https://labclient.labondemand.com/LabClient/a5fc4f9c-b9a3-45f2-92eb-5764d14c9954?rc=10

ricardo.p · April 5, 2023, 1:39pm

I’ll try to write your code again using a different programming logic as I understand the code better.

ricardo.p · April 10, 2023, 2:56pm

Try it with the following on case 2

            Get-ADOrganizationalUnit -Filter 'Name -like "*"' | Format-Table Name, DistinguishedName -A
            $parent=Read-Host "Select the OU Name from the list"
            $distinguishedName=Get-ADOrganizationalUnit -Filter 'Name -like $parent'
            $ou=Read-Host "Please enter the name of the new OU "
            New-ADOrganizationalUnit -Name $ou -Path $distinguishedName

andre.serville · April 12, 2023, 9:25am

Hello @ricardo.p ,
Thank you.
By the way, I find another issue that make me stuck.

The command above runs the same as “Search-ADAccount -AccountDisabled” so I can’t filter the Enabled Account User in Disabled OU except if I use this command: Get-ADUser -filter { GivenName -like “test2”} -SearchBase "OU=Disabled User "
But what if there are many users to filter inside “Disabled Users”?
I just want to filter “test2 user” in order to move it to the proper OU.
I enable a disabled Account user, the DN is still “OU=Disabled Users*”. I create a new ADuser in DisabledOU, the DN is always Disabled so it is difficult to filter that situation globally.
I conclude that the Cmdlet “Search-ADAccount” cannot filter right?

andre.serville · April 12, 2023, 10:02am

As you can see, I cannot display only disabled account user, there is “test2 user” despite the account is enabled.

To filter that, I use this command:
Get-ADUser -Filter “*” -SearchBase “OU=Disabled Users,OU=data,DC=data,DC=lab” | where {$_.distinguishedname -like “CN=test2 user (admin),OU=Disabled Users,OU=data,DC=data,DC=lab”}

andre.serville · April 12, 2023, 10:07am

The OU script has run successfully but the OU created doesn’t display in the ADUC wizard.
It’s Ok now after a reboot.
Thank you

ricardo.p · April 12, 2023, 1:58pm

To look for enabled users in the Disabled OU, you can use the following:

Get-ADUser -Filter * -SearchBase "OU=Disabled Users,OU=ServerAcademy,DC=ServerAcademy,DC=local" -Property Enabled | Where {$_.Enabled -like "True"}

The Search-ADAccount might not be the right choice for enabled accounts.

Instead of a reboot of the VM, it might need a refresh on the Active Directory Users and Computers.

Ricardo

andre.serville · April 12, 2023, 4:38pm

Again thank you @ricardo.p, you are fantastic.
The next time, I will pay attention to the syntax of “Get-ADUser” and “Search-ADAccount”.
My problem is solved.
How interreting is Powershell when thing become clear.