue -Confirm:$false”
      Searching online, it sounded like the Move-ADObject’s -Identity switch (required) is not accepting the piped sAMAccount attribute value so the suggestions were to try with a different attribute such as Distinguished name, GUID, etc. However, none of these work.
      Appreciate your time and thanks in advance for any input!

    • #162764
      Participant
      Topics: 12
      Replies: 232
      Points: 466
      Helping Hand
      Rank: Contributor

      Well first does the $Student variable contain the correct info and does Get-ADUser command generate the desired output?

      If that becomes e.g. NULL then there is nothing to pipe to Move-ADObject.

      • #162768
        Participant
        Topics: 1
        Replies: 4
        Points: 23
        Rank: Member

        Fredrik –
        Thanks for your reply. Yes, the $Student variable has a value. The next line on the script is “$($Student.sAMAccountName) home moved at $Time ” | out-file $logfile -append” . When I check the log file the $Student has been recorded.

      • #162863
        Participant
        Topics: 12
        Replies: 232
        Points: 466
        Helping Hand
        Rank: Contributor

        Well just because student has a value doesn’t mean it’s correct.
        E.g. “Hello world” is a value 🙂

        Just as kvprasson writes, does it contain the sAMAccountName property and does that sAMAccountName exist in the AD?
        If Get-ADUser don’t find that user it will error out which will then cause the rest of that line to error out.

        When dealing with Get-ADuser and most other AD related commands in scripts you should do some error/exception handling.
        E.g.

        $user = Get-ADUser -Identity $Student.sAMAccountName
        
        if($null -ne $user.sAMAccountName){
            # Do whatever you need to do.
        }
        
      • #162888
        Participant
        Topics: 1
        Replies: 4
        Points: 23
        Rank: Member

        Yes, the AD object does contain the sAMAccountName property and the sAMAccountName exists. Moreover, some of the script actions are being successfully performed; for instance, the script is also supposed to remove group membership for the AD object/account and this is happening. So, the script correctly “finds” the object, successfully performs certain actions, but moving the object to a different OU is what’s failing.

    • #162789
      Senior Moderator
      Topics: 9
      Replies: 1236
      Points: 4,443
      Helping Hand
      Rank: Community Hero

      Make sure the user is available in AD for each $student in the iteration.

      Get-AdUser -Identity $Student.sAMAccountName
      
      • #162887
        Participant
        Topics: 1
        Replies: 4
        Points: 23
        Rank: Member

        Thanks for your reply. I am not sure I follow your instructions, can you please clarify? thanks

      • #162962
        Senior Moderator
        Topics: 9
        Replies: 1236
        Points: 4,443
        Helping Hand
        Rank: Community Hero

        If there is no account in AD, that means no output from Get-AdUser, this can happen.

    • #162902
      Participant
      Topics: 2
      Replies: 3
      Points: 38
      Rank: Member

      I’ve been working on something similar. I removed the need for the pipe command although and it’s been working for me.

       Move-ADObject -Identity ("Get-ADUser $Student.sAMAccountName ) -TargetPath "OU=Old,OU=Students,DC=CH,DC=MCC,DC=edu" -ErrorAction Continue -Confirm:$false"
    • #163248
      Participant
      Topics: 1
      Replies: 4
      Points: 23
      Rank: Member

      All – thank you much for your input. I tried all the different suggestions and, unfortunately, none solved the problem. So, I ended up moving the script back to the new domain controller and it seems to be working now. Thanks again

    • #163509
      Participant
      Topics: 0
      Replies: 13
      Points: 43
      Helping Hand
      Rank: Member

      I am not having a Domain Controller to test the script  right now. But try this:

      Get-ADUser $Student.sAMAccountName | %{Move-ADObject -TargetPath "OU=Old,OU=Students,DC=CH,DC=MCC,DC=edu"  -Confirm:$false"}
Viewing 5 reply threads
  • The topic ‘Script not moving Active Directory Objects’ is closed to new replies.