Move all AD Users in a Group to a Specific Organizational Unit
Server Academy Members Only
Sorry, this lesson is only available to Server Academy Full Access members. Upgrade your plan to get instant access to this and many more premium courses. Click the Upgrade Plan button below to get started.
Saving Progress...
In this lecture, we are going to be learning how to move the Active Directory members of a particular group to a specific Organizational Unit.
Now, in our case and what we are going to demo here, we are only moving three Active Directory Users, so it might be just a little easier to just do it by hand using the Graphical User Interface.
However, if you are working in a situation where you have one hundred user accounts that are part of a specific group and you need to move them to another OU, and you don’t know exactly where all the user accounts are located it’s much more efficient to use PowerShell to do this.
So, let’s go ahead and get started by looking at what we are going to be doing.
In this case, I am on my server here IPDC01 and what I am going to do is click on Tools from Server Manager and launch Active Directory Users and Computers.
I have this structure set up where I have an Organizational Unit called InstructorPaul, and inside this, I have Domain Users, Domain Workstations, and Member Servers.
Now, if I expand Domain Users OU I have another OU called Domain Admins. Here is Paul Hill and Robert Hill. These two are members of the Domain Administrators group.
However, if I go under the Users container, and I double-click on Administrator.
And, I click on the Member Of tab.
I can see that this user is also a member of the Domains Admins group.
So, in this particular scenario what I want to do is I want to move all the Domain Admins to the Domain Admins Organizational Unit.
Now, if you don’t have the same OU structure that’s fine, you can just create it now.
You can create some user accounts inside of this OU by right-clicking it and selecting New > User, and then make sure you add them under Member Of to the Domain Admins group.
So, now what we are going to do is launch PowerShell by clicking on the Start button and typing powershell.
Now, we have the option of selecting Windows PowerShell and Windows PowerShell ISE. This is a single line command, is not a complicated script so you don’t need to launch the Windows PowerShell ISE but whatever you choose to use you need to launch it as an Administrator.
So, I am going to right-click on Windows PowerShell and right-click and select Run as administrator.
Click Yes on the User Account Control window.
Again, if you use the Windows PowerShell ISE that’s perfectly fine.
So, the first thing we need to do is type Import-Module Active Directory and press Enter.
Now that’s done let’s run Get-Help Get-ADGroupMember and press Enter.
We can see all the information about this command.
Here we have in the SYNTAX of the command Get-ADGroupMember and -Identity and the identity of the Group. Now, you don’t need to type -Identity you can just type the group name in quotation marks. Then we can do Credentials, the Auth type, and things like that.
One of the things I think is important with this command is the -Recursive type. If we choose -Recursive what is going to happen is we are going to specify a Group, and if that Group has also other Groups inside of it, it will search that group also kind of a nested search.
We are not going to be doing that, we are going to be grabbing all of the members of the Administrator group.
Server Academy Members Only
Want to access this lesson? Just sign up for a free Server Academy account and you'll be on your way. Already have an account? Click the Sign Up Free button to get started..
