Share via

powershell move adobject with rename

Ilya Bokov 165 Reputation points
2024-12-02T08:56:43.4066667+00:00

hi!

can somebody help.

i need to move disabled users to DisabledAccounts OU, but it stops - because already exists

$Users = Get-ADUser -Filter 'enabled -eq $false' -searchbase "OU=Company,DC=next,DC=local" -Properties LastLogonDate | where {$_.LastLogonDate -lt (Get-Date).AddDays(-90)}

$TargetOU = 'OU=DisabledAcounts,DC=next,DC=local' # Example

Foreach ($User in $Users)

{

Disable-ADAccount $User

Move-ADObject -Identity $User -TargetPath $TargetOU

}

how i can rename as FistName + SurName + date or _old

thank you

Windows for business Windows Server User experience PowerShell
Windows for business Windows Server User experience Other
Windows for business Windows Client for IT Pros User experience Other
0 comments
Accepted answer
  1. Marti Peig 970 Reputation points Microsoft Employee
    2024-12-02T10:32:26.04+00:00

    Hi Ilya,

    You can do something like this.

    #create a function that generates random letters
function getRandomLetters {
    param (
        [Parameter(Mandatory)][int]$amount,
        [Parameter(Mandatory)][ValidateSet("Upper", "Lower", "Mixed")]$case
    )
    switch ($case) {
        Upper { -join ((65..90) | Get-Random -Count $amount | ForEach-Object { [char]$_ }) }
        Lower { -join ((97..122) | Get-Random -Count $amount | ForEach-Object { [char]$_ }) }
        Mixed { -join ((65..90) + (97..122) | Get-Random -Count $amount | ForEach-Object { [char]$_ }) }
    }
    
}
    
# Use it later to attach these letters to the conflicting value (like Common Name).
$newName = -join ($user.CN, "_", (getRandomLetters -amount 3 -case Lower))
Rename-ADObject -Identity $user.DistinguishedName -NewName $newName
    
# Move the object using the ObjectGUID, because the DN would have changed with the rename.
Move-ADObject -Identity $user.ObjectGUID -TargetPath $TargetOU

    I hope it helps.

    1 person found this answer helpful.

1 additional answer

Sort by: Most helpful
Most helpful Newest Oldest
  1. Rich Matheisen 47,901 Reputation points
    2024-12-02T16:33:39.4366667+00:00

    As @Marti Peig points out, your problem is that you've chosen a naming scheme for your AD users (and other AD objects) that create non-unique CommonName (cn) values within the domain. A "cn" must only be unique within an OU or container. To prevent problems like this from arising in the future, you might want to change your naming standard.

    For example, if your employees are issued an employee number (or some other unique value) you might combine that with the initial letters of the first name, surname, and middle name, or some other unique value if you don't use employee numbers). It's probably not likely you'd reuse employee numbers, and in the event you do, the use of the persons' initials in the final value reduces the chance of generating a duplicate.

    Also, the objects sAMAccountName might be used instead of an employee number. That's guaranteed to be unique within a domain.

    Other naming schemes are also possible that would avoid the problem.

    0 comments

Your answer

Answers can be marked as Accepted Answers by the question author, which helps users to know the answer solved the author's problem.