Lazy Question

OK Im too lazy to do this on the test bench - and its not an urgent one

I do migrations quite often and the software I use plonks all the users in the users container, and adds them to approriate groups.
Now I know you can redirect new users to specific OU's using redir for users and/or computers, but If Im migrating multiple groups at once I need them to go to different OU's.

So I need to use either DSGET, DSMOD and or DSMOVE to do the following

Search the users container and move all members of the groupA group to the GroupA OU

Whats the syntax?
LVL 58
Pete LongTechnical ConsultantAsked:
Who is Participating?
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

Rant32Commented:
dsget group "CN=GroupA,OU=Groups,OU=MyOrg,DC=MyDomain,DC=ads" -members | dsmove -newparent "OU=UsersA,OU=Useraccounts,DC=MyDomain,DC=ads"

How 'bout looping:

for %f in (Marketing Sales Finance bla) do `dsadd ou "OU=%f,OU=Useraccounts,DC=MyDomain,DC=ads & dsget group "CN=%f,OU=Groups,OU=MyOrg,DC=MyDomain,DC=ads" -members | dsmove -newparent "OU=%f,OU=Useraccounts,DC=MyDomain,DC=ads"`

Everything on one big illegible line of course! ;-)
0
Pete LongTechnical ConsultantAuthor Commented:
Mmm Im guessing in the "Looped" example that Marketing, Sales, Finance, and bla are four different groups?
0
Rant32Commented:
Yessir.

The loop creates the necessary OU's within ads/MyDomain/Useraccounts and moves the users from the respective group to their OU.

Got carried away there.
0
Cloud Class® Course: MCSA MCSE Windows Server 2012

This course teaches how to install and configure Windows Server 2012 R2.  It is the first step on your path to becoming a Microsoft Certified Solutions Expert (MCSE).

Pete LongTechnical ConsultantAuthor Commented:
OK - bear with me I tried to transpose on top of that and failed like a buffoon :)

Domain is called xyzcorp.co.uk
the uses cn has 8000 users in it who are in groups yr01, yr02 etc to yr06 (no user is a member of more than one yr group)
The OU's they are moving into will be top level OU's (directly below the domain) and will also be called yr01 to yr06
The OU's will allready be created

How to do that in one fell swoop?
0
Rant32Commented:
In that case you only need to leave out the 'dsadd' command.

May I assume that knowledge of the Distinguished Name syntax comes preloaded when you have more than 3,000,000 expert points? ;-)

Assumptions:
- The groups (yr01 thru yr06) are also in the Users container
- The Destination OUs reside in the root of the domain
- The Destination OUs are named the same as the groups. Renaming 6 OUs doesn't kill you.

Looks like this (all on one line):

for %f in (yr01 yr02 yr03 yr04 yr05 yr06) do dsget group "CN=%f,CN=Users,DC=xyzcorp,DC=co,DC=uk" -members | dsmove -newparent "OU=%f,DC=xyzcorp,DC=co,DC=uk"

PeteLong should be able to copy/paste this without modification and hide under the desk while 8000 objects are moved.

Ok, let's break that down for whomever's interested:

for %f in (yr01 yr02 yr03 yr04 yr05 yr06) do "X"
* Command "X" is run 6 times, and the variable %f is expanded to yr01 first run, yr02 second run, etc.

dsget group "CN=%f,CN=Users,DC=xyzcorp,DC=co,DC=uk" -members
This lists all members of the given group in Distinguished Name format. On the first run, "CN=%f,CN=Users, ...." is expanded to "CN=yr01,CN=Users, ...." so this command lists the group members of the yr01 group in the Users container.

Using the "|" symbol sends the output of the DSGET command as input to DSMOVE.

dsmove <object DN> -newparent "OU=%f,DC=xyzcorp,DC=co,DC=uk"
DSMOVE accepts parameters in DN format <object DN> and will move them to the given parent OU. In this case, the <object DN> is omitted and OUTPUT from the above DSGET command is used as INPUT to DSMOVE.

Hope that helps!
0
Pete LongTechnical ConsultantAuthor Commented:
>>May I assume that knowledge of the Distinguished Name syntax comes preloaded when you have more than 3,000,000 expert points? ;-)

LOL - indeed

>>Assumptions

yes yes and yes

OK well Ive tried it on my VM - Which has 1000 test users numbered UserNo1 to UserNo999
I created four groups yr01 to yr 04
Split the users up into the those groups
the domain is called ranger.loc

Ran this command

dsget group "CN=yr01,CN=Users,DC=ranger,DC=loc" -members | dsmove -newparent "OU=yr01,DC=ranger,DC=loc"

got this output

C:\Documents and Settings\Administrator>dsget group "CN=yr01,CN=Users,DC=ranger,
DC=loc" -members   | dsmove -newparent "OU=yr01,DC=ranger,DC=loc"
dsmove failed:`CN=UserNo249,CN=Users,DC=ranger,DC=loc' is an unknown parameter.
type dsmove /? for help.
C:\Documents and Settings\Administrator>dsget group "CN=yr02,CN=Users,DC=ranger,
DC=loc" -members   | dsmove -newparent "OU=yr02,DC=ranger,DC=loc"
dsmove failed:`CN=UserNo498,CN=Users,DC=ranger,DC=loc' is an unknown parameter.
type dsmove /? for help.
C:\Documents and Settings\Administrator>dsget group "CN=yr03,CN=Users,DC=ranger,
DC=loc" -members   | dsmove -newparent "OU=yr03,DC=ranger,DC=loc"
dsmove failed:`CN=UserNo748,CN=Users,DC=ranger,DC=loc' is an unknown parameter.
type dsmove /? for help.
C:\Documents and Settings\Administrator>dsget group "CN=yr04,CN=Users,DC=ranger,
DC=loc" -members   | dsmove -newparent "OU=yr04,DC=ranger,DC=loc"
dsmove failed:`CN=UserNo998,CN=Users,DC=ranger,DC=loc' is an unknown parameter.
type dsmove /? for help.
C:\Documents and Settings\Administrator>


So I thought Id just do one group on its own

dsget group "CN=yr01,CN=Users,DC=ranger,DC=loc" -members | dsmove -newparent "OU=yr01,DC=ranger,DC=loc"

and got the following


C:\Documents and Settings\Administrator>dsget group "CN=yr01,DC=ranger,DC=loc" -
members | dsmove -newparent "OU=Yr01,DC=ranger,DC=loc"cms
dsget failed:Directory object not found.
type dsget /? for help.dsmove failed:`Target object for this command' is missing
.




0
Pete LongTechnical ConsultantAuthor Commented:
balls hang on............
0
Pete LongTechnical ConsultantAuthor Commented:
first command was

for %f in (yr01 yr02 yr03 yr04) do dsget group "CN=%f,CN=Users,DC=ranger,DC=loc" -members | dsmove -newparent "OU=%f,DC=ranger,DC=loc"


second command was

dsget group "CN=yr01,CN=Users,DC=ranger,DC=loc" -members | dsmove -newparent "OU=yr01,DC=ranger,DC=loc"
0
Rant32Commented:
It's possible that the DSGET output is too large to handle through pipes, and it fails after the 298th DN.

If that's the case, there's another way around this, no worry.

My DC is now creating 2000 user accounts, hang on...
0
Pete LongTechnical ConsultantAuthor Commented:
dsget group "CN=yr01,CN=Users,DC=ranger,DC=loc" -members

lists the members  though?
0
Pete LongTechnical ConsultantAuthor Commented:
quick  way to get 2000 users

Set objRootDSE = GetObject("LDAP://rootDSE")
Set objContainer = GetObject("LDAP://cn=Users," & _
                            objRootDSE.Get("defaultNamingContext"))

For i = 1 To 2000
   Set objLeaf = objContainer.Create("User", "cn=UserNo" & i)
   objLeaf.Put "sAMAccountName", "UserNo" & i
   objLeaf.SetInfo
Next
WScript.Echo "2000 Users created."
0
Pete LongTechnical ConsultantAuthor Commented:
Nope its not the amount of users even a test group with three users in it does the same

C:\Documents and Settings\Administrator>dsget group "CN=test,CN=Users,DC=ranger,DC=loc" -members
"CN=UserNo100,CN=Users,DC=ranger,DC=loc"
"CN=UserNo10,CN=Users,DC=ranger,DC=loc"
"CN=UserNo1,CN=Users,DC=ranger,DC=loc"


C:\Documents and Settings\Administrator>dsget group "CN=test,CN=Users,DC=ranger,DC=loc" -members |  dsmove -newparent "OU=yr01,DC=ranger,DC=loc"
dsmove failed:`CN=UserNo10,CN=Users,DC=ranger,DC=loc' is an unknown parameter.
type dsmove /? for help.
C:\Documents and Settings\Administrator>
0
Rant32Commented:
for /L %f in (1,1,2000) do dsadd "CN=User%f,CN=Users,DC=Mydomain,DC=ads" -memberof "CN=yr01,CN=Users,DC=Mydomain,DC=ads" -pwd password

:))
0
Pete LongTechnical ConsultantAuthor Commented:
LOL touche :)
0
Pete LongTechnical ConsultantAuthor Commented:
any idea why it wont work? I manually created some users and that didnt work either?
0
Rant32Commented:
I'm sure it's the DSMOVE command that doesn't accept more than 1 parameter. If there is only one member of the group, then the command works.

How odd.

Well, two-step solution then:

1) dsget group "CN=yr01,CN=Users,DC=xyzcorp,DC=co,DC=uk" -members > yr01.lst

2) for /F "delims=" %f in (yr01.lst) do dsmove %f -newparent "OU=yr01,DC=xyzcorp,DC=co,DC=uk"

This creates a text file with all objects to be moved. Loop through each line of the file and move the object to the new OU.
0

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
Pete LongTechnical ConsultantAuthor Commented:
Ahaa Shopping trolley mungus!! That works a treat - that will get put in my list of handy things :)

Thanks for that
0
Rant32Commented:
Hey... Just received an e-mail...

"Good answer! Lazy question"

LOL. Thanks m8.
0
Pete LongTechnical ConsultantAuthor Commented:
np have a good 1 m8y
0
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Windows Server 2003

From novice to tech pro — start learning today.

Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.