Script to Move New User to the Identical OU of Existing User

Posted on 2011-05-02
Last Modified: 2012-06-21
We have several hundred devices that are setup to Auto-login using the same AD account. Because of a software requirement we now need each device to Auto-login with a unique account. We have created the new accounts and I am writing a batch file script to do the move. I have most of the steps I want to automate completed, but I'm having difficulty coming up with a way to move the new accounts to the respective OU of existing accounts.

I can run "dsquery user -samid %ExistingUser%" to get a distiguished name of the existing account but I can't just pipe that over to "dsmove %NewUserDN% -newparent %ExistingUser% since the CN in the existing user's distinguished name is still there.

I guess I'm looking for a way to take the CN= section off of the %ExistingUser% variable to just get the distinguished name of the OU it's in. Unless of course there is an easy way to do this with the ds commands that I'm just overlooking.

Thanks for any suggestions!

Question by:Cacophony777
    LVL 82

    Accepted Solution

    Try this:
    @echo off
    set ExistingUser=SomeUserID
    for /f "tokens=1* delims=," %%a in ('dsquery user -samid %ExistingUser%') do set ExistingUserOU="%%b
    echo ExistingUserOU: %ExistingUserOU%

    Open in new window

    LVL 1

    Author Closing Comment

    Perfect. I'm not sure I entirely get what that FOR statement is doing, but I do know that it works. Thanks, much!

    Featured Post

    Top 6 Sources for Identifying Threat Actor TTPs

    Understanding your enemy is essential. These six sources will help you identify the most popular threat actor tactics, techniques, and procedures (TTPs).

    Join & Write a Comment

    [b]Ok so now I will show you how to add a user name to the description at login. [/b] First connect to your DC (Domain Controller / Active Directory Server) SET PERMISSIONS FOR SCRIPT TO UPDATE COMPUTER DESCRIPTION TO USERNAME 1. Open Active …
    Find out how to use Active Directory data for email signature management in Microsoft Exchange and Office 365.
    This tutorial will walk an individual through the steps necessary to join and promote the first Windows Server 2012 domain controller into an Active Directory environment running on Windows Server 2008. Determine the location of the FSMO roles by lo…
    This tutorial will walk an individual through the process of configuring their Windows Server 2012 domain controller to synchronize its time with a trusted, external resource. Use Google, Bing, or other preferred search engine to locate trusted NTP …

    733 members asked questions and received personalized solutions in the past 7 days.

    Join the community of 500,000 technology professionals and ask your questions.

    Join & Ask a Question

    Need Help in Real-Time?

    Connect with top rated Experts

    21 Experts available now in Live!

    Get 1:1 Help Now