Ravindra Kulkarni
Problem
You want to move a user object to a different container or OU.
Solution
Using a graphical user interface
- Open the ADUC snap-in.
- If you need to change domains, right-click on “Active Directory Users and Computers” in the left pane, select Connect to Domain, enter the domain name, and click OK.
- In the left pane, right-click on the domain and select Find.
- Type the name of the user and click Find Now.
- In the Search Results window, right-click on the user and select Move.
- Browse to and select the new parent container or OU.
- Click OK.
In Windows Server 2003 and above, you can also drag and drop objects from one container or OU into another.
Using a command-line interface
You can move an object using either the built-in DSMove utility or AdMod. DSMove takes the following syntax:
> dsmove "<UserDN>" -newparent "<NewParentDN>"
To move an object using AdMod, do the following:
> admod -b "<Current User DN>" -move "<New Parent DN>"
Using VBScript
' This code moves a user from one container to another.
' ------ SCRIPT CONFIGURATION ------
strUserDN = "<UserDN>" ' e.g. cn=rallen,cn=users,dc=rallencorp,dc=com
strOUDN = "<NewParentDN>" ' e.g. ou=Sales,dc=rallencorp,dc=com
' ------ END CONFIGURATION ---------
Set objUser = GetObject("LDAP://" & strUserDN)
Set objOU = GetObject("LDAP://" & strOUDN)
objOU.MoveHere objUser.ADsPath, objUser.Name
Discussion
Moving a user object between OUs in the same domain has no direct impact on the actual user in terms of any security or distribution groups that the user is a member of. The only thing to be cautious of is the impact of moving the user to a new OU that may have different security settings or GPOs applied to it.
IgNiTeD SoUL 