Friday, September 23, 2011

Moving AD User to another OU using different credentials

In order to move Active Directory User to another OU you will need a service account with priviledges to move AD objects. Below is VBScript that worked for me:


Const ADS_SECURE_AUTHENTICATION = 1
sADDomain = "mydomain"
sADUser = "serviceuser"
sADPassword = "mypassword"

sDestOU = "LDAP://OU=My Group,DC=mydomain,DC=net"
Set objRootDSE = GetObject("LDAP:")
Set objSysInfo = CreateObject("ADSystemInfo")
Set objDestOU = objRootDSE.OpenDSObject(sDestOU, sADDomain & "\" & sADUser, sADPassword, ADS_SECURE_AUTHENTICATION)

Set objUser = objRootDSE.OpenDSObject("LDAP://" & objSysInfo.UserName, sADDomain & "\" & sADUser, sADPassword, ADS_SECURE_AUTHENTICATION)

objDestOU.MoveHere "LDAP://" & objUser.distinguishedName, vbNullString
If Err.Number = 0 Then
 MsgBox "User moved successfully."
Else
 MsgBox "Error " & Err.Number & ": " & Err.Description
 Err.Clear
End If
Posted by at
Labels: , ,

2 comments:

Subscribe to: Post Comments (Atom)