Using ADSI to move computer object to another OU

Use ADSI not powershell AD cmdlets

Move computer from one OU to another OU
remove members from computer object before moving
Move computer to OU
Add members to computer in OU

When I say members these are software titles deployed to computer objects in OU

Are these instructions to develop a script ? if so, sorry nobody here write script for others. We help other to write script on their own. If you have started with anything , please share where you are stuck or getting error .

Thanks, I am attempting to use ADSI searcher and can display software titles this computer is a member of but cannot figure out how to remove them before moving the computer object to a new OU. I am off work for the holidays and do not have access to my ws but when I return I can upload my code.



If you did a search for your exact points of interest, you’d get many results of exactly how to do each, and then all you’d need to do is merge that together in a single script.

‘adsi move computer to ou’
… and you’d get…

Move Computer to a different OU without AD cmdlets using PowerShell
Using ADSI and LDAP to move to an OU
Working with Active Directory using PowerShell ADSI adapter

The same thing would happen with each of your other data points. Now, you may not find all you need in one link of course, so, retooling your point in your search would get you more to start with.

Thank you postanote, I will review the links you provided.


No worries.

I am a firm believer in listing out things I want to do in bullet points, then attacking each bullet point one at a time and making sure that is working as expected before moving to the next.

All the individual pieces make up only a starting point, then you refine to the level of operational functionality needed, the refine future to go for optimization, elegance, and ease of maintenance.

This allows for avoidance of analysis paralysis, unnecessary self confusion, and a very liner approach to the resolution.

Define what you want you results to be (meaning know your answer before you begin)
Then via the step thru build to your end result.

Here is a sample of code I found online, I modified the section to remove the groups. It seems to work but may be sloppy. The requirements are this is run before a computer object is moved from one OU to another. I wanted to remove the need to install RSAT.


$ComputerN = “W10-1809$”
$ObjFilter = “(&(Objectclass=Computer)(samaccountName=$ComputerN))”
$objSearch = New-Object System.DirectoryServices.DirectorySearcher
$objSearch.PageSize = 5000
$objSearch.Filter = $ObjFilter
$objSearch.SearchRoot = “LDAP://DC=corp,DC=contoso,DC=com”
$AllObj = $objSearch.FindOne()
$objItemS = $AllObj.Properties
$CompDN = $objItemS.distinguishedname
$Comp = [ADSI] “LDAP://$CompDN”
$groupname = ($AllObj.GetDirectoryEntry()).memberof | %{ [adsi]“LDAP://$_” }
foreach($group in $groupname)


AS for this:

I wanted to remove the need to install RSAT.

You never need to install RSAT if you have admin permissions to connect to any DC. You’d use PowerShell Implicit Remoting to proxy the use of those cmdlets to the machine you are on. This approach allows you to use the cmdlets a if they were actually installed on your system, even though they are not.

You use the cmdlet in your script at your workstation, they run on the DC, and return results back to you. The moment you close the PSRemoting session, the are no longer available.

You never have to install other stuff on your workstation just to work with cmdlets. As long as you can administratively, connect to AD, Exchange, SharePoint, Skype, SQL, via implicit removing, you can use those cmdlets from those hosts.

I have tried a few times implicit remoting with Import-PSSession and Export-PSSession as well.
However, the output display is often not really neat. I guess it is because the Format.ps1xml file is not present on the local computer.
My favorite method is since a long time explicit remoting with Enter-PSSession. All the stuff is done by the remote computer and the display is like when you install modules on your local computer.

And when I want to get back some data I want to process further, then I use Invoke-Command.

AS for …

However, the output display is often not really neat

… I am not sure what this translates into for you, but I’ve not had or seen any display issues when doing removing of any flavor.
Yet, environments are different and things will happen to some that are not manifested by others.

Thanks Luc, connecting to a remote dc will not allow me to use out-gridview -passthru, to assign my selection to a variable $target. I would then use $target to perform the move of the computer object to the target OU. The following is what I have so far:


function computer-ADSpath($computername)
$searcher = [adsisearcher]"(name=$computername)"
$comp_dn = $searcher.FindOne().Properties.distinguishedname
$global:computer_adspath = ([adsi]“LDAP://$comp_dn”)

function computer-memberof($computername)
$searcher = [adsisearcher]"(name=$computername)"
$global:membersof_adspath = ($searcher.FindOne().Properties.memberof | % {[adsi]“LDAP://$_”}).path

function get-targetOU()
$searcher = adsisearcher
$target = $searcher.Findall()
$name = $ | Out-GridView -PassThru
$global:target_ou = ([adsi]“LDAP://OU=$name,OU=CORP,DC=corp,DC=contoso,DC=com”).path

get-targetOU #this function allows me to select the target OU from out-gridview and assign to a viariable
#I can’t do this in a remote session connected to the DC
computer-ADSpath “w10-1809”


I have the output from gridview but I cannot post the image.