Export (0) Print
Expand All
This topic has not yet been rated - Rate this topic

Moving and Renaming Objects

Microsoft® Windows® 2000 Scripting Guide

The move and rename tasks use the same method, MoveHere, to complete their respective operations. Unlike the copy task, the move and rename tasks are relatively simple to complete with an ADSI script. The MoveHere method supports the following Active Directory move and rename operations:

  • Moving an object to a different container within the same domain

  • Renaming an object within the same container

  • Renaming and moving an object to a different container within the same domain

  • Moving an object to another domain

  • Renaming an object while moving it to another domain

You cannot use the MoveHere method to move an object to another forest.

General Conditions for Cross-Domain Moves

There are some object-specific restrictions to making cross-domain moves. However, moving an object to other domains within the same forest is possible when the following general conditions are met:

  • The destination domain is running in native mode.

  • Both the destination and the source domain use Kerberos authentication.

  • The move operation must be completed from the source domain to the destination, or target, domain. If you attempt to move an object while logged on to the destination domain, the following message will appear:

    
    
    (null): Inappropriate authentication
    
    
  • To move an object from one domain to another, you must have permission to remove the object from the source domain and add the object to the target domain.

  • Only leaf objects can be moved. Therefore, if the object is a container, make sure it is empty before attempting to move it to another domain.

  • Security principals, such as users, groups, and computers cannot be moved to another domain if they are members of one or more global groups. They must first be removed from all global groups.

When you call the MoveHere method in a script, the first parameter of the method designates the ADsPath of the move or rename operation. The DN in the ADsPath designates where the object currently resides. The second argument designates the relative distinguished name of the object to be moved or the new name of the object to be renamed. If your intention is simply to move and not rename the object, the second parameter can be specified as vbNullString. Table 5.3 shows the arguments of the MoveHere method.

Table 5.3 MoveHere Arguments

Argument

Type

Required

Default

Description

ADsPath

string

Yes

None

The name of the provider and the DN of the source object to move or rename.

RelativeDistinguishedName

string

Yes

None

The cn=name attribute of the user account object to be moved or the new name of the user account to be renamed. If you are not renaming the account, you can specify vbNullString instead.

Regardless of the move or rename task you want to complete, both tasks involve two simple steps:

  1. Bind to the Active Directory container that is the target of the object move or rename operation.

  2. Move or rename the object.

    Like the Delete method, the MoveHere method acts immediately upon Active Directory. Therefore, there is no need to call the SetInfo method to complete a rename or move operation.

The goal of the three scripts in this section is to rename a published printer, move a group from one OU to another within the same domain, and move an OU from one domain to another. These three objects and tasks provide a good sampling of what can be done with the MoveHere method. For more information about how to complete object-specific move operations, see the ADSI task-based chapters in this book.

Renaming a Published Printer

The script in Listing 5.25 renames the Printer1 printer to HRPrn1. After the rename operation, the printer remains in the HR OU of the na.fabrikam.com domain.

  1. Bind to the HR OU container in the na.fabrikam.com domain.

    This binding operation designates the HR OU as the target container of the rename operation.

  2. Rename the Printer1 printer to HRPrn1.

    The first parameter of the MoveHere method specifies the ADsPath of the object to be renamed, the LDAP provider and the DN of Printer1. The second parameter specifies the new name for the printer.

Listing 5.25 Renaming a Published Printer

  
1
2
3
4


Set objOU = GetObject("LDAP://ou=HR,dc=NA,dc=fabrikam,dc=com")

objOU.MoveHere _
 "LDAP://cn=Printer1,ou=HR,dc=NA,dc=fabrikam,dc=com", "cn=HRPrn1"

Moving a Group from One Container to Another

The script in Listing 5.26 moves the Atl-Users group from the HR OU to the Users container of the na.fabrikam.com domain. Note that the Atl-Users group is not modified in any way. All members of the group remain, and the group is not renamed.

  1. Bind to the Users container in the na.fabrikam.com domain.

    This binding operation designates the Users container as the target container of the move operation.

  2. Move the Atl-Users group from the HR OU to the Users container within the same domain.

    The first parameter of the MoveHere method specifies the ADsPath of the object to be moved, the LDAP provider and the DN of the Atl-Users group. The second parameter specifies vbNullString because the group is not renamed during the move operation. Alternatively, you can specify the relative distinguished name (cn=Atl-Users) for the second parameter.

Listing 5.26 Moving a Group Within the Same Domain

  
1
2
3
4


Set objOU = GetObject("LDAP://cn=Users,dc=NA,dc=fabrikam,dc=com")

objOU.MoveHere "LDAP://cn=Atl-Users,ou=HR,dc=NA,dc=fabrikam,dc=com", _
 vbNullString

Tip

  • It is easy to get confused about whether you specify the target or source container in the binding step. To remember that it is the target container that you specify in the binding step, ask yourself, "Where do I want the object to go?" After you have answered that question, specify that location in the binding step.

Moving an OU from One Domain to Another

The script in Listing 5.27 moves the Management OU from the fabrikam.com domain to the na.fabrikam.com domain.

  1. Bind to the na.fabrikam.com domain.

    This binding operation designates the na.fabrikam.com domain as the target container of the move operation.

  2. Move the Management OU from the fabrikam.com domain to the na.fabrikam.com domain.

Listing 5.27 Performing a Cross-Domain Move of an OU

  
1
2
3
4


Set objDomain = GetObject("LDAP://dc=NA,dc=fabrikam,dc=com")

objDomain.MoveHere "LDAP://ou=Management,dc=fabrikam,dc=com", _
 vbNullString

While the script in Listing 5.27 might appear useful, it is of limited use in its current form. A cross-domain move works only for leaf objects. Therefore, the OU must be empty before it can be moved. However, if you have assigned a number of attributes to the OU, it might make sense to move all of the objects in the container to the other domain, then move the OU, and finally move all of the objects back into the OU. For information about moving specific types of objects, such as user accounts, see the corresponding ADSI task-based chapter.

Important observations about the scripts in this section are:

  • They perform the same basic steps: They bind to a target container and then call the MoveHere method to move or rename an object.

  • They use the same method (MoveHere) without regard to the class of object or the operation (move or rename).


Did you find this helpful?
(1500 characters remaining)
Thank you for your feedback
Show:
© 2014 Microsoft. All rights reserved.