[Last Call] Learn how to a build a cloud-first strategyRegister Now

x
?
Solved

Lazy Question

Posted on 2006-04-24
19
Medium Priority
?
1,199 Views
Last Modified: 2008-01-09
OK Im too lazy to do this on the test bench - and its not an urgent one

I do migrations quite often and the software I use plonks all the users in the users container, and adds them to approriate groups.
Now I know you can redirect new users to specific OU's using redir for users and/or computers, but If Im migrating multiple groups at once I need them to go to different OU's.

So I need to use either DSGET, DSMOD and or DSMOVE to do the following

Search the users container and move all members of the groupA group to the GroupA OU

Whats the syntax?
0
Comment
Question by:Pete Long
  • 12
  • 7
19 Comments
 
LVL 12

Expert Comment

by:Rant32
ID: 16523331
dsget group "CN=GroupA,OU=Groups,OU=MyOrg,DC=MyDomain,DC=ads" -members | dsmove -newparent "OU=UsersA,OU=Useraccounts,DC=MyDomain,DC=ads"

How 'bout looping:

for %f in (Marketing Sales Finance bla) do `dsadd ou "OU=%f,OU=Useraccounts,DC=MyDomain,DC=ads & dsget group "CN=%f,OU=Groups,OU=MyOrg,DC=MyDomain,DC=ads" -members | dsmove -newparent "OU=%f,OU=Useraccounts,DC=MyDomain,DC=ads"`

Everything on one big illegible line of course! ;-)
0
 
LVL 57

Author Comment

by:Pete Long
ID: 16523442
Mmm Im guessing in the "Looped" example that Marketing, Sales, Finance, and bla are four different groups?
0
 
LVL 12

Expert Comment

by:Rant32
ID: 16523484
Yessir.

The loop creates the necessary OU's within ads/MyDomain/Useraccounts and moves the users from the respective group to their OU.

Got carried away there.
0
VIDEO: THE CONCERTO CLOUD FOR HEALTHCARE

Modern healthcare requires a modern cloud. View this brief video to understand how the Concerto Cloud for Healthcare can help your organization.

 
LVL 57

Author Comment

by:Pete Long
ID: 16523665
OK - bear with me I tried to transpose on top of that and failed like a buffoon :)

Domain is called xyzcorp.co.uk
the uses cn has 8000 users in it who are in groups yr01, yr02 etc to yr06 (no user is a member of more than one yr group)
The OU's they are moving into will be top level OU's (directly below the domain) and will also be called yr01 to yr06
The OU's will allready be created

How to do that in one fell swoop?
0
 
LVL 12

Expert Comment

by:Rant32
ID: 16524107
In that case you only need to leave out the 'dsadd' command.

May I assume that knowledge of the Distinguished Name syntax comes preloaded when you have more than 3,000,000 expert points? ;-)

Assumptions:
- The groups (yr01 thru yr06) are also in the Users container
- The Destination OUs reside in the root of the domain
- The Destination OUs are named the same as the groups. Renaming 6 OUs doesn't kill you.

Looks like this (all on one line):

for %f in (yr01 yr02 yr03 yr04 yr05 yr06) do dsget group "CN=%f,CN=Users,DC=xyzcorp,DC=co,DC=uk" -members | dsmove -newparent "OU=%f,DC=xyzcorp,DC=co,DC=uk"

PeteLong should be able to copy/paste this without modification and hide under the desk while 8000 objects are moved.

Ok, let's break that down for whomever's interested:

for %f in (yr01 yr02 yr03 yr04 yr05 yr06) do "X"
* Command "X" is run 6 times, and the variable %f is expanded to yr01 first run, yr02 second run, etc.

dsget group "CN=%f,CN=Users,DC=xyzcorp,DC=co,DC=uk" -members
This lists all members of the given group in Distinguished Name format. On the first run, "CN=%f,CN=Users, ...." is expanded to "CN=yr01,CN=Users, ...." so this command lists the group members of the yr01 group in the Users container.

Using the "|" symbol sends the output of the DSGET command as input to DSMOVE.

dsmove <object DN> -newparent "OU=%f,DC=xyzcorp,DC=co,DC=uk"
DSMOVE accepts parameters in DN format <object DN> and will move them to the given parent OU. In this case, the <object DN> is omitted and OUTPUT from the above DSGET command is used as INPUT to DSMOVE.

Hope that helps!
0
 
LVL 57

Author Comment

by:Pete Long
ID: 16524331
>>May I assume that knowledge of the Distinguished Name syntax comes preloaded when you have more than 3,000,000 expert points? ;-)

LOL - indeed

>>Assumptions

yes yes and yes

OK well Ive tried it on my VM - Which has 1000 test users numbered UserNo1 to UserNo999
I created four groups yr01 to yr 04
Split the users up into the those groups
the domain is called ranger.loc

Ran this command

dsget group "CN=yr01,CN=Users,DC=ranger,DC=loc" -members | dsmove -newparent "OU=yr01,DC=ranger,DC=loc"

got this output

C:\Documents and Settings\Administrator>dsget group "CN=yr01,CN=Users,DC=ranger,
DC=loc" -members   | dsmove -newparent "OU=yr01,DC=ranger,DC=loc"
dsmove failed:`CN=UserNo249,CN=Users,DC=ranger,DC=loc' is an unknown parameter.
type dsmove /? for help.
C:\Documents and Settings\Administrator>dsget group "CN=yr02,CN=Users,DC=ranger,
DC=loc" -members   | dsmove -newparent "OU=yr02,DC=ranger,DC=loc"
dsmove failed:`CN=UserNo498,CN=Users,DC=ranger,DC=loc' is an unknown parameter.
type dsmove /? for help.
C:\Documents and Settings\Administrator>dsget group "CN=yr03,CN=Users,DC=ranger,
DC=loc" -members   | dsmove -newparent "OU=yr03,DC=ranger,DC=loc"
dsmove failed:`CN=UserNo748,CN=Users,DC=ranger,DC=loc' is an unknown parameter.
type dsmove /? for help.
C:\Documents and Settings\Administrator>dsget group "CN=yr04,CN=Users,DC=ranger,
DC=loc" -members   | dsmove -newparent "OU=yr04,DC=ranger,DC=loc"
dsmove failed:`CN=UserNo998,CN=Users,DC=ranger,DC=loc' is an unknown parameter.
type dsmove /? for help.
C:\Documents and Settings\Administrator>


So I thought Id just do one group on its own

dsget group "CN=yr01,CN=Users,DC=ranger,DC=loc" -members | dsmove -newparent "OU=yr01,DC=ranger,DC=loc"

and got the following


C:\Documents and Settings\Administrator>dsget group "CN=yr01,DC=ranger,DC=loc" -
members | dsmove -newparent "OU=Yr01,DC=ranger,DC=loc"cms
dsget failed:Directory object not found.
type dsget /? for help.dsmove failed:`Target object for this command' is missing
.




0
 
LVL 57

Author Comment

by:Pete Long
ID: 16524342
balls hang on............
0
 
LVL 57

Author Comment

by:Pete Long
ID: 16524345
first command was

for %f in (yr01 yr02 yr03 yr04) do dsget group "CN=%f,CN=Users,DC=ranger,DC=loc" -members | dsmove -newparent "OU=%f,DC=ranger,DC=loc"


second command was

dsget group "CN=yr01,CN=Users,DC=ranger,DC=loc" -members | dsmove -newparent "OU=yr01,DC=ranger,DC=loc"
0
 
LVL 12

Expert Comment

by:Rant32
ID: 16524475
It's possible that the DSGET output is too large to handle through pipes, and it fails after the 298th DN.

If that's the case, there's another way around this, no worry.

My DC is now creating 2000 user accounts, hang on...
0
 
LVL 57

Author Comment

by:Pete Long
ID: 16524477
dsget group "CN=yr01,CN=Users,DC=ranger,DC=loc" -members

lists the members  though?
0
 
LVL 57

Author Comment

by:Pete Long
ID: 16524493
quick  way to get 2000 users

Set objRootDSE = GetObject("LDAP://rootDSE")
Set objContainer = GetObject("LDAP://cn=Users," & _
                            objRootDSE.Get("defaultNamingContext"))

For i = 1 To 2000
   Set objLeaf = objContainer.Create("User", "cn=UserNo" & i)
   objLeaf.Put "sAMAccountName", "UserNo" & i
   objLeaf.SetInfo
Next
WScript.Echo "2000 Users created."
0
 
LVL 57

Author Comment

by:Pete Long
ID: 16524658
Nope its not the amount of users even a test group with three users in it does the same

C:\Documents and Settings\Administrator>dsget group "CN=test,CN=Users,DC=ranger,DC=loc" -members
"CN=UserNo100,CN=Users,DC=ranger,DC=loc"
"CN=UserNo10,CN=Users,DC=ranger,DC=loc"
"CN=UserNo1,CN=Users,DC=ranger,DC=loc"


C:\Documents and Settings\Administrator>dsget group "CN=test,CN=Users,DC=ranger,DC=loc" -members |  dsmove -newparent "OU=yr01,DC=ranger,DC=loc"
dsmove failed:`CN=UserNo10,CN=Users,DC=ranger,DC=loc' is an unknown parameter.
type dsmove /? for help.
C:\Documents and Settings\Administrator>
0
 
LVL 12

Expert Comment

by:Rant32
ID: 16524675
for /L %f in (1,1,2000) do dsadd "CN=User%f,CN=Users,DC=Mydomain,DC=ads" -memberof "CN=yr01,CN=Users,DC=Mydomain,DC=ads" -pwd password

:))
0
 
LVL 57

Author Comment

by:Pete Long
ID: 16524713
LOL touche :)
0
 
LVL 57

Author Comment

by:Pete Long
ID: 16524736
any idea why it wont work? I manually created some users and that didnt work either?
0
 
LVL 12

Accepted Solution

by:
Rant32 earned 2000 total points
ID: 16525021
I'm sure it's the DSMOVE command that doesn't accept more than 1 parameter. If there is only one member of the group, then the command works.

How odd.

Well, two-step solution then:

1) dsget group "CN=yr01,CN=Users,DC=xyzcorp,DC=co,DC=uk" -members > yr01.lst

2) for /F "delims=" %f in (yr01.lst) do dsmove %f -newparent "OU=yr01,DC=xyzcorp,DC=co,DC=uk"

This creates a text file with all objects to be moved. Loop through each line of the file and move the object to the new OU.
0
 
LVL 57

Author Comment

by:Pete Long
ID: 16525296
Ahaa Shopping trolley mungus!! That works a treat - that will get put in my list of handy things :)

Thanks for that
0
 
LVL 12

Expert Comment

by:Rant32
ID: 16525347
Hey... Just received an e-mail...

"Good answer! Lazy question"

LOL. Thanks m8.
0
 
LVL 57

Author Comment

by:Pete Long
ID: 16525593
np have a good 1 m8y
0

Featured Post

Get free NFR key for Veeam Availability Suite 9.5

Veeam is happy to provide a free NFR license (1 year, 2 sockets) to all certified IT Pros. The license allows for the non-production use of Veeam Availability Suite v9.5 in your home lab, without any feature limitations. It works for both VMware and Hyper-V environments

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

So you have two Windows Servers and you have a directory/folder/files on one that you'd like to mirror to the other?  You don't really want to deal with DFS or a 3rd party solution like Doubletake. You can use Robocopy from the Windows Server 200…
by Batuhan Cetin Within the dynamic life of an IT administrator, we hold many information in our minds like user names, passwords, IDs, phone numbers, incomes, service tags, bills and the order from our wives to buy milk when coming back to home.…
In a question here at Experts Exchange (https://www.experts-exchange.com/questions/29062564/Adobe-acrobat-reader-DC.html), a member asked how to create a signature in Adobe Acrobat Reader DC (the free Reader product, not the paid, full Acrobat produ…
Screencast - Getting to Know the Pipeline

830 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question