Celebrate National IT Professionals Day with 3 months of free Premium Membership. Use Code ITDAY17

x
?
Solved

Move Groups - Powershell

Posted on 2015-02-11
5
Medium Priority
?
77 Views
Last Modified: 2015-03-27
Hi Guys,

We have groups with a -m in the name and a -r in the name. e.g:

DL-FSR-SMD-GNO-HR-M
DL-FSR-SMD-GNO-HR-R

All the R groups with a corresponding M, I want to move these to an OU called deprovsion, so far I have written this script, please help me complete it:

Get-QADGroup -SizeLimit 0 -SearchRoot "OU=Departmental Share Security,OU=Resource Groups,OU=Groups,DC=yu,DC=DS,DC=rt,DC=ac,DC=uk" | ?{$_.Name -match "-M$"} | % {
$S = $_
$D = $S.Name -replace "-M$","-R"
Try{

 if ( Get-QADGroup $D )
      {

       #move to OU OU=Deprovision,OU=Departmental Share Security,OU=Resource Groups,OU=Groups,DC=yu,DC=DS,DC=rt,DC=ac,DC=uk
            
      }


Catch{
   $D

 }

thank you in advance
0
Comment
Question by:Kay
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
5 Comments
 
LVL 53

Expert Comment

by:Will Szymkowski
ID: 40603725
I have found it much easier to move groups using the ADUC GUI, rather then scripting this procedure.

Not helpful in regards to your script but might be more effective.

Will.
0
 

Author Comment

by:Kay
ID: 40607580
what is ADUC GUI, where do i find it?
0
 
LVL 44

Expert Comment

by:Amit
ID: 40628086
ADUC means Active Directory Users and Computers snap-in. You can login to one of the DC. Goto Start>Run>dsa.msc

This will open ADUC for you. Now right click on the domain name>click find>type group name>click find>right click the group name>select Move>Browse to destination US Path>Click Ok.

Let me know, if you still have any doubt or query.
0
 
LVL 71

Accepted Solution

by:
Chris Dent earned 2000 total points
ID: 40628213
ADUC GUI is the AD Users and Computers management console. It's  a bit of a pointless comment really.

Move-QADObject is the CmdLet you want if you've managed to identify the groups you're most interested in.

I'd probably do:
Get-QADGroup -Name "*-M" -SizeLimit 0 -SearchRoot "OU=Departmental Share Security,OU=Resource Groups,OU=Groups,DC=yu,DC=DS,DC=rt,DC=ac,DC=uk" -SearchScope OneLevel |
  Where-Object { Get-QADGroup -Name ($_.Name -replace "-M$","-R") } |
  ForEach-Object {
    $_ | Move-QADObject -NewParentContainer "OU=Deprovision,OU=Departmental Share Security,OU=Resource Groups,OU=Groups,DC=yu,DC=DS,DC=rt,DC=ac,DC=uk" -WhatIf
  }

Open in new window

Your original Where-Object filter is wrapped back into Get-QADGroup. The check for a matching -R group is performed in the Where-Object filter, it won't error if it fails to find one.

The search is limited to only the "Departmental Share Security" OU, using OneLevel means it won't find anything in a sub-OU (and therefore try and move things twice).

Finally, all matching groups are moved using Move-QADObject.

WhatIf is included in the Move command to allow you to test it, the code won't do anything other than chat about changes as it stands.

HTH

Chris
0

Featured Post

On Demand Webinar: Networking for the Cloud Era

Did you know SD-WANs can improve network connectivity? Check out this webinar to learn how an SD-WAN simplified, one-click tool can help you migrate and manage data in the cloud.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

This process allows computer passwords to be managed and secured without using LAPS. This is an improvement on an existing process, enhanced to store password encrypted, instead of clear-text files within SQL
Microsoft Office 365 is a subscriptions based service which includes services like Exchange Online and Skype for business Online. These services integrate with Microsoft's online version of Active Directory called Azure Active Directory.
This tutorial will walk an individual through the process of configuring their Windows Server 2012 domain controller to synchronize its time with a trusted, external resource. Use Google, Bing, or other preferred search engine to locate trusted NTP …
Sometimes it takes a new vantage point, apart from our everyday security practices, to truly see our Active Directory (AD) vulnerabilities. We get used to implementing the same techniques and checking the same areas for a breach. This pattern can re…
Suggested Courses

730 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question