Replicate users from different domain with trust

john arnold samson 21 Reputation points

I'm trying to replicate users with Path OU which is structured the same and I replaced the parent OU and the domain only. But I'm getting an error. Please see the script below and the error.

Domain B users // Domain with Trust

$Limausers = (Get-ADUser -Server "$SeverB" -Credential $credential -filter "displayname -like 'sp *'" -searchbaseB $searchbase -properties *)

Target path

$targetpath= foreach ($Lima in $Limausers) {

$LimaString= $Lima -replace '^.+?(?<!\),',''
$path = Out-String -inputobject $LimaString
$path.replace("Lima","NBAinc") -replace ("net","org") -replace ("Test OU","Test")



Domain A users // My domain

$searchbase = "OU=Test mig, OU=Test, DC=NBAinc, DC=org"
$NBAUsers = (Get-ADUser -server $serverA -Filter * -searchbase $searchbaseA -properties *)


foreach($NBA in $NBAusers) {

if ($Limausers.displayname -eq $NBA.displayname) {
$userdisplayname= (Get-ADUser -Filter "displayname -eq '$($displayname)'" -properties *).distinguishedname
Move-ADObject -Identity $NBA.DistinguishedName -TargetPath $targetpath }



Move-ADObject : Cannot convert 'System.Object[]' to the type 'System.String' required by parameter 'TargetPath'. Specified method is not
At C:\Temp\MigrationTestScript.ps1:38 char:62

Active Directory
Active Directory
A set of directory-based technologies included in Windows Server.
3,665 questions
Windows Server PowerShell
Windows Server PowerShell
Windows Server: A family of Microsoft server operating systems that support enterprise-level management, data storage, applications, and communications.PowerShell: A family of Microsoft task automation and configuration management frameworks consisting of a command-line shell and associated scripting language.
4,631 questions
No comments
{count} votes

3 answers

Sort by: Most helpful
  1. Rich Matheisen 35,266 Reputation points

    The problem is that this code:

    $targetpath = foreach ($Lima in $Limausers) {  
        $LimaString = $Lima -replace '^.+?(?<!\),', ''  
        $path = Out-String -InputObject $LimaString  
        $path.replace("Lima", "NBAinc") -replace ("net", "org") -replace ("Test OU", "Test")  

    Creates an array of objects, not the single object that this code requires:

    Move-ADObject -Identity $NBA.DistinguishedName -TargetPath $targetpath  

  2. Rich Matheisen 35,266 Reputation points

    Well, first, provide a list of properties as a value for the Get-ADUser's -Properties parameter! If you don't, you'll get an error:

    Get-ADUser : Missing an argument for parameter 'Properties'. Specify a parameter of type 'System.String[]' and try again.

    Don't treat the user object as a string! If you mean to deal with the value distinguisheName, be explicit!

    Next, fix the pattern in the -replace operator. The one you're using ^.+?(?<!\) produces this error: The regular expression pattern ^.+?(?<!\), is not valid. The "\" character in a regular expression is an escape character. Can you explain what is it you expect to be the result?

    Why are you doing this? $path = Out-String -InputObject $LimaString

    You have to correct the code first before I can tell you what else you need to do. My guessing at what you expect (and what the values are that you're dealing with) isn't going to be very helpful!

  3. Rich Matheisen 35,266 Reputation points

    So what you want to do is match the displayNames of users in DomainB (in a particular OU) against the displayNames of users in DomainA (in a particular OU) and, if there's a match, move the user in DomainA to another OU in DomainA?

    Something like this might work for you:

    $searchbase  = "OU=Test OU,DC=Lima,DC=net"  
    $ServerB =     "DCb"  
    $searchbaseA = "OU=Test mig, OU=Test, DC=NBAinc, DC=org"   
    $ServerA =     "DCa"  
    # Domain B users // Domain with Trust  
    $Limausers = @{}  
    Get-ADUser -Server "$SeverB" -Credential $credential -Filter "displayname -like 'sp '" -searchbaseB $searchbase |  
            $LimaString= $_.distinguishedName -replace '^.+?(?<!\\),',''   # remove leading '.....,' => I.e., remove the common name from the distinguished name  
            $path = $LimaString -replace "Lima","NBAinc" -replace "net","org" -replace "Test OU","Test"  
            # use a hash for faster lookup and a way to tell if a final match was found AND of multiple matches were found  
            $Limausers[$_.displayName] = (0,$path)  
    # Domain A users // My domain  
    Get-ADUser -Server $serverA -Filter -SearchBase $searchbaseA -Properties |  
            if ($Limausers.ContainsKey($_.displayName)){        # found a matching user  
                $Limausers[$_.displayName][0] += 1              # count the number of matches (display names are NOT unique!)  
                Move-ADObject -Identity $_.distinguishedName -TargetPath $Limausers[$_.displayName][1]  
    $Limausers.GetEnumerator() |  
                displayName = $_.Key  
                MatchCount  = $_.Value[0]  
        } | Export-CSV SOME-FILE-NAME.csv -NoTypeInformation