Microsoft

Batch Active Directory tasks with ease using dsmove

When you have to do specific Windows administration tasks on a frequent basis, it makes your job easier if all relevant objects are in the same organizational unit. Find out how you can script the move with the dsmove command.

When you have to do specific Windows administration tasks on a frequent basis, it makes your job easier if all relevant objects are in the same organizational unit (OU). The practice of a holding OU can make partial removal, mass changes, parallel access, and pre-implementation staging easy for user accounts. Further, you can do certain right-click tasks such as Exchange 2003 mailbox additions and removals on a large selection easily instead of wearing out [Ctrl].

Getting an export of your Active Directory (AD) is a good starting point, as you can work with Copy and Paste for the distinguished names (DN) of an AD object. User and computer accounts will be the types used most frequently from a mass management standpoint; Comma Separated Value Data Exchange (CSVDE) is a good starting point for an export.

Scripting the move with dsmove is done via the command line or called in script. Here is an example command that will move the username Rick Vanover from the Users OU to a new OU called zzHoldingOU:

dsmove "CN=Rick Vanover,CN=Users,DC=ROD,DC=RWVINTRA,DC=NET" -newparent OU=zzHoldingOU,DC=ROD,DC=RWVINTRA,DC=NET

When the DN of the object to move has a space, the entire DN is placed in quotes. You can put the standard username in this field (firstname.lastname in the domain used in this example). When dsmove runs, it will state if the move was successful.

Once you move the large number of user accounts into the desired OU, you can do the collective tasks or holding. You can use dsmove for all AD objects with a DN, so computer account OU placement can be changed collectively in the same fashion to reflect a new configuration.

When performing a very large move, you may want to designate a domain controller with the -d parameter to process all of the transactions associated with the move to contain all of the work. Each dsmove operation is a direct call to the domain controller and could be taxing if the commands hit a relatively busy domain controller.

Note: This tip is valid for Windows 2000, Windows Server 2003, and Windows Server 2008.

Stay on top of the latest Windows Server 2003 and Windows Server 2008 tips and tricks with our free Windows Server newsletter, delivered each Wednesday. Automatically sign up today!

About

Rick Vanover is a software strategy specialist for Veeam Software, based in Columbus, Ohio. Rick has years of IT experience and focuses on virtualization, Windows-based server administration, and system hardware.

0 comments

Editor's Picks