Public/Move-ADSIGroup.ps1

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
function Move-ADSIGroup
{
<#
 .SYNOPSIS
  Function to Move an Active Directory group in a different Organizational Unit (OU)
  
 .DESCRIPTION
  Function to Move an Active Directory group in a different Organizational Unit (OU)
  
 .PARAMETER Identity
  Specifies the Identity of the group
   
  You can provide one of the following properties
  DistinguishedName
  Guid
  Name
  SamAccountName
  Sid
  UserPrincipalName
   
  Those properties come from the following enumeration:
  System.DirectoryServices.AccountManagement.IdentityType
  
 .PARAMETER Credential
  Specifies the alternative credential to use.
  By default it will use the current user windows credentials.
  
 .PARAMETER DomainName
  Specifies the alternative Domain where the user should be created
  By default it will use the current Domain.
  
 .PARAMETER Destination
  Specifies the Distinguished Name where the object will be moved    
  
 .EXAMPLE
  Move-ADSIGroup -Identity 'FXGROUPTEST01' -Destination 'OU=TEST,DC=FX,DC=lab'
  
 .NOTES
  Francois-Xavier Cat
  lazywinadmin.com
  @lazywinadm
  github.com/lazywinadmin
  
 .LINK
  https://msdn.microsoft.com/en-us/library/system.directoryservices.accountmanagement.groupprincipal(v=vs.110).aspx
#>

    
    [CmdletBinding()]
    [OutputType('System.DirectoryServices.AccountManagement.GroupPrincipal')]
    param
    (
        [Parameter(Mandatory = $true)]
        [string]$Identity,

        [Alias("RunAs")]
        [System.Management.Automation.PSCredential]
        [System.Management.Automation.Credential()]
        $Credential = [System.Management.Automation.PSCredential]::Empty,

        [Alias('Domain', 'Server')]
        $DomainName = [System.DirectoryServices.ActiveDirectory.Domain]::Getcurrentdomain(),
        
        $Destination
    )
    
    BEGIN
    {
        Add-Type -AssemblyName System.DirectoryServices.AccountManagement
        
        # Create Context splatting
        $ContextSplatting = @{ ContextType = "Domain" }
        
        IF ($PSBoundParameters['Credential']) { $ContextSplatting.Credential = $Credential }
        IF ($PSBoundParameters['DomainName']) { $ContextSplatting.DomainName = $DomainName }
        
        $Context = New-ADSIPrincipalContext @ContextSplatting
    }
    PROCESS
    {
        TRY
        {
            $Group = [System.DirectoryServices.AccountManagement.GroupPrincipal]::FindByIdentity($Context, $Identity)
            
            # Create DirectoryEntry object
            $NewDirectoryEntry = New-Object -TypeName System.DirectoryServices.DirectoryEntry -ArgumentList "LDAP://$Destination"
            
            # Move the computer
            $Group.GetUnderlyingObject().psbase.moveto($NewDirectoryEntry)
            $Group.Save()
            
        }
        CATCH
        {
            Write-Error $error[0]
        }
    }
}