How Can I Move All the Users from One OU to Another OU?

How Can I Move All the Users from One OU to Another OU?

  • Comments 2
  • Likes
Hey, Scripting Guy! Question

Hey, Scripting Guy! How can I move all the users from one OU to another OU?

-- PD

SpacerHey, Scripting Guy! AnswerScript Center

Hey, PD. You know, when you work at Microsoft you quickly learn to hate to word “move.” After all, if it wasn’t for the fact that we own the buildings you would think we were trying to skip out on paying the rent; that’s how often we move from one place to another. On top of that, the moves we make often boggle the mind. For example, at one time Greg and Dean had offices right across the hall from one another; for some reason, the two were forced to exchange offices, leaving them, well, right across the hall from one another. Another time Greg was moved to a new office in a new building. Two months later was moved around the corner to a different office. Three months later he was moved back to his previous office!

In case you’re wondering, that’s why we don’t like the word move.

But seeing as how all you want to do is move users from one OU to another (no packing and box-hauling required), well, that we can handle. Here’s a script that moves all the users in the Accounting OU to the Finance OU:

Set objNewOU = GetObject("LDAP://ou=finance,dc=fabrikam,dc=com")
Set objOldOU = GetObject("LDAP://ou=accounting,dc=fabrikam,dc=com")

objOldOU.Filter = Array("User")

For Each objUser in objOldOU
    objNewOU.MoveHere objUser.ADsPath, vbNullString
Next

You’d think a chore like this would be more complicated, wouldn’t you? But really, this is all the code you need. We start off by creating a pair of object references. The first one (objNewOU) binds us to the OU where we want to move the accounts:

Set objNewOU = GetObject("LDAP://ou=finance,dc=fabrikam,dc=com")

The second object reference (objOldOU) binds us to the OU where the accounts are currently housed:

Set objOldOU = GetObject("LDAP://ou=accounting,dc=fabrikam,dc=com")

Got that? It’s pretty simple, but it’s easy to get them mixed up. And you don’t want to do that: otherwise you’ll end up moving everyone from Finance to Accounting, which is not what you had in mind.

As you know, when you bind to an OU in Active Directory you automatically get back a collection of all the objects found in that OU. In this case, though, we aren’t interested in all the objects; the only objects we care about are the user accounts. With that in mind, we apply this filter to limit the items in the collection to user accounts:

objOldOU.Filter = Array("User")

This ensures that the only objects we’ll be working with - and thus the only objects we’ll be moving - are user accounts. If that’s not a problem - that is, if you also want to move computer accounts, printers, and any other objects found in the Accounting OU - then just leave out the line of code that applies the filter.

Now all we have to do is loop through the collection of user accounts and move each one to the Finance OU. That’s what we do here:

For Each objUser in objOldOU
    objNewOU.MoveHere objUser.ADsPath, vbNullString
Next

Notice how we move the user account; we call the MoveHere method, passing two parameters:

objUser.ADsPath. This, as you probably guessed, represents the ADsPath of the account to be moved.

vbNullString. This VBScript constant simply tells the script to move the account without renaming it. If we specified a different name here the account would not only be moved but would be renamed as well.

That’s all there is to it.

So does this mean the Scripting Guys are better able to handle the concept of moving? Let’s put it this way: having been in our current offices for less than a year, there’s a 50-50 chance we’ll be moving again in January. The great circle of Microsoft life goes on. (Editor’s Note: This next move might not be a bad idea, because somehow in the last move the Scripting Editor ended up on a completely different floor of the building than the rest of the Scripting Guys. Although this editor suspects the other Scripting Guys - or at least Greg - may have had something to do with that….)

Your comment has been posted.   Close
Thank you, your comment requires moderation so it may take a while to appear.   Close
Leave a Comment
  • Thanks Scripting Guy. One more question, how best to target user objects by "last modified date"? I'm hoping to move any account object that was modified over 30 days from current date.

    Thanks in advance.

  • fun fun fun for roaming profiles on servers.  But take stand alone work stations enjoying a pure data server where the User Account resides locally on an internal HD.  I have an SSD (2 in RAID) and a huge 2TB data drive in the workstation.  The SSD is filling up quickly with User Data.  A simple script to move the User Accounts to the 2TB data drive would sure be HANDY!!!  gillb@flanaganllc.net might just like the heck out of that!