Using Rename-ADObject to rename Security Groups

This topic contains 5 replies, has 5 voices, and was last updated by Profile photo of Casey Gray Casey Gray 1 year, 9 months ago.

  • Author
    Posts
  • #20322
    Profile photo of TafTak55
    TafTak55
    Participant

    Hello Everyone,

    I'm new PS and have really been enjoying it so far. I've been coming here in search of answers and appreciate the communities input.

    I have been asked to rename some security groups in AD and have run into some issues.

    (I running ps v5 and using the "rename-adobject" command)

    Rename-ADObject [-Identity] ADObject [-NewName] string

    The below script is really to test/debug/practice, before gathering all the security groups, objects, filters, etc.

    For now I'm trying to rename two accounts in a csv file. The script seems to work with -whatif (output below), but as soon as I removed it. I receive the following error:

    With -Whatif: = no errors

    $dn | ForEach-Object {Rename-ADObject $_.distinguishedname -NewName $NewName -WhatIf}
    What if: Performing the operation "Rename" on target "CN=\#US.SDTest-RW,OU=SharedDrive Groups,OU=Corporate,OU=Do
    main-Groups,DC=Domain,DC=com".
    What if: Performing the operation "Rename" on target "CN=\#US.SDTestv2-RO,OU=SharedDrive Groups,OU=Corporate,OU=
    Domain-Groups,DC=Domain,DC=com".

    Removing -whatif: = Error

    Rename-ADObject : The parameter is incorrect
    At line:1 char:23
    + ... rEach-Object {Rename-ADObject $_.distinguishedname -NewName $NewName}
    + ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

    ________________________

    Sample Script:

    $renameSG = Import-Csv D:\scripts\testSD.csv
    #works up to here – import Security Group Names

    $Oldname = $renameSG.oldname
    #works up to here – Add Oldname strings into Var

    $dn = foreach($group in $Oldname){Get-ADGroup -Identity $group}
    #works up to here – create new var with SG names

    $NewName = $renameSG.newname | out-string
    #works up to here

    #Testing >> $dn | ForEach-Object {echo $_.distinguishedname}

    $dn | ForEach-Object {Rename-ADObject $_.distinguishedname -NewName $NewName}

    Any help would be greatly appreciated. Best of all, I'd like to learn why this is not working. I thought using out-string cmdlet for $NewName would convert output to strings which then can be used for the -NewName parameter.

    Thanks in advance.

  • #20326
    Profile photo of Alexander Johansson
    Alexander Johansson
    Participant

    Hello,

    Have you tested it with a lower version of Powershell?
    As far as I know Powershell v5 is a preview and the Active Directory cmdlets might not be compatible with it.

    /Alexander

  • #20371
    Profile photo of LuisCarrillo
    LuisCarrillo
    Participant

    Hello Alexander,

    Thanks for the suggestion. Unfortunately, it didn't have make a difference. Same errors when I remove “-whatif”

    I also, replaced out-string with select-object to convert the $NewName objects into strings which I believe did (SystemString). See output below:

    PS C:\> $NewName = $renameSG | select newname

    PS C:\> $NewName | gm

    TypeName: Selected.System.Management.Automation.PSCustomObject

    Name MemberType Definition
    —- ———- ———-
    Equals Method bool Equals(System.Object obj)
    GetHashCode Method int GetHashCode()
    GetType Method type GetType()
    ToString Method string ToString()
    NewName NoteProperty System.String NewName=US.SDTest RW2

    ________________________________________________________
    Tried a machine running psv4

    PS C:\> $PSVersionTable

    Name Value
    —- —–
    PSVersion 4.0

    ________________________________________________________

    Error:

    Rename-ADObject : The parameter is incorrect

  • #20375
    Profile photo of Derek Ardolf
    Derek Ardolf
    Participant

    TafTak,

    Could it be because it accepts an ADObject rather than just a string?
    You could retrieve the object first, via Get-ADObject, to use with Rename-ADObject and the -NewName parameter?

    Rename-ADObject (Get-ADObject  $_.distinguishedname) -NewName $NewName
  • #20490
    Profile photo of LuisCarrillo
    LuisCarrillo
    Participant

    Thanks for replies.

    I finally got it working by creating an empty array; $renamesg = @()
    Then imported the csv containing the security groups. $renamesg = import-csv

    By doing so, I was able to see the different columns with the correct objects.

    PS C:\> $renameSG | gm

    TypeName: System.Management.Automation.PSCustomObject

    Name MemberType Definition
    —- ———- ———-
    Equals Method bool Equals(System.Object obj)
    GetHashCode Method int GetHashCode()
    GetType Method type GetType()
    ToString Method string ToString()
    NewName NoteProperty System.String NewName=Accounting...
    OldName NoteProperty System.String OldName=CN=\#Accounting...

    I then ran:

    #Rename SamAccountName – Security groups
    $renameSG | ForEach-Object {Set-ADGroup -Identity $_.Oldname -SamAccountName $_.NewName}

    #Rename Security groups
    $renameSG | ForEach-Object {Rename-ADObject -Identity $_.Oldname -NewName $_.NewName}

    Thanks for the help.

    Luis

    • #22990
      Profile photo of Casey Gray
      Casey Gray
      Participant

      I see that you solved this, but I just did the same thing, and I think the issue you had was with this:

      Rename-ADObject $_.distinguishedname

      The line I used to do a mass rename was this:

      $foo = Get-ADGroup -Filter "name -like 'blah*'"
      $foo | % { Rename-ADObject -Identity $_ -NewName ($_.Name -Replace "^blah", "blah_blah_") }

      Granted, you'd have to finagle your rename to be what you wanted, but I was just replacing the first bit of the name with something different.

You must be logged in to reply to this topic.