move-toNonSyncOU.ps1

<#
    .SYNOPSIS
 
    This function moves the group to the non-SYNC OU. This is necessary to process the group deletion from Office 365.
     
    .DESCRIPTION
 
    This function moves the group to the non-SYNC OU. This is necessary to process the group deletion from Office 365.
 
    .PARAMETER GlobalCatalogServer
 
    The global catalog to make the query against.
 
    .PARAMETER DN
 
    The original DN of the object.
 
    .PARAMETER OU
 
    This is the OU that is set to not synchonize in AD Connect.
 
    .PARAMETER adCredential
 
    This is the credential for active directory operations.
 
    .OUTPUTS
 
    None
 
    .EXAMPLE
 
    move-toNonSyncOU -globalCatalogServer GC -OU NonSyncOU -DN groupDN -adCredential CRED
 
    #>

    Function move-toNonSyncOU
     {
        [cmdletbinding()]

        Param
        (
            [Parameter(Mandatory = $true)]
            [string]$globalCatalogServer,
            [Parameter(Mandatory = $true)]
            $OU,
            [Parameter(Mandatory = $true)]
            $DN,
            [Parameter(Mandatory = $true)]
            $adCredential,
            [Parameter(Mandatory = $false)]
            [ValidateSet("Basic","Negotiate")]
            $activeDirectoryAuthenticationMethod="Negotiate",
            [Parameter(Mandatory = $false)]
            $dlMoveCleanup=$FALSE,
            [Parameter(Mandatory = $false)]
            $dlPostCreate=$FALSE
        )

        #Output all parameters bound or unbound and their associated values.

        write-functionParameters -keyArray $MyInvocation.MyCommand.Parameters.Keys -parameterArray $PSBoundParameters -variableArray (Get-Variable -Scope Local -ErrorAction Ignore)

        #Declare function variables.

        #Start function processing.

        Out-LogFile -string "********************************************************************************"
        Out-LogFile -string "START MOVE-TONONSYNCOU"
        Out-LogFile -string "********************************************************************************"

        [boolean]$stopLoop=$false
        [int]$loopCounter = 0

        if ($dlMoveCleanup -eq $FALSE)
        {
            if ($dlPostCreate -eq $FALSE)
            {
                do
                {
                    Out-LogFile -string "Move the group to the non-SYNC OU..."
        
                    try {
                        move-adObject -identity $DN -targetPath $OU -credential $adCredential -server $globalCatalogServer -authType $activeDirectoryAuthenticationMethod -errorAction Stop
        
                        $stopLoop = $true
                    }
                    catch {
                        if ($loopCounter -lt 5)
                        {
                            out-logfile -string "Attempt to move to non-sync OU failed - wait and retry."
                            out-logfile -string ("Attempt number: "+$loopcounter.tostring())
        
                            $loopCounter++
        
                            start-sleepProgress -sleepSeconds 5 -sleepString "Attempt to move to non-sync OU failed - sleep 5 seconds retry."
                        }
                        else {
                            out-logfile -string "Unable to move the group to a non-sync OU - abandon the move."
                            out-logfile -string $_ -isError:$true
                        }
                    }
                } until ($stopLoop -eq $TRUE)
            }
            else 
            {
                try {
                    move-adObject -identity $DN -targetPath $OU -credential $adCredential -server $globalCatalogServer -authType $activeDirectoryAuthenticationMethod -errorAction Stop
                }
                catch {
                    out-logfile -string "Unable to move the group between organizational units. Manual intervention required."

                    $isErrorObject = new-Object psObject -property @{
                        PrimarySMTPAddressorUPN = ""
                        ExternalDirectoryObjectID = ""
                        Alias = ""
                        Name = $DN
                        Attribute = ""
                        ErrorMessage = "Unable to move the on premises group between OUs. Manual administrator intervention required."
                        ErrorMessageDetail = $_
                    }

                    out-logfile -string $isErrorObject

                    $global:postCreateErrors += $isErrorObject
                }
            }
        }
        else 
        {
            out-logfile -string "Attempting one move back to the source OU - on premises group was moved to no-sync and failure occurred."

            move-adObject -identity $DN -targetPath $OU -credential $adCredential -server $globalCatalogServer -authType $activeDirectoryAuthenticationMethod -errorAction SilentlyContinue
        }

        Out-LogFile -string "END MOVE-TONONSYNCOU"
        Out-LogFile -string "********************************************************************************"
    }