Script not moving Active Directory Objects

Hello PS Gurus,
I have a PS script used to manipulate Active Directory accounts; it was working fine when running on one of our old Domain controllers (Win2008). However, we upgraded our DCs to Win2016 and decided to move this script to run on a separate Windows 2016 server. The main issue is that the script - which now runs on that separate server but invokes a session on the new DC - is no longer moving AD accounts to different OUs.
-The log shows this error:
“The input object cannot be bound to any parameters for the command either because the command does not take pipeline
input or the input and its properties do not match any of the parameters that take pipeline input.”

  • And here’s the portion of the script that moves the AD account to a different OU but is not working:
    “Get-ADUser $Student.sAMAccountName | Move-ADObject -TargetPath “OU=Old,OU=Students,DC=CH,DC=MCC,DC=edu” -ErrorAction Continue -Confirm:$false”
    Searching online, it sounded like the Move-ADObject’s -Identity switch (required) is not accepting the piped sAMAccount attribute value so the suggestions were to try with a different attribute such as Distinguished name, GUID, etc. However, none of these work.
    Appreciate your time and thanks in advance for any input!

Well first does the $Student variable contain the correct info and does Get-ADUser command generate the desired output?

If that becomes e.g. NULL then there is nothing to pipe to Move-ADObject.

Fredrik -
Thanks for your reply. Yes, the $Student variable has a value. The next line on the script is “$($Student.sAMAccountName) home moved at $Time " | out-file $logfile -append” . When I check the log file the $Student has been recorded.

Make sure the user is available in AD for each $student in the iteration.

Get-AdUser -Identity $Student.sAMAccountName

Well just because student has a value doesn’t mean it’s correct.
E.g. “Hello world” is a value :slight_smile:

Just as kvprasson writes, does it contain the sAMAccountName property and does that sAMAccountName exist in the AD?
If Get-ADUser don’t find that user it will error out which will then cause the rest of that line to error out.

When dealing with Get-ADuser and most other AD related commands in scripts you should do some error/exception handling.
E.g.
[pre]
$user = Get-ADUser -Identity $Student.sAMAccountName

if($null -ne $user.sAMAccountName){
# Do whatever you need to do.
}
[/pre]

Thanks for your reply. I am not sure I follow your instructions, can you please clarify? thanks

Yes, the AD object does contain the sAMAccountName property and the sAMAccountName exists. Moreover, some of the script actions are being successfully performed; for instance, the script is also supposed to remove group membership for the AD object/account and this is happening. So, the script correctly “finds” the object, successfully performs certain actions, but moving the object to a different OU is what’s failing.

I’ve been working on something similar. I removed the need for the pipe command although and it’s been working for me.

 Move-ADObject -Identity ("Get-ADUser $Student.sAMAccountName ) -TargetPath "OU=Old,OU=Students,DC=CH,DC=MCC,DC=edu" -ErrorAction Continue -Confirm:$false"

If there is no account in AD, that means no output from Get-AdUser, this can happen.

All - thank you much for your input. I tried all the different suggestions and, unfortunately, none solved the problem. So, I ended up moving the script back to the new domain controller and it seems to be working now. Thanks again

I am not having a Domain Controller to test the script right now. But try this:

Get-ADUser $Student.sAMAccountName | %{Move-ADObject -TargetPath "OU=Old,OU=Students,DC=CH,DC=MCC,DC=edu"  -Confirm:$false"}