move user in AD
Hello all, I have set up a OU with high restrictions setting. Sort of a user "sin-bin". I want to allow the ICTCO easy and simple access to move a user in and out of this OU. Anyone got a VB script or suggestion on how to do this?
many thanks and Happy Christmas.
An easier way might be to create a group within the bin, so that the policy applies to the group, then let them add users to that group.
dsmove.exe with a couple of arguments for moving OU.
net.exe with a couple of arguments for adding removing from a group.
Much of a muchness but I'd probably go for groups because net.exe syntax is easier and is already installed everywhere you might need it. The group can be anywhere, the point is to use it for security filtering on the GPOs that apply to the users i.e. SinBin group is denied apply access to normal GPO, SinBin is only group that can apply the naughty GPO.
Personally, I would prefer to be in control of this myself - you will know why a person is in the 'Sin Bin' and, you know that nobody can be put in there by accident etc.
On the other hand, I don't think it's all that complex, you might need some funky string functions to work out the real OU etc...
strUserDN = "cn=username,ou=intake01,ou=students,dc=domain,dc=local"
strOUDN = "ou=sinbin,ou=students,dc=domain,dc=local"
Set objUser = GetObject("LDAP://" & strUserDN)
Set objOU = GetObject("LDAP://" & strOUDN)
objOU.MoveHere objUser.ADsPath, objUser.Name