How to Find and Move the Account from Active Directory
How to find and move the account from Active Directory?
Hello Skrypciarze! I need to move the account from one OU (Organizational Unit to an organizational unit) to another, unfortunately I do not know where the OU account are currently located. Some idea?
Part Of The AA. Great rubric tips-for example, Zbigniew Lew-Starowicz, Friend-between us, Hey Skrypciarzu! -there is, always respond the same way. No matter how often people complain in between us on the wrednego neighbor is in response, never appears in the Council that shall him dom. the same is with Zbigniew Lion-Starowiczem and part of Skrypciarze!.
No good, with Zbigniew is the same.
In fact, that often the questions of readers we give the same answer. Also this time. And therefore: this problem really consists of two parts. Let's move them separately. Oh, one more: one part relates to search Active Directory. Yes, we know: for ye are already hundreds of times. But as you can see this method works.
As already probably figure out if one part relates to search Active Directory, the second must be for transferring an account from one OU to another. This is very simple, so goes the first fire. Here's a sample script that moves the computer account of the atl-ws-01 from the Finance OU to the Research OU:
Set objOU = GetObject("LDAP://OU=Research,DC=fabrikam,DC=com")
intReturn = objOU.MoveHere _
("LDAP://CN=atl-ws-01,OU=Finance,DC=fabrikam,DC=com", vbNullString)
Agree: only two lines of code. First, we combine the new OU (that to which we want to move the computer account). Then the wywołujemy method of the MoveHere (move here), and pass it two parameters: the ADsPath of the computer that you want to move, and the vbNullString constant is equal to the VBScript is Null, that is, zero. Passing Null as the second parameter MoveHere method we inform you, that the object has retained its current CN (Common Name is the common name), atl-ws-01. If we gave a different CN, the computer not only would be moved, but the change would be his name.
On the occasion, really a parameter of Null is not absolutely necessary; If the script does not określicie another parameter MoveHere considers that the second parameter is Null. We've described it here only unto myself; know that MoveHere accepts two parameters.
Special bonus script: suppose that, however, would like to change the name of the account from Active Directory. Well, in that case we combine with the OU in which the current account, the wywołujemy method of the MoveHere and make a new CN. This script renames the computer atl-ws-01 on finance-ws-01:
Set objOU = GetObject("LDAP://OU=Finance,DC=fabrikam,DC=com")intReturn = objOU.MoveHere _ ("LDAP://CN=atl-ws-01,OU=Finance,DC=fabrikam,DC=com", "cn=finance-ws-01")
We should probably charge a fee for these bonus scripts, don't you think?
Now once we know how to move the account remains for us only the question of how to find this account. In that place, we will use a script to search Active Directory. This sample script checks whether Active Directory is the account a computer named atl-ws-01:
On Error Resume Next
Const ADS_SCOPE_SUBTREE = 2
Set objConnection = CreateObject("ADODB.Connection")
Set objCommand = CreateObject("ADODB.Command")
objConnection.Provider = "ADsDSOObject"
objConnection.Open "Active Directory Provider"
Set objCommand.ActiveConnection = objConnection
objCommand.Properties("Page Size") = 1000
objCommand.Properties("Searchscope") = ADS_SCOPE_SUBTREE
objCommand.CommandText = _
"SELECT ADsPath FROM 'LDAP://dc=fabrikam,dc=com' WHERE objectCategory='computer' " & _
"AND name='atl-ws-01'"
Set objRecordSet = objCommand.Execute
objRecordSet.MoveFirst
Do Until objRecordSet.EOF
Wscript.Echo objRecordSet.Fields("ADsPath").Value
objRecordSet.MoveNext
Loop
This script simply invokes the echo the ADsPath of the computer. And since we already have the ADsPath we can do the next step and move the computer account to another OU. (Remember that if you do not change the computer name, ADsPath is the only parameter that we need to pass MoveHere to). Below you have the final script that searches the computer atl-ws-01 and then moves it to the OU to the Research OU: Finance
On Error Resume Next Const ADS_SCOPE_SUBTREE = 2 Set objConnection = CreateObject("ADODB.Connection")Set objCommand = CreateObject("ADODB.Command")objConnection.Provider = "ADsDSOObject"objConnection.Open "Active Directory Provider"Set objCommand.ActiveConnection = objConnection objCommand.Properties("Page Size") = 1000objCommand.Properties("Searchscope") = ADS_SCOPE_SUBTREE objCommand.CommandText = _ "SELECT ADsPath FROM 'LDAP://dc=fabrikam,dc=com' WHERE objectCategory='computer' " & _ "AND name='atl-ws-01'"Set objRecordSet = objCommand.Execute objRecordSet.MoveFirstDo Until objRecordSet.EOF strADsPath = objRecordSet.Fields("ADsPath").Value Set objOU = GetObject("LDAP://OU=Research,DC=fabrikam,DC=com") intReturn = objOU.MoveHere(strADsPath, vbNullString) objRecordSet.MoveNextLoop