Powershell-禁用用户并将其移动到新的OU

Question

brand new member here..

I'm trying to create a powershell script that can create a new OU with the current date (dd-MM-yyyy), disable users from a text file and then move them to the newly created OU.

So far I have gotten everything but the move to work. I've read that it might be because the text file contains the users sAMAccountName , which doesn't work with Move-ADObject ?

Just for the record I'm pretty new to scripting in general, and I know the last line is completely off. Everything has been composed of stuff I have found online.

Code:

$OU = "$((get-date).toString('dd-MM-yyyy'))"
$PathOU = "OU=DEPARTURES,OU=IT,OU=USERS,OU=DK,DC=xxx"

New-ADOrganizationalUnit $OU -ProtectedFromAccidentalDeletion $false -Path $PathOU

$CN = get-content "\\Server\User Administration\User Deletion\UsersToBeDisabled.txt"
$CN |Foreach {
Get-ADUser $_ | Disable-ADAccount
Move-ADObject -Identity $_ -TargetPath $OU
}

Error:

Move-ADObject : Cannot find an object with identity: 'firstname.lastname' under: 'DC=xxx'. ActiveDirectoryCmdlet:Microsoft.ActiveDirectory.Management.ADIdentityNotFoundException,Microsoft.ActiveDirectory.Management.Commands.MoveADObject**

I hope you have some ideas on how to get this to work, thanks!

BR. Mik

Answer 1

You could use the -PassThru switch with Disable-ADAccount to hand your user object along the pipline to Move-ADObject

Get-ADUser $_ | Disable-ADAccount -PassThru | Move-ADObject -TargetPath "OU=$OU,$PathOU"

Alternative this should work as well:

$user = Get-ADUser $_ 
$user | Disable-ADAccount 
$user | Move-ADObject -TargetPath "OU=$OU,$PathOU"

Answer 2

Couple mistakes here;

1- you're trying to use the entire AD object for the -identity flag: instead of $_ try using $_.samaccountname.

2- you're trying to move-adobject to $ou which is merely a string. I'm assuming your new-adOrganizationalUnit command works; so add a line after that to say "$newOU = Get-ADorganizationalunit" -path [whatever]

Sorry I don't have time to type out & test :(