When moving a AD computer account is it better…

This topic contains 6 replies, has 3 voices, and was last updated by  src053 4 years, 3 months ago.

  • Author
    Posts
  • #6898

    src053
    Participant

    To use the set-adcomputer and set the parent container. Or is it better to use move-qadobject?

    I've ran the following command against my AD:

    get-qadcomputer -notloggedonfor 90

    I would like to pipe the contents of that to either a set-adcomputer or the move-adcomputer cmdlet.
    If I user the set-adcomputer I'm assuming I will need to change the "parentcontainter" attribute, however I don't see examples of how to do that in the help.

    Thanks!

  • #6906

    Poshoholic
    Participant

    I don't think you can move by simply setting the parentContainer. My understanding is that the parentContainer attribute is automatic. In which case, Move-ADComputer would be the right way to go.

  • #6909

    src053
    Participant

    good to know.
    so my follow up to that is what is the trick to getting move-adobject to work.

    I am using the following format and it errors out.

    `
    move-adobject -identity "cn=,cn=,dc=,dc=com" -targetaddress "cn=,dc=,dc=com"
    `

    I've tried with both the distinguished name and the dnshostname. Both produce errors.
    According to help I should be able to provide either of those as values to identity and targetaddress.

  • #6915

    Jeffrey Smith
    Participant

    You can also use implicit remoting to load the AD module on client machines that don't have RSAT by creating a PSSession on a machine that does (preferably an IT management server, and not a Domain Controller). Here's some sample code I created for just this purpose:

    function Get-ActiveDirectorySession {
    param(
    [string]$Server = 'ITManagmentPC.yourdomain.local'
    )
    $session = New-PSSession -ComputerName $Server
    Invoke-Command -Session $session -ScriptBlock {Import-Module ActiveDirectory}
    return $session
    }

    Then at the beginning of your script you can do something like this:

    if (Get-Module -ListAvailable ActiveDirectory)
    {
    Import-Module ActiveDirectory
    }
    else {
    Import-PSSession -Session (Get-ActiveDirectorySession) -Module ActiveDirectory | Out-Null
    }

    This gives you the AD cmdlets on machines that do not have RSAT installed. Of course, you need PSRemoting installed, and the appropriate permissions to create PSSessions on the target management PC, but it's pretty slick once that it sorted out.

  • #6916

    src053
    Participant

    wow quick responses on this forum! thanks a million guys.

    @Jeffery,
    I've been delving into powershell for about a month or two now. My goal is to become a proficient one liner interactive powershell admin. Then I want to move onto being a scriptor/tool maker
    Your input is like advanced calculus while I'm on basic math. 🙂
    are those top lines calls to .net?

  • #6917

    Poshoholic
    Participant

    I think part of your confusion was the formatting tags that were getting put into the post incorrectly (we're having issues with the crayon formatter on our site right now). I just removed the extra stuff that shouldn't have been visible in the post.

  • #6920

    src053
    Participant

    Ya I think I may not be passing the distinguished name through correctly. Will give it a go when I get home tonight.

You must be logged in to reply to this topic.