Using Rename-ADObject to rename Security Groups

This topic contains 5 replies, has 5 voices, and was last updated by  Casey Gray 2 years, 7 months ago.

  • Author
    Posts
  • #20322

    TafTak55
    Participant

    Hello Everyone,

    I'm new PS and have really been enjoying it so far. I've been coming here in search of answers and appreciate the communities input.

    I have been asked to rename some security groups in AD and have run into some issues.

    (I running ps v5 and using the "rename-adobject" command)

    Rename-ADObject [-Identity] ADObject [-NewName] string

    The below script is really to test/debug/practice, before gathering all the security groups, objects, filters, etc.

    For now I'm trying to rename two accounts in a csv file. The script seems to work with -whatif (output below), but as soon as I removed it. I receive the following error:

    With -Whatif: = no errors

    $dn | ForEach-Object {Rename-ADObject $_.distinguishedname -NewName $NewName -WhatIf}
    What if: Performing the operation "Rename" on target "CN=\#US.SDTest-RW,OU=SharedDrive Groups,OU=Corporate,OU=Do
    main-Groups,DC=Domain,DC=com".
    What if: Performing the operation "Rename" on target "CN=\#US.SDTestv2-RO,OU=SharedDrive Groups,OU=Corporate,OU=
    Domain-Groups,DC=Domain,DC=com".

    Removing -whatif: = Error

    Rename-ADObject : The parameter is incorrect
    At line:1 char:23
    + ... rEach-Object {Rename-ADObject $_.distinguishedname -NewName $NewName}
    + ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

    ________________________

    Sample Script:

    $renameSG = Import-Csv D:\scripts\testSD.csv
    #works up to here – import Security Group Names

    $Oldname = $renameSG.oldname
    #works up to here – Add Oldname strings into Var

    $dn = foreach($group in $Oldname){Get-ADGroup -Identity $group}
    #works up to here – create new var with SG names

    $NewName = $renameSG.newname | out-string
    #works up to here

    #Testing >> $dn | ForEach-Object {echo $_.distinguishedname}

    $dn | ForEach-Object {Rename-ADObject $_.distinguishedname -NewName $NewName}

    Any help would be greatly appreciated. Best of all, I'd like to learn why this is not working. I thought using out-string cmdlet for $NewName would convert output to strings which then can be used for the -NewName parameter.

    Thanks in advance.

  • #20326

    Alexander Johansson
    Participant

    Hello,

    Have you tested it with a lower version of Powershell?
    As far as I know Powershell v5 is a preview and the Active Directory cmdlets might not be compatible with it.

    /Alexander

  • #20371

    LuisCarrillo
    Participant

    Hello Alexander,

    Thanks for the suggestion. Unfortunately, it didn't have make a difference. Same errors when I remove “-whatif”

    I also, replaced out-string with select-object to convert the $NewName objects into strings which I believe did (SystemString). See output below:

    PS C:\> $NewName = $renameSG | select newname

    PS C:\> $NewName | gm

    TypeName: Selected.System.Management.Automation.PSCustomObject

    Name MemberType Definition
    —- ———- ———-
    Equals Method bool Equals(System.Object obj)
    GetHashCode Method int GetHashCode()
    GetType Method type GetType()
    ToString Method string ToString()
    NewName NoteProperty System.String NewName=US.SDTest RW2

    ________________________________________________________
    Tried a machine running psv4

    PS C:\> $PSVersionTable

    Name Value
    —- —–
    PSVersion 4.0

    ________________________________________________________

    Error:

    Rename-ADObject : The parameter is incorrect

  • #20375

    Derek Ardolf
    Participant

    TafTak,

    Could it be because it accepts an ADObject rather than just a string?
    You could retrieve the object first, via Get-ADObject, to use with Rename-ADObject and the -NewName parameter?

    Rename-ADObject (Get-ADObject  $_.distinguishedname) -NewName $NewName
  • #20490

    LuisCarrillo
    Participant

    Thanks for replies.

    I finally got it working by creating an empty array; $renamesg = @()
    Then imported the csv containing the security groups. $renamesg = import-csv

    By doing so, I was able to see the different columns with the correct objects.

    PS C:\> $renameSG | gm

    TypeName: System.Management.Automation.PSCustomObject

    Name MemberType Definition
    —- ———- ———-
    Equals Method bool Equals(System.Object obj)
    GetHashCode Method int GetHashCode()
    GetType Method type GetType()
    ToString Method string ToString()
    NewName NoteProperty System.String NewName=Accounting...
    OldName NoteProperty System.String OldName=CN=\#Accounting...

    I then ran:

    #Rename SamAccountName – Security groups
    $renameSG | ForEach-Object {Set-ADGroup -Identity $_.Oldname -SamAccountName $_.NewName}

    #Rename Security groups
    $renameSG | ForEach-Object {Rename-ADObject -Identity $_.Oldname -NewName $_.NewName}

    Thanks for the help.

    Luis

    • #22990

      Casey Gray
      Participant

      I see that you solved this, but I just did the same thing, and I think the issue you had was with this:

      Rename-ADObject $_.distinguishedname

      The line I used to do a mass rename was this:

      $foo = Get-ADGroup -Filter "name -like 'blah*'"
      $foo | % { Rename-ADObject -Identity $_ -NewName ($_.Name -Replace "^blah", "blah_blah_") }

      Granted, you'd have to finagle your rename to be what you wanted, but I was just replacing the first bit of the name with something different.

You must be logged in to reply to this topic.