powershell move adobject with rename

Ilya Bokov 165 Reputation points
2024-12-02T08:56:43.4066667+00:00

hi!

can somebody help.

i need to move disabled users to DisabledAccounts OU, but it stops - because already exists

$Users = Get-ADUser -Filter 'enabled -eq $false' -searchbase "OU=Company,DC=next,DC=local" -Properties LastLogonDate | where {$_.LastLogonDate -lt (Get-Date).AddDays(-90)}

$TargetOU = 'OU=DisabledAcounts,DC=next,DC=local' # Example

Foreach ($User in $Users)

{

Disable-ADAccount $User

Move-ADObject -Identity $User -TargetPath $TargetOU

}

how i can rename as FistName + SurName + date or _old

thank you

Windows 10
Windows 10
A Microsoft operating system that runs on personal computers and tablets.
11,902 questions
Windows Server
Windows Server
A family of Microsoft server operating systems that support enterprise-level management, data storage, applications, and communications.
13,467 questions
Windows 11
Windows 11
A Microsoft operating system designed for productivity, creativity, and ease of use.
10,267 questions
Windows Server PowerShell
Windows Server PowerShell
Windows Server: A family of Microsoft server operating systems that support enterprise-level management, data storage, applications, and communications.PowerShell: A family of Microsoft task automation and configuration management frameworks consisting of a command-line shell and associated scripting language.
5,584 questions
PowerShell
PowerShell
A family of Microsoft task automation and configuration management frameworks consisting of a command-line shell and associated scripting language.
2,704 questions
0 comments No comments
{count} votes

Accepted answer
  1. Marti Peig 610 Reputation points Microsoft Employee
    2024-12-02T10:32:26.04+00:00

    Hi Ilya,

    You can do something like this.

    #create a function that generates random letters
    function getRandomLetters {
        param (
            [Parameter(Mandatory)][int]$amount,
            [Parameter(Mandatory)][ValidateSet("Upper", "Lower", "Mixed")]$case
        )
        switch ($case) {
            Upper { -join ((65..90) | Get-Random -Count $amount | ForEach-Object { [char]$_ }) }
            Lower { -join ((97..122) | Get-Random -Count $amount | ForEach-Object { [char]$_ }) }
            Mixed { -join ((65..90) + (97..122) | Get-Random -Count $amount | ForEach-Object { [char]$_ }) }
        }
        
    }
        
    # Use it later to attach these letters to the conflicting value (like Common Name).
    $newName = -join ($user.CN, "_", (getRandomLetters -amount 3 -case Lower))
    Rename-ADObject -Identity $user.DistinguishedName -NewName $newName
        
    # Move the object using the ObjectGUID, because the DN would have changed with the rename.
    Move-ADObject -Identity $user.ObjectGUID -TargetPath $TargetOU
    

    I hope it helps.

    1 person found this answer helpful.

1 additional answer

Sort by: Most helpful
  1. Rich Matheisen 47,481 Reputation points
    2024-12-02T16:33:39.4366667+00:00

    As @Marti Peig points out, your problem is that you've chosen a naming scheme for your AD users (and other AD objects) that create non-unique CommonName (cn) values within the domain. A "cn" must only be unique within an OU or container. To prevent problems like this from arising in the future, you might want to change your naming standard.

    For example, if your employees are issued an employee number (or some other unique value) you might combine that with the initial letters of the first name, surname, and middle name, or some other unique value if you don't use employee numbers). It's probably not likely you'd reuse employee numbers, and in the event you do, the use of the persons' initials in the final value reduces the chance of generating a duplicate.

    Also, the objects sAMAccountName might be used instead of an employee number. That's guaranteed to be unique within a domain.

    Other naming schemes are also possible that would avoid the problem.

    0 comments No comments

Your answer

Answers can be marked as Accepted Answers by the question author, which helps users to know the answer solved the author's problem.