Solved

Scripting help, moving users to OU powershell

Posted on 2014-11-03
7
99 Views
Last Modified: 2015-04-15
Hey guys, i have a command. This command will be the foundation of a script, and here is where i need help.
The command is

Get-ADUser -filter {(title -like "Teacher A") -and (company -eq "School Site A")} | Move-ADObject -TargetPath 'DC=Domain, DC=Local'

I hvae to do this for about 50 teachers. I could copy and manually type this command over and over to account for each individual teacher, but is there an easier way to achieve that?
0
Comment
Question by:mrbayIt
  • 4
  • 3
7 Comments
 
LVL 40

Accepted Solution

by:
footech earned 500 total points
ID: 40421086
Modify your filter for the Get-ADUser command so that it returns what you want.  When you use the -like operator you can use the wildcard "*".  So it all depends on if you can create something that will match all your desired accounts (and no others), and that depends on any similarity between accounts for a specific attribute.  Perhaps the following would work.
Get-ADUser -filter {(title -like "Teacher *") -and (company -eq "School Site A")} | Move-ADObject -TargetPath 'DC=Domain, DC=Local'

Open in new window

0
 

Author Comment

by:mrbayIt
ID: 40421814
sounds like a good start, but how do i identify the teachers for the wildcard to work? (i am new to scripting)
0
 
LVL 40

Expert Comment

by:footech
ID: 40422067
That's kind of up to you.  You know how the * wildcard works, right?
Is the title for all teachers similar?
If you're familiar with the use of wildcards at a command prompt, it's pretty much the same concept.  When you're dealing with files, you're only matching against the name.  So you have a command like
dir *.log
dir read*.txt

When dealing with AD objects, you have a lot more possible properties to match against if you so desire.  If we just focus on using the "title" attribute that's fine.  I can't tell you what you have in the title attribute for each user though.  You have to find a word (or part of a word) that's common across all the accounts you want.
0
NFR key for Veeam Backup for Microsoft Office 365

Veeam is happy to provide a free NFR license (for 1 year, up to 10 users). This license allows for the non‑production use of Veeam Backup for Microsoft Office 365 in your home lab without any feature limitations.

 

Author Comment

by:mrbayIt
ID: 40422131
Thanks footech, im new to scripting so no i dont fully understand wildcards.

more specifically, there is no common title, the job title field will have each teachers name inside of it. Here is what i mean

Get-ADUser -filter {(title -like "TeacherNameC") -and (company -eq "School Site A")} | Move-ADObject -TargetPath 'OU=TeacherNameC,DC=Domain, DC=Local'
Get-ADUser -filter {(title -like "TeacherNAMEA") -and (company -eq "School Site A")} | Move-ADObject -TargetPath 'OU=TeacherNameA,DC=Domain, DC=Local'
Get-ADUser -filter {(title -like "TeacherNameB") -and (company -eq "School Site A")} | Move-ADObject -TargetPath 'OU=TeacherNameB,DC=Domain, DC=Local'

is there an easier way to do this, instead of having to write out each teachers individual name mapping it to there own OU
0
 
LVL 40

Expert Comment

by:footech
ID: 40422198
A * means to match zero or more characters, no matter what they are.

What's the point of the title if all it contains is the teacher's name?  There's little more I can suggest here.  You need to find an attribute that each teacher has in common.  If there isn't one, well...  Accounts can be grouped together for different purposes, often by placing them within the same OU, or by making them members of security groups, etc.  If you need to manage accounts according to certain criteria, then you need to design your AD around that criteria.

I don't think I would ever support the idea of each account having its own OU.  I can't think of any logical reason to do so.
0
 

Author Comment

by:mrbayIt
ID: 40422242
Just haven't gone into detail, long story short i used TeacherNameA just for example, this rule really is meant to correspond to students. Thousands of students.

Every Student has there teacher listed under "Job Title" in AD. The script will need to place them in the teachers OU. Ive tested it already, which is why i referenced the original command its just that i am trying to automate this in a more efficient manner rather than writing each teachers name over and over.

Does that make sense now?
0
 
LVL 40

Expert Comment

by:footech
ID: 40422359
That makes a lot more sense.
To do what you're asking requires a list of all the teacher names.  Hopefully the names in the title attribute match exactly the name of the OU.  This list of names can either be obtained from a text file, hard-coded into the script, or perhaps pulled from existing OU structure.  Here's an example of what might work.
$names = "teacher1","teacher2"
foreach ($name in $names)
{
    Get-ADUser -Filter {(Title -eq $name) -and (company -eq "School Site A")} | Move-ADObject -TargetPath "OU=$name,DC=Domain,DC=Local" -WhatIf
}

Open in new window

0

Featured Post

Active Directory Webinar

We all know we need to protect and secure our privileges, but where to start? Join Experts Exchange and ManageEngine on Tuesday, April 11, 2017 10:00 AM PDT to learn how to track and secure privileged users in Active Directory.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Background Information Recently I have fixed file server permission issues for one of my client. The client has 1800 users and one Windows Server 2008 R2 domain joined file server with 12 TB of data, 250+ shared folders and the folder structure i…
This article shows how to deploy dynamic backgrounds to computers depending on the aspect ratio of display
This tutorial will walk an individual through the process of transferring the five major, necessary Active Directory Roles, commonly referred to as the FSMO roles to another domain controller. Log onto the new domain controller with a user account t…
Microsoft Active Directory, the widely used IT infrastructure, is known for its high risk of credential theft. The best way to test your Active Directory’s vulnerabilities to pass-the-ticket, pass-the-hash, privilege escalation, and malware attacks …

821 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question