我有这个脚本应该移动计算机没有他们的子网,但我不断收到以下错误,我不能为我的生活find问题。
我可以使用move-adobject手动移动电脑。
错误:
Move-ADObject : The operation could not be performed because the object's parent is either uninstantiated or deleted At C:\tools\move_computers_ad_subnet.ps1:179 char:22 + Move-ADObject <<<< -Identity $ComputerDN -TargetPath $DestinationDN + CategoryInfo : NotSpecified: (CN=DS-RECEPTION...nta,DC=co,DC=uk:ADObject) [Move-ADObject], ADException + FullyQualifiedErrorId : The operation could not be performed because the object's parent is either uninstantiate d or deleted,Microsoft.ActiveDirectory.Management.Commands.MoveADObject 脚本
################################################################################ # PowerShell routine to move Windows 7 Computers into OU structure based on IP # ################################################################################ # Requires Active Directory 2008 R2 and the PowerShell ActiveDirectory module ##################### # Environment Setup # ##################### #Add the Active Directory PowerShell module Import-Module ActiveDirectory #Set the threshold for an "old" computer which will be moved to the Disabled OU $old = (Get-Date).AddDays(-110) # Modify the -60 to match your threshold #Set the threshold for an "very old" computer which will be deleted $veryold = (Get-Date).AddDays(-120) # Modify the -90 to match your threshold ############################## # Set the Location IP ranges # ############################## $LyricSqIP = "\b(?:(?:10)\.)" + "\b(?:(?:21)\.)" + "\b(?:(?:2)\.)" + "\b(?:(?:25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?))" # 10.21.2.0/24 ######################## # Set the Location OUs # ######################## # Disabled OU $DisabledDN = "OU=_Disabled,OU=Computers,OU=Avanta_UK,OU=_Avanta_Group,DC=avanta,DC=co,DC=uk" # OU Locations $LyricSqDN = "OU=Hammersmith,OU=Computers,OU=Avanta_UK,OU=_Avanta_Group,DC=avanta,DC=co,DC=uk" ############### # The process # ############### # Query Active Directory for Computers running Windows 7 or XP (Any version) and move the objects to the correct OU based on IP Get-ADComputer -Filter {(Name -notlike "*-security*" ) -and (OperatingSystem -like "Windows 7*" -or OperatingSystem -like "Windows XP*")} -Properties PasswordLastSet | ForEach-Object { # Ignore Error Messages and continue on trap [System.Net.Sockets.SocketException] { continue; } # Set variables for Name and current OU $ComputerName = $_.Name $ComputerDN = $_.distinguishedName $ComputerPasswordLastSet = $_.PasswordLastSet $ComputerContainer = $ComputerDN.Replace( "CN=$ComputerName," , "") # If the computer is more than 90 days off the network, remove the computer object if ($ComputerPasswordLastSet -le $veryold) { Remove-ADObject -Identity $ComputerDN -WhatIf } # Check to see if it is an "old" computer account and move it to the Disabled\Computers OU if ($ComputerPasswordLastSet -le $old) { $DestinationDN = $DisabledDN Move-ADObject -Identity $ComputerDN -TargetPath $DestinationDN -WhatIf } # Query DNS for IP # First we clear the previous IP. If the lookup fails it will retain the previous IP and incorrectly identify the subnet $IP = $NULL $IP = [System.Net.Dns]::GetHostAddresses("$ComputerName") # Use the $IPLocation to determine the computer's destination network location # # if ($IP -match $LyricSqIP) { $DestinationDN = $LyricSqDN } Else { # If the subnet does not match we should not move the computer so we do Nothing $DestinationDN = $TestDN } # Move the Computer object to the appropriate OU # If the IP is NULL we will trust it is an "old" or "very old" computer so we won't move it again if ($IP -ne $NULL) { Move-ADObject -Identity $ComputerDN -TargetPath $DestinationDN -WhatIf } }
如果一个计算机帐户在120天内没有设置其密码,那么您的脚本首先将其删除, 然后尝试删除它:
# If the computer is more than 90 days off the network, remove the computer object if ($ComputerPasswordLastSet -le $veryold) { # $TRUE Remove-ADObject -Identity $ComputerDN -WhatIf } # Check to see if it is an "old" computer account and move it to the Disabled\Computers OU if ($ComputerPasswordLastSet -le $old) { # ALSO $TRUE $DestinationDN = $DisabledDN Move-ADObject -Identity $ComputerDN -TargetPath $DestinationDN -WhatIf }
确保$DisabledDN和$LyricSqDN包含正确的DN并且OU已经存在。
你可以用以下方式testing它们的存在:
[ADSI]::Exists($DisabledDN) [ADSI]::Exists($LyricSqDN)