Change OU's and groups within AD using powershell and variables.

Good morning all,

So I have a new issue, Shocker with it being a Monday Morning and all. I've been told that I need to change site codes for a number of OU's and change the associated groups which reside either in that OU or somewhere else.


I need to change only the site part of the group, i'm kind of debating deleting and recreating the groups however in the (Likely) event that I'll need to do this again I'm trying to make it self contained.

$OUs = Read-Host "Please enter the OU and Associated groups you'd like to change"

$NewOU = Read-Host "Please enter the new name of the OU and groups"

Foreach ($OU in $OUs){
Get-ADOrganizationalUnit -filter "Name -like $ou" | Set-ADOrganizationalUnit -DisplayName $NewOU }

Get-ADGroup -filter "Name -like $ou"

Open in new window

This is where I've got to and it's pretty shocking, maybe because I broke myself on Friday night and I've still got a headache.

Any hints on how I can do this would be great. I'm still trying to learn the intricacies of PowerShell so please advise rather than giving the straight answer :D

I don't think this is a hash group thing either.

LVL 22
AlexProject Systems EngineerAsked:
Who is Participating?
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

Michael B. SmithManaging ConsultantCommented:
Every AD object has a unique name called the distinguishedName. For example, my user object's dn is:

CN=Michael B. Smith,OU=HQUsers,DC=smithcons,DC=local

That first part is the "name" or the "commonName" (same thing).

A displayName is completely unrelated and is just an attribute associated with that object. It could be, for example "John Q. Public". But that doesn't affect the dn of the object.

That's the background.

If you create a new OU, say OU=NewHQ, and you want to MOVE other AD objects to that new OU, then you use Move-ADObject (or similar ADSI/System.DirectoServices interfaces).

If you want to RENAME an object (whether a user, a group, an OU, or anything else), you use Rename-ADObject (or similar ADSI/System.DirectoryServices interfaces).

So I'm not precisely sure what you are trying to do. But this should get you on the path.

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
Michael B. SmithManaging ConsultantCommented:
I answered the question. I should get credit for it. Not a big deal, but still...
AlexProject Systems EngineerAuthor Commented:
Yeah ok.... :-p
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today

From novice to tech pro — start learning today.