By default, when you join a new Computer or server to the Active Directory domain (through the properties of the computer), it creates the computer object in the Computers root container. If you use a complex Active Directory Organizational Unit (OU) structure in your domain with various Group Policies, delegated container and policies permissions to other users, you need to transfer computers from the default Computers container to other OU.
You can move the computer object from the Computers container to another OU using the Active Directory Users & Computers graphical snap-in (dsa.msc).
- Expand the domain root and select the Computers container;
- Find the computer name you want to move, right-click on it and select Move;
- Select the OU to which you want to move this computer. For example, we want to move it to USA > Florida > Computers and click Ok.
Hint. You can move the computer between the OU with a simple drag & drop operations in ADUC, take the computer object with the mouse and drag it to the desired OU.
You can also move computers between OUs using the PowerShell cmdlet Move-ADObject (it is a part of AD PowerShell module). Using this cmdlet, you can move an object or several objects (user, computer, security group) to another OU.
The –Identity parameter specifies the name of the object to be moved. You can specify the SID of the object, or the full LDAP path, but not the SamAccountName.
For example, to move the computer NY-PC-B32-23from Florida OU to the container California > Computers, run the command:
Move-ADObject –Identity “CN=ny-pc-b32-23,OU=Computers,OU=Florida,OU=USA,DC=theitbros,DC=com” -TargetPath "OU=Computers,OU=California,OU=USA,DC=theitbros,DC=com"
If you specify instead of distinguishedName computer name (ldap) its name (SamAccountName), an error will appear: Move-ADObject : Cannot find an object with identity
In order not to specify the full LDAP path to source object when moving the computer, you can use the Get-ADComputer cmdlet. This cmdlet allows you to find a computer object in the AD domain by its hostname.
Get-ADComputer “ny-pc-b32-23” |Move-ADObject -TargetPath "OU=Computers,OU= Florida,OU=USA,DC=theitbros,DC=com" -Verbose
As you can see, the command syntax has become much simpler.
If you need to move several computers from the Computers container to other OUs, you can use the following PowerShell script to move bulk computer objects. In the grid table that opens, select the computers that you want to move, select destination OU and click OK. The selected computers will be moved to a new location.
$ADComps= Get-ADComputer -Filter * -SearchBase "Cn=computers,DC=test,dc=com"| Select-Object -Property Name |sort -Property name | Out-GridView -PassThru –title “Select Computers to Move”| Select -ExpandProperty Name
$ADOUs= Get-ADOrganizationalUnit -Filter * | Select-Object -Property DistinguishedName | Out-GridView -PassThru –title “Select Target OU”| Select-Object -ExpandProperty DistinguishedName
Foreach($ou in $ADOUs){
Foreach($comp in $ADComps){
get-adcomputer $comp |Move-ADObject -TargetPath "$ou" -Verbose }
}
The post PowerShell: Move Computer to OU appeared first on TheITBros.
