{"id":67043,"date":"2006-06-23T09:06:00","date_gmt":"2006-06-23T09:06:00","guid":{"rendered":"https:\/\/blogs.technet.microsoft.com\/heyscriptingguy\/2006\/06\/23\/how-can-i-move-a-computer-from-an-unknown-ou-into-a-known-ou\/"},"modified":"2006-06-23T09:06:00","modified_gmt":"2006-06-23T09:06:00","slug":"how-can-i-move-a-computer-from-an-unknown-ou-into-a-known-ou","status":"publish","type":"post","link":"https:\/\/devblogs.microsoft.com\/scripting\/how-can-i-move-a-computer-from-an-unknown-ou-into-a-known-ou\/","title":{"rendered":"How Can I Move a Computer From an Unknown OU into a Known OU?"},"content":{"rendered":"

\"Hey, \n

Hey, Scripting Guy! How can I move a computer from an unknown OU into a known OU?

— DB<\/P>\"Spacer\"\"Hey,\"TechNet<\/A> \n

Hey, DB. You know, a lot of people take a look at system administration scripting and think, \u201cWell, it might be useful, but it sounds kind of boring.\u201d After all, clearing event logs and changing user passwords are worthwhile endeavors, but they don\u2019t compare too favorably to Halo 2<\/I> or Age of Mythology<\/I>.<\/P>\n

Ah, but the scenario you painted sounds far more interesting. You have renegade computers wandering through unknown OUs. Your mission: track down those computers and somehow bring them into a known OU. Now we\u2019re getting somewhere: even Starcraft 2<\/I> didn\u2019t have a level like that!<\/P>\n

Best of all, that would allow the Scripting Guys to ditch the name Script Center and re-christen the place the System Administration Cheat Codes Center<\/B>. And then instead of doling out boring old scripts we could hand out really cool cheat codes, codes that help you win the game. You know, cheat codes like this:<\/P>

On Error Resume Next<\/p>\n
Const ADS_SCOPE_SUBTREE = 2<\/p>\n
objOU = GetObject(“LDAP:\/\/ou=Finance,dc=fabrikam,dc=com”)<\/p>\n
Set objConnection = CreateObject(“ADODB.Connection”)\nSet objCommand =   CreateObject(“ADODB.Command”)\nobjConnection.Provider = “ADsDSOObject”\nobjConnection.Open “Active Directory Provider”\nSet objCommand.ActiveConnection = objConnection<\/p>\n
objCommand.Properties(“Page Size”) = 1000\nobjCommand.Properties(“Searchscope”) = ADS_SCOPE_SUBTREE <\/p>\n
objCommand.CommandText = _\n    “SELECT ADsPath FROM ‘LDAP:\/\/dc=fabrikam,dc=com’ WHERE objectCategory=’computer’ ” & _\n        “AND Name=’atl-ws-01′”\nSet objRecordSet = objCommand.Execute<\/p>\n
objRecordSet.MoveFirst<\/p>\n
Do Until objRecordSet.EOF\n    strADsPath = objRecordSet.Fields(“ADsPath”).Value\n    objOU.MoveHere strADsPath, vbNullString\n    objRecordSet.MoveNext\nLoop\n<\/PRE>\n
Much of this script – er, cheat code – deals with searching Active Directory. There\u2019s a good reason for that: that\u2019s the strategy we\u2019re using in order to track down these computers, computers that could be in any OU. As you mentioned in your email, you know the computer name, you just don\u2019t know the computer\u2019s location in Active Directory. No problem: we\u2019ll simply search for the computer with the specified name, retrieve the location (technically, the ADsPath<\/B>) and go on from there.<\/P>\n
Simple, right? But, then again, the best video games – like Centipede <\/I>or the greatest video game of all, Burger Time<\/I> – have always been simple.<\/P>\n
We start out by creating a constant named ADS_SCOPE_SUBTREE and setting the value to 2; we\u2019ll use that constant to tell the script that we want to search all of Active Directory, including all the OUs and sub-OUs. We then use this line of code to create an object reference to the Finance OU, the \u201cknown\u201d OU where we want to move the computer:<\/P>
objOU = GetObject(“LDAP:\/\/ou=Finance,dc=fabrikam,dc=com”)\n<\/PRE>\n
Got that? Next we have a big block of code that configures and carries out our search. As usual, explaining all the whys and wherefores of an Active Directory search goes beyond what we can do in this little column; for more information, see our two-part Tales from the Script<\/I> series Dude, Where\u2019s My Printer?<\/B><\/A> For now, we\u2019ll just make note of the query we use in the search:<\/P>
objCommand.CommandText = _\n    “SELECT ADsPath FROM ‘LDAP:\/\/dc=fabrikam,dc=com’ WHERE objectCategory=’computer’ ” & _\n        “AND Name=’atl-ws-01′”\n<\/PRE>\n
As you can see, all we\u2019re doing is retrieving the ADsPath for any computer (objectCategory = ‘computer’<\/B>) that has the Name<\/B> atl-ws-01. When we call the Execute<\/B> method the script will search Active Directory and return a collection consisting of all the computers that have the specified Name. (Because Names must be unique, we\u2019ll have – at most – one item in the collection.)<\/P>\n
Good question: why are<\/I> we retrieving the ADsPath attribute? Well, the ADsPath attribute is somewhat similar to a UNC path: it provides an exact \u201caddress\u201d we can use to locate the object in question. For example, atl-ws-01 might have an ADsPath similar to this:<\/P>
LDAP:\/\/cn=atl-ws-01,ou=Research,dc=fabrikam,dc=com\n<\/PRE>\n
Remember when we said that this computer was in an unknown location? Well, not anymore: now we know exactly where it is, and how to get to it.<\/P>\n
Of course, that just means that we\u2019ve conquered Level 1; to win the game we still have complete Level 2 and move the computer to the Finance OU. To do that we use this block of code:<\/P>
Do Until objRecordSet.EOF\n    strADsPath = objRecordSet.Fields(“ADsPath”).Value\n    objOU.MoveHere strADsPath, vbNullString\n    objRecordSet.MoveNext\nLoop\n<\/PRE>\n
What we\u2019re doing here is setting up a Do Until loop that runs until we reach the end of the recordset (objRecordSet.EOF<\/B>). Inside that loop we use this line of code to grab the ADsPath and store it in a variable named strADsPath:<\/P>
strADsPath = objRecordSet.Fields(“ADsPath”).Value\n<\/PRE>\n
And now we\u2019re ready to move the computer, a task which is as simple as this:<\/P>
objOU.MoveHere strADsPath, vbNullString\n<\/PRE>\n
As you can see, we use the object reference to the Finance OU (objOU) and call the MoveHere<\/B> method. MoveHere requires two parameters:<\/P>\n\n\n\n\n
\u2022<\/TD>\n\n
strADsPath, the variable containing the ADsPath (location) of the computer atl-ws-01.<\/P><\/TD><\/TR>\n
\u2022<\/TD>\n\n
vbNullString, a VBScript constant indicating a Null variable. By specifying a different CN you can use the second parameter of the MoveHere method to rename a computer as opposed to simply moving it. Because all we want to do is move the thing (retaining its old name) we simply pass a Null variable as the second parameter.<\/P><\/TD><\/TR><\/TBODY><\/TABLE>\n
That\u2019s basically all we have to do. We then call the MoveNext<\/B> method to move to the next record in the collection. Because there won\u2019t be<\/I> a next record that means that EOF is true, and so we exit the loop and the script.<\/P>\n\n<\/THEAD>\n\n\n
\n
Note<\/B>. By the way, don\u2019t leave out the MoveNext method. If you do the script will lock up in an endless loop: it will try to move the first computer in the collection and then, because it hasn\u2019t advanced to the next record, try to move the first computer in the collection a second time. And then a third time, and then \u2026.<\/P><\/TD><\/TR><\/TBODY><\/TABLE>\n
<\/DIV>\n
So there you have it, DB: a cool new game in which you hunt down lost computers and send them to a different OU. Sure, it doesn\u2019t sound all that<\/I> fun. But – nostalgia aside – it\u2019s still way better than Space Invaders<\/I>.<\/P><\/p>\n","protected":false},"excerpt":{"rendered":"
Hey, Scripting Guy! How can I move a computer from an unknown OU into a known OU?— DB Hey, DB. You know, a lot of people take a look at system administration scripting and think, \u201cWell, it might be useful, but it sounds kind of boring.\u201d After all, clearing event logs and changing user passwords […]<\/p>\n","protected":false},"author":595,"featured_media":87096,"comment_status":"open","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"_acf_changed":false,"footnotes":""},"categories":[1],"tags":[7,46,3,8,5],"class_list":["post-67043","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-scripting","tag-active-directory","tag-computer-accounts","tag-scripting-guy","tag-searching-active-directory","tag-vbscript"],"acf":[],"blog_post_summary":"
Hey, Scripting Guy! How can I move a computer from an unknown OU into a known OU?— DB Hey, DB. You know, a lot of people take a look at system administration scripting and think, \u201cWell, it might be useful, but it sounds kind of boring.\u201d After all, clearing event logs and changing user passwords […]<\/p>\n","_links":{"self":[{"href":"https:\/\/devblogs.microsoft.com\/scripting\/wp-json\/wp\/v2\/posts\/67043","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/devblogs.microsoft.com\/scripting\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/devblogs.microsoft.com\/scripting\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/devblogs.microsoft.com\/scripting\/wp-json\/wp\/v2\/users\/595"}],"replies":[{"embeddable":true,"href":"https:\/\/devblogs.microsoft.com\/scripting\/wp-json\/wp\/v2\/comments?post=67043"}],"version-history":[{"count":0,"href":"https:\/\/devblogs.microsoft.com\/scripting\/wp-json\/wp\/v2\/posts\/67043\/revisions"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/devblogs.microsoft.com\/scripting\/wp-json\/wp\/v2\/media\/87096"}],"wp:attachment":[{"href":"https:\/\/devblogs.microsoft.com\/scripting\/wp-json\/wp\/v2\/media?parent=67043"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/devblogs.microsoft.com\/scripting\/wp-json\/wp\/v2\/categories?post=67043"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/devblogs.microsoft.com\/scripting\/wp-json\/wp\/v2\/tags?post=67043"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}