asked on

DSQuery and DSMove command - can't move what I pull from query - Old Computer accounts

I an using DSQuery command to pull up computer accounts that have a stale password over 30 days old. I'd like to move those computer accounts to a new OU with IN AD but am running into problems.

My dsquery strings reads as follows:

dsquery computer cn=computers,dc=mydomain,dc=com -stalepwd 30 -limit 0

WHat I need to know is what comes after the 0 in my string to move thoss PCs that came up from the query to an OU called "disabled computers".

Thanks.

ASKER CERTIFIED SOLUTION

oBdA

membership

This solution is only available to members.

To access this solution, you must be a member of Experts Exchange.

Start Free Trial

un_nica

ASKER

I tried the -inactive 4 switch and received the following error:

din,dc=com -inactive 4 | dsmove -newparent "ou=Disabled Computers,dc=mydomain,dc=com"
dsquery failed:The parameter is incorrect.:Windows could not run this query because you are connected to a domain that does not support this query.
type dsquery /? for help.dsmove failed:`Target object for this command' is missing.
type dsmove /? for help.

I tried the -stalepwd 30 -limit 0 switch and received the following error:

dsmove failed:`CN=CARSONADMIN,CN=Computers,DC=mydomein,DC=com' is an unknown par
ameter.

oBdA

There was some issue one of the ds tools that prevented the "import" of more than one line through stdin (can't test it at the moment), which might be the problem.
Try
for /f "delims=" %a in ('dsquery computer cn=computers,dc=mydomain,dc=com -stalepwd 30 -limit 0') do ECHO dsmove %a -newparent "ou=Disabled Computers,dc=mydomain,dc=com"
This will not actually change anything yet; check if this returns a correct list of dsmove command, and if so, simply remove the capitalized "ECHO" in front of the dsmove command to run it for real.
To run this as a batch script, replace all occurrences of %a in the command above with %%a.