Using Rename-ADObject to rename Security Groups

luiscarrillo55 · November 4, 2014, 11:24am

Hello Everyone,

I’m new PS and have really been enjoying it so far. I’ve been coming here in search of answers and appreciate the communities input.

I have been asked to rename some security groups in AD and have run into some issues.

(I running ps v5 and using the “rename-adobject” command)

Rename-ADObject [-Identity] ADObject [-NewName] string

The below script is really to test/debug/practice, before gathering all the security groups, objects, filters, etc.

For now I’m trying to rename two accounts in a csv file. The script seems to work with -whatif (output below), but as soon as I removed it. I receive the following error:

With -Whatif: = no errors

$dn | ForEach-Object {Rename-ADObject $_.distinguishedname -NewName $NewName -WhatIf}
What if: Performing the operation “Rename” on target “CN=#US.SDTest-RW,OU=SharedDrive Groups,OU=Corporate,OU=Do
main-Groups,DC=Domain,DC=com”.
What if: Performing the operation “Rename” on target “CN=#US.SDTestv2-RO,OU=SharedDrive Groups,OU=Corporate,OU=
Domain-Groups,DC=Domain,DC=com”.

Removing -whatif: = Error

Rename-ADObject : The parameter is incorrect
At line:1 char:23

… rEach-Object {Rename-ADObject $_.distinguishedname -NewName $NewName}

              ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Sample Script:

$renameSG = Import-Csv D:\scripts\testSD.csv
#works up to here - import Security Group Names

$Oldname = $renameSG.oldname
#works up to here - Add Oldname strings into Var

$dn = foreach($group in $Oldname){Get-ADGroup -Identity $group}
#works up to here - create new var with SG names

$NewName = $renameSG.newname | out-string
#works up to here

#Testing >> $dn | ForEach-Object {echo $_.distinguishedname}

$dn | ForEach-Object {Rename-ADObject $_.distinguishedname -NewName $NewName}

Any help would be greatly appreciated. Best of all, I’d like to learn why this is not working. I thought using out-string cmdlet for $NewName would convert output to strings which then can be used for the -NewName parameter.

Thanks in advance.

alexander-johansson · November 4, 2014, 6:45pm

Hello,

Have you tested it with a lower version of Powershell?
As far as I know Powershell v5 is a preview and the Active Directory cmdlets might not be compatible with it.

/Alexander

luisc-c · November 5, 2014, 8:50am

Hello Alexander,

Thanks for the suggestion. Unfortunately, it didn’t have make a difference. Same errors when I remove “-whatif”

I also, replaced out-string with select-object to convert the $NewName objects into strings which I believe did (SystemString). See output below:

PS C:> $NewName = $renameSG | select newname

PS C:> $NewName | gm

TypeName: Selected.System.Management.Automation.PSCustomObject

Name MemberType Definition

Equals Method bool Equals(System.Object obj)
GetHashCode Method int GetHashCode()
GetType Method type GetType()
ToString Method string ToString()
NewName NoteProperty System.String NewName=US.SDTest RW2

Tried a machine running psv4

PS C:> $PSVersionTable

Name Value

PSVersion 4.0

Error:

Rename-ADObject : The parameter is incorrect

derek-ardolf · November 5, 2014, 9:45am

TafTak,

Could it be because it accepts an ADObject rather than just a string?
You could retrieve the object first, via Get-ADObject, to use with Rename-ADObject and the -NewName parameter?

Rename-ADObject (Get-ADObject  $_.distinguishedname) -NewName $NewName

luisc-c · November 10, 2014, 10:45am

Thanks for replies.

I finally got it working by creating an empty array; $renamesg = @()
Then imported the csv containing the security groups. $renamesg = import-csv

By doing so, I was able to see the different columns with the correct objects.

PS C:> $renameSG | gm

TypeName: System.Management.Automation.PSCustomObject

Name MemberType Definition

Equals Method bool Equals(System.Object obj)
GetHashCode Method int GetHashCode()
GetType Method type GetType()
ToString Method string ToString()
NewName NoteProperty System.String NewName=Accounting…
OldName NoteProperty System.String OldName=CN=#Accounting…

I then ran:

#Rename SamAccountName - Security groups
$renameSG | ForEach-Object {Set-ADGroup -Identity $.Oldname -SamAccountName $.NewName}

#Rename Security groups
$renameSG | ForEach-Object {Rename-ADObject -Identity $.Oldname -NewName $.NewName}

Thanks for the help.

Luis

casey-gray · March 4, 2015, 5:46am

I see that you solved this, but I just did the same thing, and I think the issue you had was with this:

Rename-ADObject $_.distinguishedname

The line I used to do a mass rename was this:

$foo = Get-ADGroup -Filter "name -like 'blah*'"
$foo | % { Rename-ADObject -Identity $_ -NewName ($_.Name -Replace "^blah", "blah_blah_") }

Granted, you’d have to finagle your rename to be what you wanted, but I was just replacing the first bit of the name with something different.

Topic		Replies	Views
Command with -whatif returns different object? PowerShell Help	6	123	July 26, 2018
Create distribution groups in ad with loop script... PowerShell Help	5	182	February 10, 2016
Modify ACtive directory groups PowerShell Help	3	207	May 4, 2021
Remove Groups partial group name PowerShell Help	2	218	December 15, 2020
Renaming a active directory group PowerShell Help	5	2265	February 10, 2024

Using Rename-ADObject to rename Security Groups

Related Topics