How Can I Find and Move an Active Directory Computer Account?

How Can I Find and Move an Active Directory Computer Account?

  • Comments 6
  • Likes
Hey, Scripting Guy! Question

Hey, Scripting Guy! I need to move a computer account from one OU to another; however, I don’t know which OU the computer account is currently in. Any advice?

-- AA

SpacerHey, Scripting Guy! AnswerScript Center

Hey, AA. You know, one thing that marks all the great advice columns - Dear Abby; Ann Landers; Hey, Scripting Guy! - is the fact that, over time, these columns tend to give the same advice over and over. No matter how many times someone writes to Dear Abby complaining about problems with a neighbor, you know she’s never going to suggest that you burn down the guy’s house. The same is true with Ann Landers, and the same is true with Hey, Scripting Guy!

Well, OK: the same is true with Ann Landers.

The point is, we often give the same advice in response to a reader’s question, and today is no exception. So here goes: this is really a two-part problem, so let’s analyze the two parts separately. Oh, and this: one of the parts involves searching Active Directory. Yes, we know: how many times have you heard that? But it seems to be what works.

As you probably figured out, if one of the parts involves searching Active Directory, the other part must involve moving a computer account from one OU to another. Because this is so easy, let’s go ahead and address it first. Here’s a sample script that moves the computer atl-ws-01 from the Finance OU to the Research OU:

Set objOU = GetObject("LDAP://OU=Research,DC=fabrikam,DC=com")
intReturn = objOU.MoveHere _
    ("LDAP://CN=atl-ws-01,OU=Finance,DC=fabrikam,DC=com", vbNullString)

That’s right: just two lines of code. We bind to the new OU (the one we want to move the computer to). After binding to the OU, we call the MoveHere method, passing it two parameters: the ADsPath of the computer we want to move; and vbNullString, a VBScript constant equal to Null. Passing a Null as the second parameter tells the MoveHere method that we want the object to keep its current CN (atl-ws-01). Had we passed a different CN, not only would the computer have been moved, but it would have been renamed as well.

By the way, you don’t actually have to include the Null parameter; if there’s no second parameter MoveHere will assume the second parameter is Null. We show it here just so you know that MoveHere accepts two parameters.

Special bonus script: Suppose you do want to rename an Active Directory account. Well, then bind to the OU where the account currently lives, call the MoveHere method, and give the account a different CN. For example, this script renames the computer atl-ws-01, giving it the new name finance-ws-01:

Set objOU = GetObject("LDAP://OU=Finance,DC=fabrikam,DC=com")
intReturn = objOU.MoveHere _
    ("LDAP://CN=atl-ws-01,OU=Finance,DC=fabrikam,DC=com", “cn=finance-ws-01”)

You’re right: we should charge extra for these bonus scripts, shouldn’t we?

Now that we know how to move a computer account all we have to do is figure out how to find that computer account. Here’s where we’ll use our Active Directory search script. This script searches Active Directory for the computer named atl-ws-01:

On Error Resume Next

Const ADS_SCOPE_SUBTREE = 2

Set objConnection = CreateObject("ADODB.Connection")
Set objCommand =   CreateObject("ADODB.Command")
objConnection.Provider = "ADsDSOObject"
objConnection.Open "Active Directory Provider"
Set objCommand.ActiveConnection = objConnection

objCommand.Properties("Page Size") = 1000
objCommand.Properties("Searchscope") = ADS_SCOPE_SUBTREE 

objCommand.CommandText = _
    "SELECT ADsPath FROM 'LDAP://dc=fabrikam,dc=com' WHERE objectCategory='computer' " & _
        "AND name='atl-ws-01'"
Set objRecordSet = objCommand.Execute

objRecordSet.MoveFirst
Do Until objRecordSet.EOF
    Wscript.Echo objRecordSet.Fields("ADsPath").Value
    objRecordSet.MoveNext
Loop

The preceding script merely echoes the ADsPath of the computer. That’s nice, but as long as we have the AdsPath we can go ahead and move the computer account to a different OU. (Remember, unless we’re renaming the computer, AdsPath is the only parameter we need to pass to the MoveHere method.) So here’s a revised script that tracks down the computer atl-ws-01 and then moves it from the Finance OU to the Research OU:

On Error Resume Next

Const ADS_SCOPE_SUBTREE = 2

Set objConnection = CreateObject("ADODB.Connection")
Set objCommand =   CreateObject("ADODB.Command")
objConnection.Provider = "ADsDSOObject"
objConnection.Open "Active Directory Provider"
Set objCommand.ActiveConnection = objConnection

objCommand.Properties("Page Size") = 1000
objCommand.Properties("Searchscope") = ADS_SCOPE_SUBTREE 

objCommand.CommandText = _
    "SELECT ADsPath FROM 'LDAP://dc=fabrikam,dc=com' WHERE objectCategory='computer' " & _
        "AND name='atl-ws-01'"
Set objRecordSet = objCommand.Execute

objRecordSet.MoveFirst
Do Until objRecordSet.EOF
    strADsPath = objRecordSet.Fields("ADsPath").Value
    Set objOU = GetObject("LDAP://OU=Research,DC=fabrikam,DC=com")
    intReturn = objOU.MoveHere(strADsPath, vbNullString)
    objRecordSet.MoveNext
Loop

Just that easy, just that quick.

Incidentally, we know we didn’t explain how the Active Directory searching part works; for more information about using scripts to search Active Directory, check out this Scripting Guys webcast.

Tomorrow: Burning down the neighbor’s house.

No, wait, don’t burn down anyone’s house: we’re just kidding about that. Maybe we’ll just stick to scripting advice from now on ….

Your comment has been posted.   Close
Thank you, your comment requires moderation so it may take a while to appear.   Close
Leave a Comment
  • I make batch files and i can do some KIX scripts but VBS is new grounds for me. How can i make this script more flexable? I tried to come up with a string that would just pull the computer's name that im on but i cannot seem to figure out how to put the variable into the AND name ='name' area.

    Also, i will have multiple locations on where to put the computer. If then move here kind of thing.

    This has been a great help, thanks!

  • Is it possible to call a .csv file that has all the computer names that need to be disabled?

  • In my experience objOU.MoveHere returned an object not an int so it threw a syntax error the example should read. Could be because I am using a much more recent version of vbscript

    Set objOU = GetObject("LDAP://OU=Research,DC=fabrikam,DC=com")

    Set objReturn = objOU.MoveHere _

       ("LDAP://CN=atl-ws-01,OU=Finance,DC=fabrikam,DC=com", vbNullString)

  • Hi... thanks for the information... i need to know the event id when a machine is moved...i need to know how moves that machine..

    thanks

  • Trying to use this to move user accounts instead of computer accounts.  It finds the accounts but never moves them.

    Any ideas why?

    Dave

  • thanks