Move computers account to another OU from a txt list

Discussion in 'Scripting' started by Gustavo, Nov 26, 2007.

  1. Gustavo

    Gustavo Guest

    Hello Guys:

    I need your help, I need to move around 7200 computers accounts to another
    OU. I have the list of the 7200 computers, but I need to find a script to
    help me to do this easier, can you help me.

    thanks
     
    Gustavo, Nov 26, 2007
    #1
    1. Advertisements

  2. A VBScript program can move objects. The steps for would be:

    1. Bind to the new OU.
    2. For each computer determine the AdsPath.
    3. Use the MoveHere method of the OU object.

    If you have the Distinguished Name of a computer:
    ===========
    Set objOU = GetObject("LDAP://ou=East,dc=MyDomain,dc=com")

    ' Repeat for each computer.
    strComputerDN = "cn=MyComputer,ou=West,dc=MyDomain,dc=com"
    objOU.MoveHere "LDAP://" & strComputerDN, vbNullString
    ==========
    If you only know the NetBIOS name of the computer you can use the
    NameTranslate object to convert this to the Distinguished Name. See this
    link for details:

    http://www.rlmueller.net/NameTranslateFAQ.htm

    For example:
    ===========
    ' Constants for the NameTranslate object.

    Const ADS_NAME_INITTYPE_GC = 3
    Const ADS_NAME_TYPE_NT4 = 3
    Const ADS_NAME_TYPE_1779 = 1


    Set objOU = GetObject("LDAP://ou=East,dc=MyDomain,dc=com")

    ' Specify the NetBIOS name of the domain.

    strDomain = "MyDomain"


    ' Use the NameTranslate object to convert the NT names to the
    ' Distinguished Name.
    Set objTrans = CreateObject("NameTranslate")

    ' Initialize NameTranslate by locating the Global Catalog.
    objTrans.Init ADS_NAME_INITTYPE_GC, ""


    ' NetBIOS name of the computer.

    ' Repeat for each computer.

    strComputer = "MyComputer"


    ' Use the Set method to specify the NT format of the object name.
    objTrans.Set ADS_NAME_TYPE_NT4, strDomain & "\" & strComputer

    ' Use the Get method to retrieve the RPC 1779 Distinguished Name.
    strComputerDN = objTrans.Get(ADS_NAME_TYPE_1779)



    ' Move the object.

    objOU.MoveHere "LDAP://" & strComputerDN, vbNullString
    =========
    You could use the FileSystemObject to read names from a text file. Assuming
    you have a file with the NetBIOS names of the computers, one name per line,
    the code could be similar to:
    ==========
    Const ForReading = 1

    ' Constants for the NameTranslate object.

    Const ADS_NAME_INITTYPE_GC = 3
    Const ADS_NAME_TYPE_NT4 = 3
    Const ADS_NAME_TYPE_1779 = 1


    Set objOU = GetObject("LDAP://ou=East,dc=MyDomain,dc=com")

    ' Specify the NetBIOS name of the domain.

    strDomain = "MyDomain"



    ' Use the NameTranslate object to convert the NT names to the
    ' Distinguished Name.
    Set objTrans = CreateObject("NameTranslate")

    ' Initialize NameTranslate by locating the Global Catalog.
    objTrans.Init ADS_NAME_INITTYPE_GC, ""




    ' Specify text file of computer names.

    strFile = "c:\scripts\computers.txt"


    ' Open the file for read access.
    Set objFSO = CreateObject("Scripting.FileSystemObject")
    Set objFile = objFSO.OpenTextFile(strFile, ForReading)



    Do Until objFile.AtEndOfStream

    strComputer = Trim(objFile.ReadLine)

    ' Skip blank lines.,

    If (strComputer <> "") Then

    ' Use the Set method to specify the NT format

    ' of the object name.
    objTrans.Set ADS_NAME_TYPE_NT4, strDomain _

    & "\" & strComputer

    ' Use the Get method to retrieve the

    ' RPC 1779 Distinguished Name.
    strComputerDN = objTrans.Get(ADS_NAME_TYPE_1779)



    ' Move the object.

    objOU.MoveHere "LDAP://" & strComputerDN, vbNullString
    End If
    Loop

    ' Clean up.
    objFile.Close
    ==========
    I hope this helps.
     
    Richard Mueller [MVP], Nov 26, 2007
    #2
    1. Advertisements

  3. You haven't said what criteria you need to find the computers. here is an
    old script of mine that searches for computer accounts in the domain that
    haven't updated their password in 90 days and moves them to another OU.
    This should at least give you a jump on the syntax:



    On Error Resume Next

    Dim Root,Domain,wshNetwork
    Dim myDomain,DestOU,UsersCont

    'Specify path to OU for Disabled Accounts
    DestinationOUPath="OU=Computers,OU=DisabledAccounts"

    Set Root = GetObject("LDAP://RootDSE")
    DomainPath = Root.Get("DefaultNamingContext")
    Set Domain = GetObject("LDAP://" & DomainPath)
    Set wshNetwork=CreateObject("Wscript.Network")
    myDomain=wshNetwork.UserDomain

    'wscript.echo "My domain is " & myDomain & vbTab & DomainPath

    'verify Destination OU exists
    'wscript.echo "verifying " & "LDAP://"& myDomain & "/" & DestinationOUPath &
    "," & DomainPath
    Set DestOU=GetObject("LDAP://"& myDomain & "/" & DestinationOUPath & "," &
    DomainPath)
    if err.number<>0 Then
    wscript.echo "Can't verify " & DestinationOUPath
    wscript.quit
    End If

    'Check Default Computers container first
    Set PCContainer=GetObject("LDAP://" & myDomain & "/CN=computers," &
    DomainPath)

    FindComputers PCContainer.DistinguishedName

    'go through OUs
    EnumOU Domain.ADSPath

    wscript.quit

    '*********************************
    ' Enumerate OUs
    '*********************************

    Sub EnumOU(objPath)

    On Error Resume Next

    Set objPath = GetObject(objPath)

    objPath.Filter=Array("organizationalUnit")

    For Each item in objPath
    If item.DistinguishedName<>DestinationOUPath & "," & DomainPath Then
    wscript.echo item.Name & vbTab & item.DistinguishedName
    FindComputers(item.DistinguishedName)
    'Iterate through
    EnumOU item.ADSPath
    End If
    Next

    Set objPath=Nothing

    End Sub



    '*********************************
    ' Find Computers
    '*********************************
    Sub FindComputers(OUPath)
    On Error Resume Next
    numDays=90 'cutoff date for password age. Computers
    'that haven't changed a password in this
    'number of days are likely obsolete
    Set dom=GetObject("LDAP://" & Mydomain & "/" & OUPath)
    dom.Filter=Array("computer")

    'wscript.echo "Disabled computers in " & dom.ADSPath
    For Each pc In dom
    Set Account = GetObject("WinNT://" & myDomain & "/" & pc.sAMaccountname)
    RefreshTime = FormatNumber((Account.get("PasswordAge"))/86400,0)
    If CInt(RefreshTime) >= CInt(numDays) Then
    ' wscript.echo Account.Name & " (Password Age is " & RefreshTime & "
    days.)"
    MoveComputer pc.distinguishedName,dom.ADSpath
    End If
    Next

    wscript.echo Vbcrlf
    Set dom=Nothing

    End Sub


    '*********************************
    ' Move Computers to Destination OU
    '*********************************

    Sub MoveComputer(ComputerPath,OrigOU)
    On Error Resume Next

    'Update Description field to record original location of user account
    Set pc=GetObject("LDAP://" & myDomain & "/" & ComputerPath)
    pc.Put "Description",pc.Description & " moved from " & OrigOU & " on " & NOW
    pc.SetInfo
    wscript.echo "Moving " & pc.Name
    DestOU.MoveHere pc.ADSPath,pc.Name
    If err.number<>0 Then
    wscript.echo "There was an error moving " & pc.Name
    End If

    End Sub


    --
    Jeffery Hicks
    Microsoft PowerShell MVP
    http://www.scriptinganswers.com
    http://www.powershellcommunity.org

    Now Available: WSH and VBScript Core: TFM
    Coming Soon: Windows PowerShell: TFM 2nd Ed.
     
    Jeffery Hicks [MVP], Nov 26, 2007
    #3
  4. Gustavo

    Gustavo Guest

    Thanks for the answer guys, but I got some errors when I run the script, this
    is the code:
    Option Explicit

    Dim strNTName, strTargetOU
    Dim objRootDSE, strDNSDomain, objTrans, strNetBIOSDomain
    Dim strComputerDN, objComputer, objOU
    Dim strFile, objFSO, objFile

    ' Constants For the NameTranslate object.
    Const ADS_NAME_INITTYPE_GC = 3
    Const ADS_NAME_TYPE_NT4 = 3
    Const ADS_NAME_TYPE_1779 = 1

    ' Specify text file of computer names.
    strFile = "c:\temp\listcompu.txt"

    ' Bind to the FileSystemObject and open the file for reading.
    Set objFSO = CreateObject("Scripting.FileSystemObject")
    Set objFile = objFSO.OpenTextFile(strFile, 1)

    ' Specify the Distinguished Name of the target OU.
    strTargetOU = "OU=A Eliminar,OU=OU Computers,DC=labpolar01,DC=com"

    ' Bind to the target OU.
    Set objOU = GetObject("LDAP://" & strTargetOU)

    ' Determine DNS domain name from RootDSE object.
    Set objRootDSE = GetObject("LDAP://RootDSE")
    strDNSDomain = objRootDSE.Get("defaultNamingContext")

    ' Use the NameTranslate object to find the NetBIOS domain name from the
    ' DNS domain name.
    Set objTrans = CreateObject("NameTranslate")
    objTrans.Init ADS_NAME_INITTYPE_GC, ""
    objTrans.Set ADS_NAME_TYPE_1779, strDNSDomain
    strNetBIOSDomain = objTrans.Get(ADS_NAME_TYPE_NT4)
    ' Remove trailing backslash.
    strNetBIOSDomain = Left(strNetBIOSDomain, Len(strNetBIOSDomain) - 1)

    ' Read from text file And move each computer object.
    Do Until objFile.AtEndOfStream
    strNTName = Trim(objFile.ReadLine)
    ' Skip blank lines.
    If strNTName <> "" then

    ' Use the NameTranslate object to convert the NT computer name to the
    ' Distinguished Name required for the LDAP provider.
    objTrans.Set ADS_NAME_TYPE_NT4, strNetBIOSDomain & "" & strNTName & "$"
    strComputerDN = objTrans.Get(ADS_NAME_TYPE_1779)

    ' Bind to the computer object in Active Directory With the LDAP provider.
    Set objComputer = GetObject("LDAP://" & strComputerDN)

    ' Move the computer to the target OU.
    objOU.MoveHere objComputer.AdsPath, vbNullString
    End If
    Loop
    ******************* and the error is this:
    C:\Temp\movercomputers.vbs(47, 6) (null): Name translation: Could not find
    the n
    ame or insufficient right to see name.
    ******************************
    the line 47,6 is:
    objTrans.Set ADS_NAME_TYPE_NT4, strNetBIOSDomain & "" & strNTName & "$"

    Can you help me please...
     
    Gustavo, Nov 26, 2007
    #4
  5. First, I see you corrected my error where I failed to add the trailing "$"
    to the end of the NetBIOS names of the computers. Sorry about that. The
    error you report is raised when the object cannot be found. In this case you
    neglected to include the backslash between the NetBIOS name of the domain
    and the name of the computer. The statement should be:

    objTrans.Set ADS_NAME_TYPE_NT4, strNetBIOSDomain & "\" & strNTName & "$"

    Or, you could skip the statement that strips the trailing backslash from the
    NetBIOS name of the domain retrieved previously.

    The NameTranslate object accepts names in NT format, which is similar to:

    MyDomain\ObjectName

    where "MyDomain" is the NetBIOS name of the domain and "ObjectName" is the
    "pre-Windows 2000 logon name" of the object (the value of the sAMAccountName
    attribute). For computer objects, the sAMAccountName is the NetBIOS name of
    the machine with a trailing "$" appended. The backslash is required for NT
    format names.

    --
    Richard Mueller
    Microsoft MVP Scripting and ADSI
    Hilltop Lab - http://www.rlmueller.net
    --

     
    Richard Mueller [MVP], Nov 26, 2007
    #5
  6. Gustavo

    Gustavo Guest

    Thanks for the tips Richard, the script worked great!!.
    My friend, I need another favor:
    I need a script, that list from OU or txt file, that contains machine
    accounts than have 180 days o more without logon.

     
    Gustavo, Nov 27, 2007
    #6
  7. You have a few options. One is to use Joe Richards' free oldcmp tool. See
    this link:

    http://www.joeware.net/freetools/tools/oldcmp/index.htm

    Or, I have a sample VBScript program that retrieves the last logon date for
    all users in the domain linked here:

    http://www.rlmueller.net/Last Logon.htm

    There are two programs on the page I linked, depending on your domain level.
    In both cases you can modify the script to report on computer instead of
    user objects by changing the ADO filter in the loop. To restrict the output
    to the objects in one OU, change the base of the query. This is done in the
    first program (LastLogon.vbs) by replacing the following:

    For k = 0 To Ubound(arrstrDCs)
    strBase = "<LDAP://" & arrstrDCs(k) & "/" & strDNSDomain & ">"
    strFilter = "(&(objectCategory=person)(objectClass=user))"

    with something similar to:

    For k = 0 To Ubound(arrstrDCs)
    ' Change the base of the query to a specific OU.
    strBase = "<LDAP://" & arrstrDCs(k) & "/ou=Sales,ou=West," &
    strDNSDomain & ">"
    ' Report on computer objects.
    strFilter = "(objectCategory=computer)"

    The code is complex because the lastLogon attribute is not replicated. The
    script must query every DC in the domain, even if you are only interested in
    the objects in one OU (you have no idea which DC will authenticate the
    computer account).

    In the second program linked above (LastLogonTimeStamp.vbs) replace these
    lines:

    ' Search entire domain.
    strBase = "<LDAP://" & strDNSDomain & ">"

    ' Filter on all user objects.
    strFilter = "(&(objectCategory=person)(objectClass=user))"

    with code similar to:

    ' Search OU.
    strBase = "<LDAP://ou=Sales,ou=West," & strDNSDomain & ">"

    ' Filter on all user objects.
    strFilter = "(objectCategory=computer)"

    Another option is to search for computers that have not changed their
    password recently. If your domain is not at Windows 2003 functional level
    this makes sense because the pwdLastSet attribute (unlike the lastLogon
    attribute) is replicated (so there is no need to query every DC in the
    domain). I have an example VBScript program to retrieve the date the
    password was last changed for all users linked here:

    http://www.rlmueller.net/PwdLastChanged.htm

    Again this program can be modified for computers instead of users, and also
    to restrict the output to one OU. The changes are similar. Change these
    lines:

    ' Filter to retrieve all user objects.
    strFilter = "(&(objectCategory=person)(objectClass=user))"

    ' Filter to retrieve all computer objects.
    ' strFilter = "(objectCategory=computer)"

    strQuery = "<LDAP://" & strDNSDomain & ">;" & strFilter _
    & ";distinguishedName,pwdLastSet,userAccountControl;subtree"

    To something similar to:

    ' Filter to retrieve all computer objects.
    strFilter = "(objectCategory=computer)"

    strQuery = "<LDAP://ou=Sales,ou=West," & strDNSDomain & ">;" & strFilter _
    & ";distinguishedName,pwdLastSet,userAccountControl;subtree"

    In all cases, the base of the search is defined by the first "clause" of the
    ADO query statement, where clauses are delimited by semicolons. You must
    specify the full Distinguished Name of the OU as the base of the search. It
    must resolve to something similar to:

    <LDAP://ou=Sales,ou=West,dc=MyDomain,dc=com>"

    where the Distinguished Name of the OU is
    "ou=Sales,ou=West,dc=MyDomain,dc=com". Also, in all cases run the VBScript
    program at a command prompt using the cscript host and redirect the output
    to a text file. For example:

    cscript //nologo LastLogon.vbs > report.txt

    The text file can be read into a spreadsheet program for analysis.
     
    Richard Mueller [MVP], Nov 27, 2007
    #7
  8. Gustavo

    Venkatesh VR Guest

    Hi Richard,

    I am looking for some VB Script to move the bulk users accounts listed in the text file. ie from One OU to Another OU in the same domain. Please guide us.

    Regards,
    Venkatesh Setty
     
    Venkatesh VR, Dec 13, 2008
    #8
  9. Gustavo

    Wiseman82 Guest

    Hi,

    You can do this quite easily with my Bulk AD Users application:

    http://www.wisesoft.co.uk/articles/bulk_ad_users_beta_testing.aspx

    Just click to get users from list.
    Load the text file. (The application expects a single username per line.)
    The user accounts should now appear in the grid.
    Click the Move Users button and select the new OU. After clicking OK, the
    user accounts will be moved.

    Bulk AD Users is currently under beta testing. The instructions above also
    apply to the older version called Bulk Password Control:

    http://www.wisesoft.co.uk/Products/PasswordControl/BulkPasswordControl/

    Hope this helps,

    David
    http://www.wisesoft.co.uk
    (My personal website and a free resource for IT Professionals)


    in message
    news:...
     
    Wiseman82, Dec 13, 2008
    #9
    1. Advertisements

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments (here). After that, you can post your question and our members will help you out.