Move AD User using powershell

0
votes

I know I can move an AD user using powershell. What i want to accomplish is moving a bunch of users based on their description. I have a csv file and in that csv their is a year of graduation column. I want all users that have a YOG from 2016 to 2022 moved to the High School OU.

I haven't tried writing the code yet. I was successful in powershell of grabbing user accounts based on dept but not description. Here is a some same data

"ID","FNAME","LNAME","BDATE","GRD","SCHID"
"111111","TEst","student1","19980601","2016","1480"
"222222","test","Student2","19980522","2017","1480"
"333333","test","Student3","19970813","2025","1479"

I've gone ahead and added the schoolcode to the csv file. I think this will be a lot easier to move the students to the correct ou based on this file. 1480 being elem, 1479 hs. Also here is the code I'm using toe create the AD accounts.

# Import active directory module for running AD cmdlets
Import-Module activedirectory

#Store the data from ADUsers.csv in the $ADUsers variable
$ADUsers = Import-csv userimport.csv
#Store report in log file in the $log variable
$log = "log.txt"

#Loop through each row containing user details in the CSV file 
foreach ($User in $ADUsers)
{
#Read user data from each field in each row and assign the data to a  variable as below

$Username   = $User.ID
$Password   = $User.BDATE
$Firstname  = $User.FNAME
$Lastname   = $User.LNAME
$Department = $User.GRD
$Company    = $User.SCHID #This field refers to the OU the user account is to be moved to

#Check to see if the user already exists in AD
if (Get-ADUser -F {SamAccountName -eq $Username})
{
     #If user does exist, give a warning
     Write-Warning "A user account with username $Username already exist in Active Directory."
}
else
{
    #User does not exist then proceed to create the new user account

    "Processing started (on " + $date + "): " | Out-File $log -append
    "--------------------------------------------" | Out-File $log -append

    #Account will be created in the OU provided by the $OU variable read from the CSV file
    New-ADUser `
        -SamAccountName $Username `
        -UserPrincipalName "[email protected]" `
        -Name "$Firstname $Lastname" `
        -GivenName $Firstname `
        -Department "$Department" `
        -Company "$Company" `
        -EmailAddress "[email protected]" `
        -Surname $Lastname `
        -Enabled $True `
        -Scriptpath "login.vbs" `
        -DisplayName "$Firstname $Lastname" `
        -Path "ou=users,ou=hs,dc=clasd,dc=net" `
        -AccountPassword (convertto-securestring $Password -AsPlainText -Force) `
        -ChangePasswordAtLogon $true

 # Add User to Groups
 #Add-ADPrincipalGroupMembership -Identity $Username -MemberOf "Elem","Elem Students"
  Start-Sleep 3

 # Move Users to appropiate OU based on School Code

  $usr = import-csv userimport.csv

  foreach ($User in $usr) {
  if ($user.grd -in 2016){
        Get-ADUser $User.ID | Move-ADObject -TargetPath    'OU=users,ou=hs,dc=clasd,dc=net'
    }
  }
 }
}
1
powershellactive-directory
Hi, can you please provide some code you have tried to write and a sample csv file?sodawillow
I'm not worried about students with the same name. If they do have the same name I just look at their ID number which we use for their login account. All usernames are their id number. I just want to move the students as I create them into their correct OU.Justin Merwin
What format are the AD Usernames? How do they correspond to the data in your CSV? Is YOG already stored in an AD Attribute?henrycarteruk
YOG is stored in the Description of the AD user.Justin Merwin

1 Answers

0
votes

As their AD Username is unique and already contained in your CSV, it's simply a case of checking if the GRD field is in the range 2016-2022 and then moving the account using the ID field:

$filepath = "C:\path\to\data.csv"

$csv = Import-CSV $filepath
foreach ($user in $csv) {
    if ($user.GRD -in 2016..2022) {
        Get-ADUser $user.ID | Move-ADObject -TargetPath 'OU=High School,DC=domain,Dc=com'
    }
 }

EDIT: Didn't see your comment that YOG is the Description field, and I've used GRD instead, let me know if this isn't correct?

EDIT2: My answer above would be run after every account is created not during your existing script, it is more efficient to put the account in the correct OU at creation like so:

foreach ($User in $ADUsers)
{
    #Read user data from each field in each row and assign the data to a  variable as below

    $Username   = $User.ID
    $Password   = $User.BDATE
    $Firstname  = $User.FNAME
    $Lastname   = $User.LNAME
    $Department = $User.GRD
    $Company    = $User.SCHID #This field refers to the OU the user account is to be moved to

    # Choose OU
    Switch ($Department)
    {
        "2016" {$OU = 'OU=users,ou=hs,dc=clasd,dc=net'}
        "2017" {$OU = 'OU=2017,OU=users,ou=hs,dc=clasd,dc=net'}
    }

    #Check to see if the user already exists in AD
    if (Get-ADUser -F {SamAccountName -eq $Username})
    {
         #If user does exist, give a warning
         Write-Warning "A user account with username $Username already exist in Active Directory."
    }
    else
    {
        #User does not exist then proceed to create the new user account
        "Processing started (on " + $date + "): " | Out-File $log -append
        "--------------------------------------------" | Out-File $log -append

        #Account will be created in the OU provided by the $OU variable read from the CSV file
        New-ADUser `
            -SamAccountName $Username `
            -UserPrincipalName "[email protected]" `
            -Name "$Firstname $Lastname" `
            -GivenName $Firstname `
            -Department "$Department" `
            -Company "$Company" `
            -EmailAddress "[email protected]" `
            -Surname $Lastname `
            -Enabled $True `
            -Scriptpath "login.vbs" `
            -DisplayName "$Firstname $Lastname" `
            -Path $OU `
            -AccountPassword (convertto-securestring $Password -AsPlainText -Force) `
            -ChangePasswordAtLogon $true

        # Add User to Groups
        #Add-ADPrincipalGroupMembership -Identity $Username -MemberOf "Elem","Elem Students"
        Start-Sleep 3
    }
}