Move computer in Active Directory
Script which moves a computer object from one OU to another in AD. This script can e.g. be run on an SCCM server as a status filter rule whenever a task sequence has completed on a PC in your enterprise. It won’t work in WinPE since the AD powershell module is not present in the default ADK boot image.
Commandline:
|
1 2 3 4 5 6 7 |
"C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -executionpolicy bypass -file "D:\Scripts\ComputerOUMove.ps1" -OUDN <OU distinguished name including LDAP prefix> -ComputerName <computer name> Example: "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -executionpolicy bypass -file "D:\Scripts\ComputerOUMove.ps1" -OUDN 'LDAP://OU=Laptops,OU=Computers,OU=Company,DC=PTEST,DC=LOCAL' -ComputerName 'LA0010' Example for Status Filter Rule: "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -executionpolicy bypass -file "D:\Scripts\ComputerOUMove.ps1" -OUDN 'LDAP://OU=Laptops,OU=Computers,OU=Company,DC=PTEST,DC=LOCAL' -ComputerName %msgsys |
Script:
|
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 |
Param ( # Type in OU distinguished name [Parameter(Mandatory=$true,HelpMessage="Please enter the distiguished name of the target OU", ValueFromPipelineByPropertyName=$true, Position=0)] $OUDN, # Type in computername [Parameter(Mandatory=$true,HelpMessage="Please enter the ComputerName", ValueFromPipelineByPropertyName=$true, Position=0)] $ComputerName ) #Define log file name and location $LogPath = "C:\MyLogs" $LogFileName = "$ComputerName.log" $LogFile = "$LogPath\$LogFileName" #Initialize log file location if (!(Test-Path $LogPath)) { try { New-Item $LogPath -type directory -ErrorAction Stop | Out-Null } catch { $LogFile = "c:\Windows\Temp\$LogFileName" LogWrite "Log folder could not be created in chosen location. Log saved to c:\Windows\Temp instead." LogWrite ("$_.Exception.Message") } } function LogWrite([string]$LogString) { try { Add-content $script:LogFile -value "$(Get-Date -Format yyyy-MM-dd_HH:mm:ss) $LogString" -force -ErrorAction Stop } catch { #Write-Warning $_.Exception.Message } } LogWrite("### START OF SCRIPT ###") LogWrite("Running ComputerOUMove.ps1 -OUDN $OUDN -ComputerName $ComputerName (running as $env:username)") $OUDNstring = $OUDN.TrimStart("LDAP://") if ((Get-ADComputer $ComputerName).DistinguishedName -eq "CN=$ComputerName,$OUDNstring") { LogWrite("$ComputerName is already in target OU `"$OUDNstring`"") } else { LogWrite("Trying to move $ComputerName to target OU `"$OUDNstring`"") try { $targetOU = Get-ADOrganizationalUnit -Identity $OUDNstring (Get-ADComputer $ComputerName).objectGUID | Move-ADObject -TargetPath $targetOU Start-Sleep 5 if ((Get-ADComputer $ComputerName).DistinguishedName -eq "CN=$ComputerName,$OUDNstring") { LogWrite("Successfully moved $ComputerName to target OU `"$OUDNstring`"") } } catch { LogWrite("Failed to move the computer to the target OU `"$OUDNstring`"") LogWrite("$_.Exception.Message") } } LogWrite("### END OF SCRIPT ###") |