Public/Move-ADSIUser.ps1

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
function Move-ADSIUser
{
<#
 .SYNOPSIS
  Function to move a User in Active Directory
  
 .DESCRIPTION
  Function to move a User in Active Directory
  
 .PARAMETER Identity
  Specifies the Identity of the User
  
  You can provide one of the following properties
   DistinguishedName
   Guid
   Name
   SamAccountName
   Sid
   UserPrincipalName
   
  Those properties come from the following enumeration:
   System.DirectoryServices.AccountManagement.IdentityType
  
 .PARAMETER Credential
  Specifies the alternative credential to use.
  By default it will use the current user windows credentials.
  
 .PARAMETER DomainName
  Specifies the alternative Domain where the user should be created
  By default it will use the current domain.
 
    .PARAMETER Destination
        Specifies the Distinguished Name where the object will be moved    
 
 .EXAMPLE
  Move-ADSIUser -Identity 'fxtest01' -Destination "OU=Test,DC=FX,DC=lab"
  
 .EXAMPLE
  Move-ADSIUser -Identity 'fxtest01' -Destination "OU=Test,DC=FX,DC=lab" -Credential (Get-Credential)
  
 .NOTES
  Francois-Xavier Cat
  lazywinadmin.com
  @lazywinadm
  github.com/lazywinadmin
  
 .LINK
  https://msdn.microsoft.com/en-us/library/System.DirectoryServices.AccountManagement.UserPrincipal(v=vs.110).aspx
#>

    
    [CmdletBinding()]
    [OutputType('System.DirectoryServices.AccountManagement.UserPrincipal')]
    param
    (
        [Parameter(Mandatory = $true)]
        [string]$Identity,
        
        [Alias("RunAs")]
        [System.Management.Automation.PSCredential]
        [System.Management.Automation.Credential()]
        $Credential = [System.Management.Automation.PSCredential]::Empty,
        
        [String]$DomainName,
        $Destination
    )
    
    BEGIN
    {
        Add-Type -AssemblyName System.DirectoryServices.AccountManagement
        
        # Create Context splatting
        $ContextSplatting = @{ ContextType = "Domain" }
        
        IF ($PSBoundParameters['Credential']) { $ContextSplatting.Credential = $Credential }
        IF ($PSBoundParameters['DomainName']) { $ContextSplatting.DomainName = $DomainName }
        
        $Context = New-ADSIPrincipalContext @ContextSplatting
    }
    PROCESS
    {
        IF ($Identity)
        {
            $user = [System.DirectoryServices.AccountManagement.UserPrincipal]::FindByIdentity($Context, $Identity)
            
            # Retrieve DirectoryEntry
            #$User.GetUnderlyingObject()
            
            # Create DirectoryEntry object
            $NewDirectoryEntry = New-Object -TypeName System.DirectoryServices.DirectoryEntry -ArgumentList "LDAP://$Destination"
            
            # Move the computer
            $User.GetUnderlyingObject().psbase.moveto($NewDirectoryEntry)
            $User.Save()
        }
    }
}