Moving AD User when attribute has changed

Good morning my fellow powershell scripters! I work for a k-12 district and currently re-writing a script that was created before my time. The script is a mile long and was created with little knowledge of powershell so I want to clean it up. As you know being in a k-12 district students grade levels change as well as them moving to different schools. We get a csv with updates on all students 4 times a day. We have certain attributes that we use for what school they are at and what grade they are in. I am able to check if the user exists in AD without issues. My problems come when the school or grade have changed. I have been trying these If\Else statements one at a time to keep troubleshooting to a minimum. So I basically need to compare what is currently in the attributes in AD to the new attributes from the CSV. Trying this If\Else statement if the company attribute has changed I can’t get working. This is what I have:

$FileName = (Get-Date).tostring("MM-dd-yyyy-hh-mmt")  
$FileName = "c:\powershell\StudentImport$($FileName).log"
$T = Get-Date -Uformat "%m-%d-%Y %r"
"Started Powershell Student Import $($T)" >> $FileName
[Environment]::NewLine >> $FileName

$Userscreatedcounter = 0
$Usersmovedcounter = 0

$Students = Import-Csv C:\student\students.csv

foreach ($Student in $Students) {

    $Textinfo = (Get-Culture).Textinfo
    $FName = $Student.Firstname
    $LName = $Student.Lastname
    $Midname = $Student.Middlename
    $FName = $Textinfo.ToTitleCase($FName.ToLower())
    $LName = $Textinfo.ToTitleCase($LName.ToLower())
    $Midname = $Textinfo.ToTitleCase($Midname.ToLower())
    $Name = "$LName $FName $MidName"
    $Sam = $Student.StudentUserID
    $CC = $Student.School
    $Grade = $Student.Grade
    $Pw = $Student.Pin
    $NameChange = $Student.NameChange
    $Dom = "student.testlab.local"

$User = Get-ADUser $Sam -Filter "Company -eq $CC" -Properties Company -ErrorAction SilentlyContinue
    If ( $User ) {
        Write-Verbose "$oldCC does not match $CC"
    }

else {
        $NewUserParams = @{
            'UserPrincipalName' = "$Sam@$Dom"
            'SamAccountName' = "$Sam"
            'Name' = $Name
            'GivenName' = "$FName"
            'SurName' = "$LName"
            'DisplayName' = $LName + " " + $FName
            'Description' = "$($sam) $($CC) $($Grade)"
            'Homedirectory' = "\\SCS-STUDATA\studenthfolders\$Sam"
            'Homedrive' = "H:"
            'Title' = "Student"
            'Department' = $Grade
            'Company' = $CC
            'Path' = "$OU"
            'AccountPassword' = (ConvertTo-SecureString $Pw -AsPlainText -Force)
            'PasswordNeverExpires' = $true
            'CannotChangePassword' = $true
            'Enabled' = $true
            'Server' = "dc2.student.testlab.local"
        }    
        New-ADUser @NewUserParams
        "$Sam with the name of $Name has been successfully created." >> $FileName
        $Userscreatedcounter = $Userscreatedcounter +1
    }
}

$T = Get-Date -Uformat "%m-%d-%Y %r"
[Environment]::NewLine >> $FileName
"Total users created = $($Userscreatedcounter)" >> $FileName
"Total users moved   = $($Usersmovedcounter)" >> $FileName
[Environment]::NewLine >> $FileName
"End Import $($T)" >> $FileName

Could someone point me in the right direction or explain to me what I am doing wrong? Any assistance would be appreciated.

Is it possible to get a student in the csv who is NOT already in Active Directory?

Either way what I would do is iterate over your csv like you do, but get the ADUser for the StudentID first and only assign variables/make changes if needed. I don’t have an environment to test, but here is a basic flow.

foreach ($student in $students) {
    $User = Get-ADUser $Sam
    if (!$User) {
        #create new user here

    } #if user doesn't exist
    else {
        if ($user.company -ne $student.school) {
            #update property here

        } #if company doesn't match school
        if ($user.department -ne $student.grade) {
            #update property here

        } #if department doesn't match grade
    } #else checking for changes
}# foreach

 

 

I guess I could have put a little more code in my example. To change a property, I would use Set-ADUser like this:

foreach ($student in $students) {
    $User = Get-ADUser $Sam
    if (!$User) {
        #create new user here

    } #if user doesn't exist
    else {
        if ($user.company -ne $student.school) {
            #update property here
            $user | Set-ADUser -Company $student.school

        } #if company doesn't match school
        if ($user.department -ne $student.grade) {
            #update property here
            $user | Set-ADUser -Department $student.grade

        } #if department doesn't match grade
    } #else checking for changes
}# foreach

 

First thing is this line:

$User = Get-ADUser $Sam -Filter "Company -eq $CC" -Properties Company -ErrorAction SilentlyContinue

The SamAccountName is the student Id, so you don’t want to create a new account is they are not in the same school. Mike R.'s logic looks good, but it doesn’t appear that you are moving the student to the OU or doing something specific for the property change aside for setting it, you can just set it like this:

foreach ($student in $students) {
    $User = Get-ADUser $Sam
    if (!$User) {
        #create new user here
 
    } #if user doesn't exist
    else {
        if (($user.company -ne $student.school) -or ($user.department -ne $student.grade)){

            $user | Set-ADUser -Department $student.grade -Company $student.school
 
        } #if department doesn't match grade
    } #else checking for changes
}# foreach

Not sure how many records you are talking about, but you could even get rid of the if the properties don’t match and just overwrite the properties every time.

Thank you Mike R this is what I was trying for. For the most part the csv will have new students but we do get students in the csv that are already in AD so I need to deal with them, and the students who have moved up a grade and/or have switched schools. I will test this out and post back the outcome.

Good morning Rob! Thank you for the reply. I am moving users if they have moved to a new school due to relocation or graduating from Elementary to Middle or Middle to High. I was just testing one scenario at a time to see if it works or not. I am going to give Mike R’s suggestion a try and report back.

So I have gotten a bit further and it seems to be working. I am not very good at counting the users who have been created and/or moved. From the code below I get the userscreated total but the users moved tells me everyone has been moved which is obviously not the case. Could you tell me what I am doing wrong there please.

$FileName = (Get-Date).tostring("MM-dd-yyyy-hh-mmt")  
$FileName = "c:\powershell\StudentImport$($FileName).log"
$T = Get-Date -Uformat "%m-%d-%Y %r"
"Started Powershell Student Import $($T)" >> $FileName
[Environment]::NewLine >> $FileName

$Userscreatedcounter = 0
$Usersmovedcounter = 0

$Students = Import-Csv C:\student\students.csv

foreach ($Student in $Students) {

    $Textinfo = (Get-Culture).Textinfo
    $FName = $Student.Firstname
    $LName = $Student.Lastname
    $Midname = $Student.Middlename
    $FName = $Textinfo.ToTitleCase($FName.ToLower())
    $LName = $Textinfo.ToTitleCase($LName.ToLower())
    $Midname = $Textinfo.ToTitleCase($Midname.ToLower())
    $Name = "$LName $FName $MidName"
    $Sam = $Student.StudentUserID
    $CC = $Student.School
    $Grade = $Student.Grade
    $Pw = $Student.Pin
    $NameChange = $Student.NameChange
    $Dom = "student.testlab.local"

    Switch ( $CC ) {
        '0085' {$OU = "OU=AllGrades,OU=Students,OU=BHS,OU=High School,OU=North,OU=Zones,DC=student,DC=testlab,DC=local"
        $Group = "0085 All Students"       
        }
        '0051' {$OU = "OU=AllGrades,OU=Students,OU=SHS,OU=High School,OU=North,OU=Zones,DC=student,DC=testlab,DC=local"
        $Group = "0051 All Students"
        }
        '0171' {$OU = "OU=AllGrades,OU=Students,OU=Phillippi,OU=Elementary School,OU=Central,OU=Zones,DC=student,DC=testlab,DC=local"
        $Group = "0171 All Students"
        }
        '0031' {$OU = "OU=AllGrades,OU=Students,OU=SMS,OU=Middle School,OU=Central,OU=Zones,DC=student,DC=testlab,DC=local"
        $Group = "0031 All Students"
        }
        '0021' {$OU = "OU=AllGrades,OU=Students,OU=Pineview,OU=Other,OU=Central,OU=Zones,DC=student,DC=testlab,DC=local"
        $Group = "0021 All Students"
        }
        '0084' {$OU = "OU=AllGrades,OU=Students,OU=BMS,OU=Middle School,OU=North,OU=Zones,DC=student,DC=testlab,DC=local"
        $Group = "0021 All Students"
        }
        '0131' {$OU = "OU=AllGrades,OU=Students,OU=Fruitville,OU=Elementary School,OU=North,OU=Zones,DC=student,DC=testlab,DC=local"
        $Group = "0131 All Students"
        }
        '1291' {$OU = "OU=AllGrades,OU=Students,OU=Woodland,OU=Middle School,OU=South,OU=Zones,DC=student,DC=testlab,DC=local"
        $Group = "1291 All Students"
        }
        '0101' {$OU = "OU=AllGrades,OU=Students,OU=Brentwood,OU=Elementary School,OU=North,OU=Zones,DC=student,DC=testlab,DC=local"
        $Group = "0101 All Students"
        }
        '1282' {$OU= "OU=AllGrades,OU=Students,OU=Tatum,OU=Elementary School,OU=North,OU=Zones,DC=student,DC=testlab,DC=local"
        $Group = "1282 All Students"
        }
        '1211' {$OU = "OU=AllGrades,OU=Students,OU=LNS,OU=Other,OU=Central,OU=Zones,DC=student,DC=testlab,DC=local"
        $Group = "1211 All Students"
        }
        '1231' {$OU = "OU=AllGrades,OU=Students,OU=Toledo,OU=Elementary School,OU=South,OU=Zones,DC=student,DC=testlab,DC=local"
        $Group = "1231 All Students"
        }
        '0294' {$OU = "OU=AllGrades,OU=Students,OU=Triad-Second Chance,OU=Other,OU=Central,OU=Zones,DC=student,DC=testlab,DC=local"
        $Group = "0294 All Students"
        }
        '0141' {$OU = "OU=AllGrades,OU=Students,OU=Mcintosh,OU=Middle School,OU=North,OU=Zones,DC=student,DC=testlab,DC=local"
        $Group = "0141 All Students"
        }
        '1261' {$OU = "OU=AllGrades,OU=Students,OU=Heron,OU=Middle School,OU=South,OU=Zones,DC=student,DC=testlab,DC=local"
        $Group = "1261 All Students"
        }
        '0221' {$OU = "OU=AllGrades,OU=Students,OU=VHS,OU=High School,OU=South,OU=Zones,DC=student,DC=testlab,DC=local"
        $Group = "0221 All Students"
        }
        '0271' {$OU = "OU=AllGrades,OU=Students,OU=GulfGate,OU=Elementary School,OU=Central,OU=Zones,DC=student,DC=testlab,DC=local"
        $Group = "0271 All Students"
        }
        '0291' {$OU = "OU=AllGrades,OU=Students,OU=Wilkinson,OU=Elementary School,OU=Central,OU=Zones,DC=student,DC=testlab,DC=local"
        $Group = "0291 All Students"
        }
        '0012' {$OU = "OU=AllGrades,OU=Students,OU=AltaVista,OU=Elementary School,OU=North,OU=Zones,DC=student,DC=testlab,DC=local"
        $Group = "0012 All Students"
        }
        '0071' {$OU = "OU=AllGrades,OU=Students,OU=BayHaven,OU=Elementary School,OU=North,OU=Zones,DC=student,DC=testlab,DC=local"
        $Group = "0071 All Students"
        }
        '0501' {$OU = "OU=AllGrades,OU=Students,OU=Emma,OU=Elementary School,OU=North,OU=Zones,DC=student,DC=testlab,DC=local"
        $Group = "0501 All Students"
        }
        '0261' {$OU = "OU=AllGrades,OU=Students,OU=Gocio,OU=Elementary School,OU=North,OU=Zones,DC=student,DC=testlab,DC=local"
        $Group = "0261 All Students"
        }
        '1241' {$OU = "OU=AllGrades,OU=Students,OU=Atwater,OU=Elementary School,OU=South,OU=Zones,DC=student,DC=testlab,DC=local"
        $Group = "1241 All Students"
        }
        '0121' {$OU = "OU=AllGrades,OU=Students,OU=Englewood,OU=Elementary School,OU=South,OU=Zones,DC=student,DC=testlab,DC=local"
        $Group = "0121 All Students"
        }
        '0381' {$OU = "OU=AllGrades,OU=Students,OU=Garden,OU=Elementary School,OU=South,OU=Zones,DC=student,DC=testlab,DC=local"
        $Group = "0381 All Students"
        }
        '0461' {$OU = "OU=AllGrades,OU=Students,OU=Glenallen,OU=Elementary School,OU=South,OU=Zones,DC=student,DC=testlab,DC=local"
        $Group = "0461 All Students"
        }
        '1341' {$OU = "OU=AllGrades,OU=Students,OU=Lamarque,OU=Elementary School,OU=South,OU=Zones,DC=student,DC=testlab,DC=local"
        $Group = "1341 All Students"
        }
        '0201' {$OU = "OU=AllGrades,OU=Students,OU=Tuttle,OU=Elementary School,OU=North,OU=Zones,DC=student,DC=testlab,DC=local"
        $Group = "0201 All Students"
        }
        '0301' {$OU = "OU=AllGrades,OU=Students,OU=Ashton,OU=Elementary School,OU=Central,OU=Zones,DC=student,DC=testlab,DC=local"
        $Group = "0301 All Students"
        }
        '1251' {$OU = "OU=AllGrades,OU=Students,OU=NPHS,OU=High School,OU=South,OU=Zones,DC=student,DC=testlab,DC=local"
        $Group = "1251 All Students"
        }
        '0191' {$OU = "OU=Allgrades,OU=Students,OU=Southside,OU=Elementary School,OU=North,OU=Zones,DC=student,DC=testlab,DC=local"
        $Group = "0191 All Students"
        }
        '0181' {$OU = "OU=AllGrades,OU=Students,OU=Riverview HS,OU=High School,OU=Central,OU=Zones,DC=student,DC=testlab,DC=local"
        $Group = "0181 All Students"
        }
        '0111' {$OU = "OU=AllGrades,OU=Students,OU=Brookside,OU=Middle School,OU=North,OU=Zones,DC=student,DC=testlab,DC=local"
        $Group = "0111 All Students"
        }
        '0293' {$OU = "OU=AllGrades,OU=Students,OU=OakPark,OU=Other,OU=Central,OU=Zones,DC=student,DC=testlab,DC=local"
        $Group = "0293 All Students"
        }
        '0471' {$OU = "OU=AllGrades,OU=Students,OU=Lakeview,OU=Elementary School,OU=Central,OU=Zones,DC=student,DC=testlab,DC=local"
        $Group = "0471 All Students"
        }
        '0211' {$OU = "OU=AllGrades,OU=Students,OU=VES,OU=Elementary School,OU=South,OU=Zones,DC=student,DC=testlab,DC=local"
        $Group = "0211 All Students"
        }
        '0451' {$OU = "OU=AllGrades,OU=Students,OU=VMS,OU=Middle School,OU=South,OU=Zones,DC=student,DC=testlab,DC=local"
        $Group = "0451 All Students"
        }
        '0491' {$OU = "OU=AllGrades,OU=Students,OU=Taylor,OU=Elementary School,OU=South,OU=Zones,DC=student,DC=testlab,DC=local"
        $Group = "0491 All Students"
        }
        '1271' {$OU = "OU=AllGrades,OU=Students,OU=Cranberry,OU=Elementary School,OU=South,OU=Zones,DC=student,DC=testlab,DC=local"
        $Group = "1271 All Students"
        }
        '0292' {$OU = "OU=AllGrades,OU=Students,OU=PSS-ESE,OU=Other,OU=Central,OU=Zones,DC=student,DC=testlab,DC=local"
        }
    }

    <#If (Get-ADUser -F { SamAccountName -eq $Sam } -Server $Dom) {
        "User $Sam already exists.  Checking if grade or cost center has changed" >> $FileName
    }#>
    $User = Get-ADUser $Sam -Server $Dom
    If ( !$User ) {
        
        $NewUserParams = @{
            'UserPrincipalName' = "$Sam@$Dom"
            'SamAccountName' = "$Sam"
            'Name' = $Name
            'GivenName' = "$FName"
            'SurName' = "$LName"
            'DisplayName' = $LName + " " + $FName
            'Description' = "$($sam) $($CC) $($Grade)"
            'Homedirectory' = "\\SCS-STUDATA\studenthfolders\$Sam"
            'Homedrive' = "H:"
            'Title' = "Student"
            'Department' = $Grade
            'Company' = $CC
            'Path' = "$OU"
            'AccountPassword' = (ConvertTo-SecureString $Pw -AsPlainText -Force)
            'PasswordNeverExpires' = $true
            'CannotChangePassword' = $true
            'Enabled' = $true
            'Server' = "dc2.student.testlab.local"
        }    
        New-ADUser @NewUserParams
        "$Sam with the name of $Name has been successfully created." >> $FileName
        $Userscreatedcounter = $Userscreatedcounter +1
    }
    Else { Try {
        If ($User.Company -ne $Student.School) {
            $User | Set-ADuser -Company $Student.School -Description "$($sam) $($CC) $($Grade)" -Server $Dom
            Move-ADObject -Identity $User.Distinguishedname -server $Dom -TargetPath $OU
            $Usersmovedcounter = $Usersmovedcounter + 1
            
        }
        <#If ($User.Department -ne $Student.Grade) {
            $User | Set-ADUser -Department $Student.Grade -Description "$($sam) $($CC) $($Grade)" -Server $Dom
        }#>
        }   Catch { $_.Exception >> $FileName }
}
}

$T = Get-Date -Uformat "%m-%d-%Y %r"
[Environment]::NewLine >> $FileName
"Total users created = $($Userscreatedcounter)" >> $FileName
"Total users moved   = $($Usersmovedcounter)" >> $FileName
[Environment]::NewLine >> $FileName
"End Import $($T)" >> $FileName

 

If you are creating a new user in every iteration of the foreach loop then this line never returns an object:

 

$User = Get-ADUser $Sam -Server $Dom

I would double check your data to make sure that the StudentUserID column is in fact the correct SAM. Also, it looks like you are searching for the user on “student.testlab.local” but creating them on “dc2.student.testlab.local”. This could be an issue as well if the users don’t exist on the other DC that you are searching. If these are supposed to be replicated, it may not be instantaneous.

 

The $Student variable has all your user information. It’s better to be able to tell who was create, moved, etc. rather than getting a count. So rather than

$Userscreatedcounter = $Userscreatedcounter +1

Do something like this:

$results = foreach ($Student in $Students) {

    $User = Get-ADUser $Sam -Server $Dom
    If ( !$User ) {
        #Missing try for create
        try {
            #create
            #Why is -Path not specified to create a user in the correct OU
            $student | Select-Object -Property *, @{Name='Status';Expression={'CREATE'}}
        }
        catch {
            #create fail
            $msg = 'This failed custom message. {0}' -f $_
            $student | Select-Object -Property *, @{Name='Status';Expression={'CREATE_FAIL:{0}' -f $msg}}
        }
    }
    else {
        try {
            #move
            $student | Select-Object -Property *, @{Name='Status';Expression={'MOVE'}}
        }
        catch {
            #move fail
            $msg = 'This failed custom message. {0}' -f $_
            $student | Select-Object -Property *, @{Name='Status';Expression={'MOVE_FAIL: {0}' -f $msg}}
        }
    }
}

​$createCount = ($results | Where{$_.Status -eq 'CREATE'}).Count
$moveFailCount = ($results | Where{$_.Status -like 'MOVE_FAIL:*'}).Count

#or ... this would have counts on specific errors received

$results | Group-Object -Property Status -NoElement

This is psuedo-code, but you are basically appending a Status property to each user. This will allow you to get counts and see what users had what problems by rolling errors up to results. Also, you must tell the command to Stop for try\catch to work:

Move-ADObject -Identity $User.Distinguishedname -server $Dom -TargetPath $OU -ErrorAction Stop

Ok Rob! I tried your suggestion could you take a look at it? I am still receiving 99 moved.

$FileName = (Get-Date).tostring("MM-dd-yyyy-hh-mmt")  
$FileName = "c:\powershell\StudentImport$($FileName).log"
$T = Get-Date -Uformat "%m-%d-%Y %r"
"Started Powershell Student Import $($T)" >> $FileName
[Environment]::NewLine >> $FileName

$Students = Import-Csv C:\student\students.csv

$Results = Foreach ($Student in $Students) {

    $Textinfo = (Get-Culture).Textinfo
    $FName = $Student.Firstname
    $LName = $Student.Lastname
    $Midname = $Student.Middlename
    $FName = $Textinfo.ToTitleCase($FName.ToLower())
    $LName = $Textinfo.ToTitleCase($LName.ToLower())
    $Midname = $Textinfo.ToTitleCase($Midname.ToLower())
    $Name = "$LName $FName $MidName"
    $Sam = $Student.StudentUserID
    $CC = $Student.School
    $Grade = $Student.Grade
    $Pw = $Student.Pin
    $NameChange = $Student.NameChange
    $Dom = "student.testlab.local"

    Switch ( $CC ) {
        '0085' {$OU = "OU=AllGrades,OU=Students,OU=BHS,OU=High School,OU=North,OU=Zones,DC=student,DC=testlab,DC=local"
        $Group = "0085 All Students"       
        }
        '0051' {$OU = "OU=AllGrades,OU=Students,OU=SHS,OU=High School,OU=North,OU=Zones,DC=student,DC=testlab,DC=local"
        $Group = "0051 All Students"
        }
        '0171' {$OU = "OU=AllGrades,OU=Students,OU=Phillippi,OU=Elementary School,OU=Central,OU=Zones,DC=student,DC=testlab,DC=local"
        $Group = "0171 All Students"
        }
        '0031' {$OU = "OU=AllGrades,OU=Students,OU=SMS,OU=Middle School,OU=Central,OU=Zones,DC=student,DC=testlab,DC=local"
        $Group = "0031 All Students"
        }
        '0021' {$OU = "OU=AllGrades,OU=Students,OU=Pineview,OU=Other,OU=Central,OU=Zones,DC=student,DC=testlab,DC=local"
        $Group = "0021 All Students"
        }
        '0084' {$OU = "OU=AllGrades,OU=Students,OU=BMS,OU=Middle School,OU=North,OU=Zones,DC=student,DC=testlab,DC=local"
        $Group = "0021 All Students"
        }
        '0131' {$OU = "OU=AllGrades,OU=Students,OU=Fruitville,OU=Elementary School,OU=North,OU=Zones,DC=student,DC=testlab,DC=local"
        $Group = "0131 All Students"
        }
        '1291' {$OU = "OU=AllGrades,OU=Students,OU=Woodland,OU=Middle School,OU=South,OU=Zones,DC=student,DC=testlab,DC=local"
        $Group = "1291 All Students"
        }
        '0101' {$OU = "OU=AllGrades,OU=Students,OU=Brentwood,OU=Elementary School,OU=North,OU=Zones,DC=student,DC=testlab,DC=local"
        $Group = "0101 All Students"
        }
        '1282' {$OU= "OU=AllGrades,OU=Students,OU=Tatum,OU=Elementary School,OU=North,OU=Zones,DC=student,DC=testlab,DC=local"
        $Group = "1282 All Students"
        }
        '1211' {$OU = "OU=AllGrades,OU=Students,OU=LNS,OU=Other,OU=Central,OU=Zones,DC=student,DC=testlab,DC=local"
        $Group = "1211 All Students"
        }
        '1231' {$OU = "OU=AllGrades,OU=Students,OU=Toledo,OU=Elementary School,OU=South,OU=Zones,DC=student,DC=testlab,DC=local"
        $Group = "1231 All Students"
        }
        '0294' {$OU = "OU=AllGrades,OU=Students,OU=Triad-Second Chance,OU=Other,OU=Central,OU=Zones,DC=student,DC=testlab,DC=local"
        $Group = "0294 All Students"
        }
        '0141' {$OU = "OU=AllGrades,OU=Students,OU=Mcintosh,OU=Middle School,OU=North,OU=Zones,DC=student,DC=testlab,DC=local"
        $Group = "0141 All Students"
        }
        '1261' {$OU = "OU=AllGrades,OU=Students,OU=Heron,OU=Middle School,OU=South,OU=Zones,DC=student,DC=testlab,DC=local"
        $Group = "1261 All Students"
        }
        '0221' {$OU = "OU=AllGrades,OU=Students,OU=VHS,OU=High School,OU=South,OU=Zones,DC=student,DC=testlab,DC=local"
        $Group = "0221 All Students"
        }
        '0271' {$OU = "OU=AllGrades,OU=Students,OU=GulfGate,OU=Elementary School,OU=Central,OU=Zones,DC=student,DC=testlab,DC=local"
        $Group = "0271 All Students"
        }
        '0291' {$OU = "OU=AllGrades,OU=Students,OU=Wilkinson,OU=Elementary School,OU=Central,OU=Zones,DC=student,DC=testlab,DC=local"
        $Group = "0291 All Students"
        }
        '0012' {$OU = "OU=AllGrades,OU=Students,OU=AltaVista,OU=Elementary School,OU=North,OU=Zones,DC=student,DC=testlab,DC=local"
        $Group = "0012 All Students"
        }
        '0071' {$OU = "OU=AllGrades,OU=Students,OU=BayHaven,OU=Elementary School,OU=North,OU=Zones,DC=student,DC=testlab,DC=local"
        $Group = "0071 All Students"
        }
        '0501' {$OU = "OU=AllGrades,OU=Students,OU=Emma,OU=Elementary School,OU=North,OU=Zones,DC=student,DC=testlab,DC=local"
        $Group = "0501 All Students"
        }
        '0261' {$OU = "OU=AllGrades,OU=Students,OU=Gocio,OU=Elementary School,OU=North,OU=Zones,DC=student,DC=testlab,DC=local"
        $Group = "0261 All Students"
        }
        '1241' {$OU = "OU=AllGrades,OU=Students,OU=Atwater,OU=Elementary School,OU=South,OU=Zones,DC=student,DC=testlab,DC=local"
        $Group = "1241 All Students"
        }
        '0121' {$OU = "OU=AllGrades,OU=Students,OU=Englewood,OU=Elementary School,OU=South,OU=Zones,DC=student,DC=testlab,DC=local"
        $Group = "0121 All Students"
        }
        '0381' {$OU = "OU=AllGrades,OU=Students,OU=Garden,OU=Elementary School,OU=South,OU=Zones,DC=student,DC=testlab,DC=local"
        $Group = "0381 All Students"
        }
        '0461' {$OU = "OU=AllGrades,OU=Students,OU=Glenallen,OU=Elementary School,OU=South,OU=Zones,DC=student,DC=testlab,DC=local"
        $Group = "0461 All Students"
        }
        '1341' {$OU = "OU=AllGrades,OU=Students,OU=Lamarque,OU=Elementary School,OU=South,OU=Zones,DC=student,DC=testlab,DC=local"
        $Group = "1341 All Students"
        }
        '0201' {$OU = "OU=AllGrades,OU=Students,OU=Tuttle,OU=Elementary School,OU=North,OU=Zones,DC=student,DC=testlab,DC=local"
        $Group = "0201 All Students"
        }
        '0301' {$OU = "OU=AllGrades,OU=Students,OU=Ashton,OU=Elementary School,OU=Central,OU=Zones,DC=student,DC=testlab,DC=local"
        $Group = "0301 All Students"
        }
        '1251' {$OU = "OU=AllGrades,OU=Students,OU=NPHS,OU=High School,OU=South,OU=Zones,DC=student,DC=testlab,DC=local"
        $Group = "1251 All Students"
        }
        '0191' {$OU = "OU=Allgrades,OU=Students,OU=Southside,OU=Elementary School,OU=North,OU=Zones,DC=student,DC=testlab,DC=local"
        $Group = "0191 All Students"
        }
        '0181' {$OU = "OU=AllGrades,OU=Students,OU=Riverview HS,OU=High School,OU=Central,OU=Zones,DC=student,DC=testlab,DC=local"
        $Group = "0181 All Students"
        }
        '0111' {$OU = "OU=AllGrades,OU=Students,OU=Brookside,OU=Middle School,OU=North,OU=Zones,DC=student,DC=testlab,DC=local"
        $Group = "0111 All Students"
        }
        '0293' {$OU = "OU=AllGrades,OU=Students,OU=OakPark,OU=Other,OU=Central,OU=Zones,DC=student,DC=testlab,DC=local"
        $Group = "0293 All Students"
        }
        '0471' {$OU = "OU=AllGrades,OU=Students,OU=Lakeview,OU=Elementary School,OU=Central,OU=Zones,DC=student,DC=testlab,DC=local"
        $Group = "0471 All Students"
        }
        '0211' {$OU = "OU=AllGrades,OU=Students,OU=VES,OU=Elementary School,OU=South,OU=Zones,DC=student,DC=testlab,DC=local"
        $Group = "0211 All Students"
        }
        '0451' {$OU = "OU=AllGrades,OU=Students,OU=VMS,OU=Middle School,OU=South,OU=Zones,DC=student,DC=testlab,DC=local"
        $Group = "0451 All Students"
        }
        '0491' {$OU = "OU=AllGrades,OU=Students,OU=Taylor,OU=Elementary School,OU=South,OU=Zones,DC=student,DC=testlab,DC=local"
        $Group = "0491 All Students"
        }
        '1271' {$OU = "OU=AllGrades,OU=Students,OU=Cranberry,OU=Elementary School,OU=South,OU=Zones,DC=student,DC=testlab,DC=local"
        $Group = "1271 All Students"
        }
        '0292' {$OU = "OU=AllGrades,OU=Students,OU=PSS-ESE,OU=Other,OU=Central,OU=Zones,DC=student,DC=testlab,DC=local"
        }
    }

    $User = Get-ADUser $Sam -Server $Dom

    If ( !$User ) {
        try {

            $NewUserParams = @{
                'UserPrincipalName' = "$Sam@$Dom"
                'SamAccountName' = "$Sam"
                'Name' = $Name
                'GivenName' = "$FName"
                'SurName' = "$LName"
                'DisplayName' = $LName + " " + $FName
                'Description' = "$($sam) $($CC) $($Grade)"
                'Homedirectory' = "\\SCS-STUDATA\studenthfolders\$Sam"
                'Homedrive' = "H:"
                'Title' = "Student"
                'Department' = $Grade
                'Company' = $CC
                'Path' = "$OU"
                'AccountPassword' = (ConvertTo-SecureString $Pw -AsPlainText -Force)
                'PasswordNeverExpires' = $true
                'CannotChangePassword' = $true
                'Enabled' = $true
                'Server' = "dc2.student.testlab.local"
            }    
            New-ADUser @NewUserParams
            $student | Select-Object -Property *, @{Name='Status';Expression={'CREATE'}}
        }
        catch {
            $msg = 'This Failed custom message. {0}' -f $_
            $Student | Select-Object -Property *, @{Name='Status';Expression={'CREATE_FAIL:{0}' -f $msg}}}
        }
        else {
            try {
                If ($User.Company -ne $Student.School) {
                    $User | Set-ADuser -Company $Student.School -Description "$($sam) $($CC) $($Grade)" -Department $Student.Grade -Server $Dom
                    Move-ADObject -Identity $User.Distinguishedname -server $Dom -TargetPath $OU -ErrorAction Stop
                    $Student | Select-Object -Property *, @{Name='Status';Expression={'MOVE'}}
            }
        }
        catch {
            $msg = 'This failed custom message. {0}' -f $_
            $Student | Select-Object -Property *, @{Name='Status';Expression={'MOVE_FAIL:{0}'}}
        }
    }
}

#$CreateCount = ($Results | Where{$_.Status -eq 'CREATE'}).count
#$MoveFailCount = ($Results | Where{$_.Status -eq 'MOVE_FAIL:*'}).count

$Results | Group-Object -Property Status -NoElement

This is the output:

PS C:\Powershell> .\Student_Testing_2.ps1

Count Name
----- ----
   99 MOVE


PS C:\Powershell>

 

Ensure you are logging for all outcomes. New User, Move User, Failures and nothing changed…

               If ($User.Company -ne $Student.School) {
                    $User | Set-ADuser -Company $Student.School -Description "$($sam) $($CC) $($Grade)" -Department $Student.Grade -Server $Dom
                    Move-ADObject -Identity $User.Distinguishedname -server $Dom -TargetPath $OU -ErrorAction Stop
                    $Student | Select-Object -Property *, @{Name='Status';Expression={'MOVE'}
                }
                else {
                    $Student | Select-Object -Property *, @{Name='Status';Expression={'NO_CHANGE'}
                }

Thanks guys for the assistance. I have been able to get it working, however I have ran into another problem I didn’t take into account. Each one of our schools (42) have their own security group. When a student graduates from Elementary or Middle school their security group needs to change. I can get their new security group without issues but I don’t know how to remove the security group prior to them graduating. Any suggestion on how I can manage this? Just an fyi the security groups at each school are named with a 4 digit code for example “1234 All Students”, “4321 All Students” and etc. What are your thoughts on how to manage removing the old group?

Not tested, but the general idea would be…

#Add the MemberOf property to the GET
$User = Get-ADUser $Sam -Server $Dom -Properties MemberOf

#If a change is detected, assuming a user can only be in one All Students group,
#you can remove them from all "All Students" groups.
$allUsersGroups = $user.MemberOf | Where-Object -FilterScript {$_ -like '*All Students*'}
foreach ($groupToRemove in $allUsersGroups) {
    Remove-ADGroupMember -Identity $groupToRemove -Members $user.SamAccountName
}

#then add the group that is supposed to be there...
Add-AdGroupMember -Identity $Group -Members $user.SamAccountName

Thank you Rob I will test this today. Appreciate your time.

 

Rich