Moving a computer object to an AD Group without using the AD Provider

Today I had a colleague that needed to move a computer object to a group but he only had access to an older version of PowerShell and couldn’t load the AD Provider. Here’s what we came up with.

# Moves a Computer Object to an Active Directory Group
# Change “MyGroup” to your group name and change the OU and Domains to your own

# Get the Local Computer Name
$computername = (Get-WmiObject -Class Win32_ComputerSystem).name

# Search Active Directory for the Computer Object
$thedomain = [System.DirectoryServices.ActiveDirectory.Domain]::GetCurrentDomain()
$root = $thedomain.GetDirectoryEntry()
$search = [System.DirectoryServices.DirectorySearcher]$root
$search.Filter = “(cn=$computername)”
$result = $search.FindOne()
$computerObjectToMove = [ADSI]$result.path
$computerObjectToAdd = $result.GetDirectoryEntry().path

# Search Active Directory for the Group
$search.Filter = “(CN=MyGroup)”
$result = $search.FindOne()
$group = [ADSI]$result.path

# Move the computer object computer to required Group
$computerObjectToMove.psbase.Moveto([ADSI]”LDAP://CN=MyGroup,OU=Test,DC=thescomlab,DC=com”)
$group.psbase.Invoke(“Add”,$computerObjectToAdd)

Hope that helps

 
Comments

No comments yet.

Leave a Reply