Powershell: Move objects from OU to target OU

Simple way to move computers from one OU to a target OU using –LDAPFilter which allows you to modify it. Current form is objectClass meaning it’ll move anything that is designated an objectclass from OU to target OU, you can change this to be (name=PC*) with * being a wildcard moving any object starting with PC from OU to target OU.

<#
.SYNOPSIS  

Sets Moves AD object based on -LDAPFilter from OU to target OU.

.DESCRIPTION  Script will search through Active Directory OU and move all objects matching -LDAPfilter to target OU.

.PARAMETER $OU    Enter full name of OU you wish to limit search to

.NOTES  
Version:        1.0  
Author:         ulbjo  
Creation Date:  07/06/17  
Purpose/Change: Initial script development  
.EXAMPLE (name=PC*) will filter search and move only PC starting with PC* to target OU.

#>
$computerstomove = Get-ADComputer -LDAPFilter "(objectClass=*)" -SearchBase "CN=Computers,DC=Customer,DC=ulvbjornsson,DC=com"foreach ($computertomove in $computerstomove) { Move-ADObject $computertomove -TargetPath "OU=Computers,OU=Production,DC=Customer,DC=ulvbjornsson,DC=com"
}

#(name=PC*)

 

As always hit me up, I got a lot of articles in the pipeline so stay tuned.

You can find me here, or interact with me over twitter @UlvBjornsson

Allow Domain User To Update Department Field in Active Directory

In this article we’ll go through the steps to allow a domain user that is a member of a security group, to update the Department field in Active Directory

So open up Active Directory Users and Computers and create a Security Group that we will delegate control to, for this example we have created a group called “RL_Update_AD_Users_Department_Field”

pep

Now we have to also choose the container that this group can edit Users in to for this example we have a “Users”-container in our “domain“.

RoyalTS_2017-05-08_13-58-06

This opens up the Delegation of Control Wizard. Hit Next.

2017-05-08_14-11-21

Read More »

Allow Domain User To Update Manager Field in Active Directory

In this article we’ll go through the steps to allow a domain user that is a member of a security group, to update the manager field in Active Directory.

So open up Active Directory Users and Computers and create a Security Group that we will delegate control to, for this example we have created a group called “RL_Update_AD_Users_Manager_Field”

 

Now we have to also choose the container that this group can edit Users in to for this example we have a “Users”-container in our “domain“.

RoyalTS_2017-05-08_13-58-06.png

This opens up the Delegation of Control Wizard. Hit Next.

2017-05-08_12-30-50

Read More »

Allow Domain User To Add Computer to Domain

In this guide we’ll go through the steps to allow a domain user, to add a computer to the domain. This can be nice in scenarios where some of the preparation for a PC is done by office staff, or if there are branch offices that need to re-join after resetting a PC and so-on.

An authenticated user, has by default the right to join up to 10 computers to the domain. After exceeding this limit the user will recieve an error message.

To get around this we can delegate the right to Create Computer Objects in Active Directory. This ensures that there is no restriction on number of computer objects that the user with this delegation right can add to the domain.

The best way of achieving this is by delegating control to a “Security Group” that we create in “Active Directory”

Delegating rights to User/Group with Active Directory Users and Computers

Read More »