In this guide, you’ll learn how to move a computer object from one OU to another. This is a great step to automatically moving computers or servers to the correct group using Powershell, instead of manually moving them.

Step 1: Delegate Control of an OU in Active Directory

Before you can move a computer object to a different OU, you first need to delegate permissions to the specific user. To do that:

  1. Open Active Directory Users & Computers from a domain controller.
  2. Right-click the OU > Delegate Permissions.
  3. Click “Add” to add the user.
  4. On the Tasks to Delegate screen, click the “Create a custom task to delegate” radial.
  5. Click the “Only the following objects in the folder” radial.
    1. Check “Computer Objects.”
    2. Check Create Selected objects in this folder
    3. Check Delete selected objects in this folder.
  6. Check the WRITE box and click Next.

That’s it! You can now move computers objects to the specified OU from the default parent OU.
You can test this by opening ADUC on your local computer and manually moving an object. If it works, that means it’ll work once you run the Powershell script below.

Create Powershell Script to Move Computer Objects to a Different OU

By default, objects that get added to Active Directory go to the parent Computers OU:

For this example, I want newly created computer objects to move from from the default Computers OU to the Domain>Computers>Computers OU:

To do that with Powershell, you can use a script like this. It will prompt you to enter a computer name. Capitalization matters here.

$ComputerObject = Read-Host "Type computername to move"
Move-ADObject –Identity "CN=$ComputerObject,CN=Computers,DC=domain,DC=com" -TargetPath "OU=Computers,OU=Computers,OU=domain,DC=domain,DC=com"

Move Computer Object from Sub OU to Different OU

Move Computer Objects to Disabled Computers OU

If your computer object is already moved into a specific OU, and you want to move it somewhere else (such as a Disabled Computers OU, you can use a script like this:

$ComputerObject = Read-Host "Type computername to move to DisabledComputers OU"
Move-ADObject –Identity "CN=$ComputerObject,OU=Computers,OU=Computers,OU=Domain,DC=domain,DC=com" -TargetPath "OU=DisabledComputers,OU=Domain,DC=domain,DC=com"

Wrapping Up

Hopefully this guide helped you learn how to move one object to another OU or group with Powershell!

My Homelab Equipment

Here is some of the gear I use in my Homelab. I highly recommend each of them.

The full list of server components I use can be found on my Equipment List page.

Similar Posts

Leave a Reply

Your email address will not be published. Required fields are marked *