Note: See this post for a new version of this script: https://deployhappiness.com/move-computers-to-ous-automatically-based-on-name-redux/
Does your default computers container look worse than the bedroom of a teenage boy? Dirty clothes everywhere, computers not in the correct OU, illicit contraband, machines not in any security groups – you get the picture! Today, I want you to change that – I want you to use this script and never worry about misplaced computers again. How are we going to do this? Easy – we are going to let PowerShell search AD and start moving computers to an OU automatically based on a name.
Interested? Well, read on to find out how you can do this!
If you don’t already have the Quest AD cmdlet tools installed, you will need to download them first. Open up a PowerShell ISE Console, and paste in this script:
Add-PSSnapin Quest.ActiveRoles.ADManagement $UnassignedComputers = Get-QADComputer -SearchRoot "OU=Unassigned,DC=YOURDOMAIN,DC=local" foreach ($UnassignedComputer in $UnassignedComputers){ $Prefix = $UnassignedComputer.NAME $Prefix = $Prefix.substring(0,$prefix.Length-2) $OU = Get-QADComputer -Identity $Prefix | where {$_.ParentContainer -ne "YOURDOMAIN.LOCAL/Unassigned"} | Select-Object ParentContainer $OU = $OU.ParentContainer | Select-Object -Unique Move-QADObject -Identity $UnassignedComputer -NewParentContainer $OU -WhatIf | Out-Null Write-host "Moving $UnassignedComputer from"$UnassignedComputer.ParentContainer"to $OU" }
This script makes a couple of assumptions. First, it assumes that your default computer container has been changed from “Containers” to a custom OU. Whether you implement this script or not, you will definitely want to change the default new computer account location.
Why should you do this? Because of security and ease of management! Containers cannot have a GPO linked to them. If you ever want to apply a specific policy to unassigned computers (computers not in a specific OU), you would have to link the GPO to a higher object. The only layer higher than the default computers container is the domain.
So let’s say you wanted to make a specific user an administrator to all computers in the default computers container. Without changing the location to a dedicated OU, you would have to apply this policy to your entire domain! Instructions for changing the default location can be found here. The whole process will take less than 2 minutes. After you have create your OU, you will need to change line 3 ($UnassignedComputers = Get-QADComputer -SearchRoot “OU=Unassigned,DC=YOURDOMAIN,DC=local”)
The second assumption is found on line 7 ($Prefix = $Prefix.substring(0,$prefix.Length-2)). This script will look at a computer in your unassigned OU (ex: ga1100n02). It then removes the last two characters and searches Active Directory for ga1100n. If it finds any computers named ga1100n*, it will move the original computer (ga1100n02) to the OU of the found computer. If I named a computer ga1100n02, I would have a computer named ga1100n01.
As a final note, this script has a -whatif switch on the Move-QADObject command. This will let you see the results before any computers are actually moved. Now, no more internet until you clean up your bedroom, umm, computers OU!
Hi Tomas ,
Her my requirement is as below
we have set of server which installed with IIS , which need to move to a separate OU with help of Server name
i.e : if the server server installed with IIS then the server name will USTXPRDIIS001 . so where ever the last 3 digit will be thec ount of the server and before letter ” IIS ” meant for the IIS Installed servers
Can you please let know how i can segregate through Powers hell script
Error i am getting
ove-QADObject : Cannot convert ‘System.Object[]’ to the type ‘Quest.ActiveRoles.ArsPowerShellSnapIn.Data.IdentityParameter’ required by parameter ‘NewParentContainer’. Specified method is
not supported.
At line:12 char:66
+ … DObject -Identity $UnassignedComputer -NewParentContainer $OU -WhatIf …
+ ~~~
+ CategoryInfo : InvalidArgument: (:) [Move-QADObject], ParameterBindingException
+ FullyQualifiedErrorId : CannotConvertArgument,Quest.ActiveRoles.ArsPowerShellSnapIn.Commands.MoveObjectCmdlet
What are you putting for the $OU variable?
On another note, pretty cool to see another person in Georgia reading this blog. 🙂
It is the problem I am not sure what i need to put for the variable.
This is the full out put after running the script.
PS C:\Users\xxxxxxx> C:\Users\xxxxxxxx\Desktop\PSscripts\move computers.ps1
Move-QADObject : Cannot convert ‘System.Object[]’ to the type ‘Quest.ActiveRoles.ArsPowerShellSnapIn.Data.IdentityParameter’ required by parameter ‘NewParentContainer’. Specified method is
not supported.
At C:\Users\xxxxxxxx\Desktop\PSscripts\move computers.ps1:12 char:66
+ … DObject -Identity $UnassignedComputer -NewParentContainer $OU -WhatIf …
+ ~~~
+ CategoryInfo : InvalidArgument: (:) [Move-QADObject], ParameterBindingException
+ FullyQualifiedErrorId : CannotConvertArgument,Quest.ActiveRoles.ArsPowerShellSnapIn.Commands.MoveObjectCmdlet
Moving xxxxxxxx\ALT-CT3W22-LN$ from xxxxxxx.k12.ga.us/xxxxx/_xxxxx_Computers to xxxxxxx.k12.ga.us/xxxxx/Schools – Special/Alternative School/Computers/ALT-Student Computers/ALT-CART3 xxxxxx
xx.k12.ga.us/Computers xxxxxxxx.k12.ga.us/xxxxx/_xxxxx_Computers
Move-QADObject : Cannot convert ‘System.Object[]’ to the type ‘Quest.ActiveRoles.ArsPowerShellSnapIn.Data.IdentityParameter’ required by parameter ‘NewParentContainer’. Specified method is
not supported.
At C:\Users\xxxxxxx\Desktop\PSscripts\move computers.ps1:12 char:66
+ … DObject -Identity $UnassignedComputer -NewParentContainer $OU -WhatIf …
+ ~~~
+ CategoryInfo : InvalidArgument: (:) [Move-QADObject], ParameterBindingException
+ FullyQualifiedErrorId : CannotConvertArgument,Quest.ActiveRoles.ArsPowerShellSnapIn.Commands.MoveObjectCmdlet
Moving xxxxxxxx\xxx-R402W02-DP$ from xxxxxxxx.k12.ga.us/xxxxx/_xxxxx_Computers to xxxxxxxx.k12.ga.us/xxxxx/Schools – Elementary/xxxxx Hills/xxxComputers/xxx-Student Computers xxxxxxxx.k12.ga.
us/xxxxx/Schools – Elementary/xxxxxxxxx Road/xxxComputers/xxx-Staff Computers xxxxxxxx.k12.ga.us/xxxxx/Schools – Elementary/xxxxxxxx Road/xxxComputers/xxx-Student Computers xxxxxxxx.k12.ga.us/
xxxxx/_xxxxx_Computers
PS C:\Users\xxxxxxx> Write-Output $OU
xxxxxxxx.k12.ga.us/xxxxx/Schools – Elementary/xxxxx Hills/xxxComputers/xxx-Student Computers
xxxxxxxx.k12.ga.us/xxxxx/Schools – Elementary/xxxxxxxxx Road/xxxComputers/xxx-Staff Computers
xxxxxxxx.k12.ga.us/xxxxx/Schools – Elementary/xxxxxxx Road/xxxComputers/xxx-Student Computers
xxxxxxxx.k12.ga.us/xxxxx/_xxxxxx_Computers
This is my modified script
Add-PSSnapin Quest.ActiveRoles.ADManagement
$UnassignedComputers = Get-QADComputer -SearchRoot “OU=_xxxxx_Computers,OU=xxxxx,DC=xxxxxxxx,DC=k12,DC=ga,DC=us”
foreach ($UnassignedComputer in $UnassignedComputers){
$Prefix = $UnassignedComputer.NAME
$Prefix = $Prefix.substring(0,$prefix.Length-5)
$OU = Get-QADComputer -Identity $Prefix | where {$_.ParentContainer -ne “xxxxxxxx.k12.ga.us/UnassignedComputers”} | Select-Object ParentContainer
$OU = $OU.ParentContainer | Select-Object -Unique
Move-QADObject -Identity $UnassignedComputer -NewParentContainer $OU -WhatIf | Out-Null
Write-host “Moving $UnassignedComputer from”$UnassignedComputer.ParentContainer”to $OU”
}
Please help me!
I not speak englihs
My domain is Taller.net
MY OU default is Computers,
My computer name is VESVC-CCSXXXXXX & COLVC-CCSXXXXXX
I need move all VESVC…… to taller\Pais\Venezuela\_Computer and COLVC…….. taller\Pais\Colombia\_Computer
This is my code:
Add-PSSnapin Quest.ActiveRoles.ADManagement
$Busqueda1 = Get-QADComputer -SearchRoot “OU=_NewsComputers,OU=Paises,DC=Taller,DC=net”
foreach ($NombreCorto in $Busqueda1){
$Prefix = $NombreCorto.NAME
$Prefix = $Prefix.substring(0,$prefix.Length-10)
IF ($Prefix -eq “VESVC”)
{
Move-QADObject -Identity $NombreCorto -NewParentContainer “Taller.net/Paises/Venezuela/_Computers”
}
IF ($Prefix -eq “COLVC”)
{
Move-QADObject -Identity $NombreCorto -NewParentContainer “Taller.net/Paises/Colombia/_Computers”
}
}
How use the sentence:
$OU = Get-QADComputer -Identity $Prefix | where {$_.ParentContainer -ne “YOURDOMAIN.LOCAL/Unassigned”} | Select-Object ParentContainer
$OU = $OU.ParentContainer | Select-Object -Unique
Not Work for me.
Thanks!
What error are you getting when running this?
hi,
this script moves only existing computer objects in AD?
What i’m looking for is to movenew computers to OU’s based on the first 6 characters of the computername.
For example Computer with name: AA-BBB-xxx go to OU named: Room1 and computers AA-CCC-xxx go to OU Room2 (for example).
I’m using MDT 2013
It does only move existing computer accounts. Once MDT joins the computer to the domain, this script can be used to move the computer to the correct OU.
After running this script i am getting below error and computers are not moving to other OU.
[move-Qadobject : cannot validate argument on parameter ‘newparentcontainer’.
the argument is null or empty.supply an argument that is not null or empty and
then try the command again at line:12 char:65
+ move-Qadobject – identity $unassignedcomputer -newparentcontainer <<<< $OU
-whatif | out-null
+categoryinfo : invaliddata: (:) [move-Qadobject],
+ Fullyqualifiederrorid
:parameterargumentvalidationError,quest,Activeroles.arspowershellsnapin.comman
ds.moveobjectcmdlet]
Your $OU value isn’t being set. Run the script once and then type write-output $OU in the command pane. Do you see anything listed? If so, double check that the OU path is a valid OU path.
After typing write-output $OU can’t see anything.
please let me know how this $OU parameter find the -newparentou
It looks at the starting characters of the OU. If the OU is named Test and your computer name starts with test, it will move the computer into the OU.
can we move computers to other OU by hostname name & not by OU Name for eg:- my host name start with some number (4042.mum1) now I want all hostname start with 4042 to Mumbai OU.
You will have to create a if/else statement list. The script wouldn’t be dynamic then as you would have to maintain that list. Could you add that number value to the beginning of your OU name?
Hi man,
Questions if I wanted to move the computer based on the first four characters as opposed to subtracting the last two?
but the name start with M4P1 and the other computer start with M4P2
You can I me
Thanks!
Change $Prefix = $Prefix.substring(0,$prefix.Length-2) to $Prefix = $Prefix.substring(0,3)
Is there a way to find the IP address of the Computers in AD and move the Computer objects to respective OU based on current IP address.
Sure – use this script:
#Add the Active Directory PowerShell module
Import-Module ActiveDirectory
##############################
# Set the Location IP ranges #
##############################
$IPRange01 = “\b(?:(?:10)\.)” + “\b(?:(?:94)\.)” + “\b(?:(?:[0-3])\.)” + “\b(?:(?:25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?))” # Test1 10.94.0.0 /22
$IPRange02 = “\b(?:(?:192)\.)” + “\b(?:(?:168)\.)” + “\b(?:(?:7)\.)” + “\b(?:(?:25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?))” # Test2 192.168.7.0 /24
########################
# Set the Location OUs #
########################
# OU Locations
$DestOU01 = “OU=Test1,DC=Test,DC=local”
$DestOU02 = “OU=Test2,DC=Test,DC=local”
$computers = Get-ADComputer -SearchBase “OU=_New-Computers,DC=Test,DC=local” -Filter * -Properties IPv4Address | Sort-Object name
###############
# The process #
###############
foreach($computer in $computers){
Clear-Variable OU -ErrorAction SilentlyContinue
$DistinguishedNme = $computer.DistinguishedName.Tostring()
$IP = $computer.IPv4Address
if($IP -match $IPRange01 -and ($computer.enabled -eq $true)){
Move-ADobject -Identity $DistinguishedNme -TargetPath $DestOU01
$OU = $DestOU01
}
ElseIf ($IP -match $IPRange02 -and ($computer.enabled -eq $true)) {
Move-ADobject -Identity $DistinguishedNme -TargetPath $DestOU02
$OU = $DestOU02
}
if ($OU -ne $Null){
Write-Host “$DistinguishedNme moved to $OU”
}
}
This is cool! What if I wanted to move the computer based on the first five characters as opposed to subtracting the last two? Thanks!
Change the $Prefix.Substring line to $Prefix = $Prefix.substring(0,5)
Thanks! I’ll give it a shot.
Hi!
This looks good but i need simpler form of this. I just want to move all computers from default OU to workstation OU. I need to run this script every night via task scheduler. Can you simplfy it.
Thanks
You could do something like:
Add-PSSnapin Quest.ActiveRoles.ADManagement
$DefaultOU= SPECIFY OU HERE
$NEWOU= workstation OU here
Move-QADObject -SearchRoot $DefaultOU -NewParentContainer $NEWOU