Menu
CCMEXEC.COM – Enterprise Mobility
  • Home
  • General
  • Configuration Manager
  • Windows 10
  • Windows 11
  • Intune
  • GitHub
  • About
CCMEXEC.COM – Enterprise Mobility

Move Computer to the Correct OU during deployment

Posted on December 11, 2010December 11, 2010 by Jörgen Nilsson

When deploying Windows 7 a common scenario is that you want to move all reinstalled computer to a “Windows 7 Client”  OU. When reinstalling a Computer that already has an existing computer account in Active Directory neither MDT or SCCM will move that account. This is no new pchallange but I get the question many times so I thought I would share how I do it .

You could use this excellent webservice http://mdtwebfrontend.codeplex.com/Thread/View.aspx?ThreadId=207126, extremely useful high security environments with restrictions for service account usage e.t.c.

Another solution is using this great VBSscript provided by Coretech.dk you can find it here:http://blog.coretech.dk/scripting/vbscript-move-computer-object-to-another-ou-via-command-line-parameter/
The script will move the computer if it is not already in the specified OU, i was thinking of writing one but then I find this script and thought I would share how I use it.

Using this excellent script in a MDT/SCCM Task Sequence is very simple and straight forward, the command-line below will move the computer to the MachineObjectOU configured in MDT settings file or database.

  1. Add the script to a package you replicate to all DPs
  2. In the Task Sequence add the following Run Command Line task (Make sure to add it after the “Setup Windows and Configuration Manager Client step”)
  3. Use a User Account with permission in the Active Directory to perform the task.
    MoveComputerThis is one of the simplest way to achieve this. Thanks to Jakob Gottlieb Svendsen att Coretech.dk for sharing the script.

27 thoughts on “Move Computer to the Correct OU during deployment”

  1. Prakash says:
    January 6, 2011 at 4:10 pm

    Hi

    Do I just need to run this script without any parameters, how does it know which OU it should join the system to.

    Thanks
    Prakash

    Reply
  2. Jörgen Nilsson says:
    January 6, 2011 at 4:33 pm

    Hi,
    No you have to pass the OU path to where it should be moved as in my example above it is collected from the MDT database as a variable %MachineObjectOU%.
    In the MDT database the value is for variable is : OU=Computers,OU=Test,DC=Contoso,DC=Com
    Regards,
    Jörgen

    Reply
  3. Prakash says:
    January 7, 2011 at 12:31 pm

    Hi

    Thanks for the response, Iam trying to join system to a specific OU based on its name during the TS execution. It would be very helpful if you could let me know the exact steps. Thanks again.

    prakash

    Reply
  4. Mike says:
    August 23, 2011 at 7:16 pm

    Hi,
    I am trying to move the client from stage OU to perm OU as the last step of the MDT TS. And the script is failing. When i try to run it manually i get to error but the client is not moved to a new OU.
    This is how i am calling the script:
    cscript.exe “%SCRIPTROOT%\MoveOU.vbs “OU=Windows7,OU=***,OU=***,OU=***,DC=***,DC=***,DC=com”

    Reply
  5. Max says:
    August 30, 2011 at 10:50 am

    MDT users: which part of the task sequence are you guys adding the vbs to?

    Reply
  6. Mike says:
    August 30, 2011 at 7:56 pm

    I have it in the State Restore in the Custom Tasks folder.

    Reply
  7. Mike says:
    August 30, 2011 at 7:57 pm

    I am using MDT without SCCM

    Reply
  8. Roel Janssens says:
    December 12, 2012 at 12:00 pm

    Thank you!

    Reply
  9. User says:
    May 24, 2013 at 7:42 pm

    I have placed the script both before and after “Apply Network Settings” in State Restore. The script works, but my policies (legal notice) are applied before the script is run. After I click okay to accept the legal notice the computer logs in and the script runs moving the computer to the staging OU.

    Has anyone else had this issue?

    Thanks.

    Reply
  10. Josh says:
    June 7, 2013 at 2:43 am

    I am trying to run this on task sequence as:

    cscript.exe “%deployroot%\scripts\moveou.vbs” “LDAP path with mentioning the LDAP:\\xx”

    Command comes as this:

    smswd.exe /run:lcc00123 cscript.exe “%deployroot%\scripts\moveou.vbs” “OU=xxxxxx”

    all good however, I am getting following error:

    exit code 80004005, running a command line under a user account is not supported in winpe

    any idea?

    Reply
  11. Pingback: My own SCCM Collection | Move computers to a specefic OU during OSD
  12. sid says:
    December 16, 2015 at 8:23 pm

    Here is the PS script that I sue to join to domain and put computer into OU:

    strdomain = “Domain.com”

    $strpass =ConvertTo-SecureString “password” -AsPlainText -Force

    $struser = “Domain\user”

    $credential = New-Object System.Management.Automation.PSCredential($struser,$strpass)

    $strou=”OU=workstations,OU=siteA,OU=Devices,DC=domain,DC=com”
    Add-Computer -DomainName $strdomain -Credential $credential -oupath $strou

    Reply
  13. Jonathan says:
    April 5, 2016 at 10:51 pm

    Do you know how one would check for certain ip range or default gateway? Different OUs for different buildings. Can you think of an easier way to get this accomplished?

    Reply
    1. Jörgen Nilsson says:
      April 5, 2016 at 10:56 pm

      Hi,
      You could use MDT for that, or a subset or MDT files in the Task Sequence or write a script for it.. I think I have an old one somewhere that I used before.
      /Jörgen

      Reply
  14. Dwayne says:
    August 3, 2016 at 10:18 pm

    Hi, I have a similar situation to that of the last comment. I’m the SCCM admin, I’ve got offices located globally, I’ve got vlan Ip ranges scoped out and tied to Boundary Groups in SCCM 1602 CB. I’d like my Task Seqence to be able to see where or what vlan it’s being imaged at then simply add itself to that corosponding OU. We’ve got an OU for each Global site and again, I’ve tied it all together with vlan ip boundarys and boundary groups. thanks in advance for any info you can provide

    Reply
  15. PPeterson says:
    November 16, 2016 at 12:58 am

    MDT gathers the gateway and holds it in the variable [DefaultGateway]. I would suggest creating rules under your deployment share properties to define the OU you want based on the gateway. Use the MachineObjectOU to define your destination OUs

    Reply
  16. Jeff says:
    December 14, 2017 at 7:41 pm

    Hello- I’m trying to use this script as a last step in an in place upgrade from Windows 7 to Windows 10. It is failing to run. The log shows this, wondering if you have any thoughts or ideas to help me get it to run? Failed to run the action: Move Computer Object to Win10 OU. Incorrect function. (Error: 00000001; Source: Windows)

    Reply
    1. bart says:
      January 12, 2018 at 8:20 am

      hello, we have the same error
      do you have an idea what could be the cause of the problem?

      Reply
      1. Jörgen Nilsson says:
        January 12, 2018 at 11:49 am

        Hi,
        What does the log say? if you run it manually using Psexec.exe with the variable typed, does it work then?
        Regards,
        Jörgen

        Reply
    2. Jörgen Nilsson says:
      January 12, 2018 at 11:48 am

      Hi, Did you resolve this? is the MachineObjectOU variable set?
      Regards,
      Jörgen

      Reply
  17. Lucas Styles says:
    January 12, 2018 at 3:16 pm

    The link to the script has changed:
    http://blog.ctglobalservices.com/scripting-development/jgs/vbscript-move-computer-object-to-another-ou-via-command-line-parameter/

    Reply
  18. Ron says:
    January 19, 2018 at 7:07 pm

    I’m having the same issue, but only recently. The scripts that were working beautifully broke after we installed SCCM 2016 version 1710, I believe. Both Powershell and VBScripts will not run after the machine boots to full OS. VBScripts work fine in WinPE. Permissions seem to be suspect, but the account has been verified and other domain admin level accounts have also been tested.

    Reply
  19. MSD_GUY says:
    January 26, 2018 at 6:49 pm

    I ran into this myself a while ago after upgrading to SCCM 1706. Opened a case with MS and they gave me a “workaround”. It appears to be a “bug” in the OS during upgrade only. I was upgrading to Win10 (1607) at the time. I just confirmed a few days ago that this is still an issue in (1703). I haven’t tested (1709).
    What the workaround does:
    It exports the state of a particular registry key (that causes the issue) and saves it to a location of your choosing. Changes the value of the key so you can run your script then imports the original value of the key after the change is made.

    add the following steps somewhere in Post-Processing. I have an Adjust Membership and cleanup group.
    Add this BEFORE adding or removing groups steps:
    Step::Export Registry
    Command Line:: REG EXPORT HKLM\SOFTWARE\Microsoft\COM3 %temp%\com.reg /y
    Step:: Modify Registy
    Command Line:: REG ADD HKLM\SOFTWARE\Microsoft\COM3 /v REGDBVersion /t REG_BINARY /d 010000 /f
    Step:: Add or remove group membership
    Add this only AFTER all add or remove group membership steps are done:
    Step:: Import Registry
    CommandLine:: REG IMPORT %temp%\com.reg

    I hope this helps others in their upgrade projects!

    Reply
  20. JagoWu says:
    January 31, 2018 at 10:41 pm

    Hi,
    Do you have an easy step by step way to setup the webservice to use this move script? Also, what AD permissions do we need to have for it all to work? Thank You

    Reply
    1. Jörgen Nilsson says:
      January 31, 2018 at 10:54 pm

      Hi,
      check out this webservice instead https://gallery.technet.microsoft.com/Web-Service-for-OS-93b6ecb8#content
      easy setup using an .MSI and example scripts, permission to move computer is documented here for instance. https://morgansimonsen.com/2013/12/17/delegating-computer-object-management-tasks-2/
      Regards,
      Jörgen

      Reply
  21. MDTdude says:
    August 21, 2018 at 8:44 pm

    It will not move no matter how I set the parameter.

    Reply
  22. Robert says:
    September 5, 2019 at 5:53 pm

    At my organization we have multiple domains. I was using this script for USB task sequence imaging, it works fine for the domain my user account is in, but when I try to use the script in other domains with that same user account I get:
    Exception calling “MoveTo” with “1” argument(s): “An invalid directory pathname was passed” I have verified that my account has rights in all 3 domains to move computers. I had noticed others had received this same error was there ever a consensus on the fix?

    Reply

Leave a Reply Cancel reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.

My name is Jörgen Nilsson and I work as a Senior Consultant at Onevinn in Malmö, Sweden. This is my blog where I will share tips and stuff for my own and everyone elses use on Enterprise Mobility and Windows related topics.
All code is provided "AS-IS" with no warranties.

Recent Posts

  • New settings in Intune Security Baseline Windows 11 24H2 -2504
  • Managing extensions in Visual Studio Code
  • Reinstall a required Win32app using remediation on demand
  • Administrator protection in Windows 11 – First look
  • Remediation on demand script – ResetWindowsUpdate
©2025 CCMEXEC.COM – Enterprise Mobility | WordPress Theme by Superb Themes
This website uses cookies to improve your experience. We'll assume you're ok with this, but you can opt-out if you wish.Accept Reject Read More
Privacy & Cookies Policy

Privacy Overview

This website uses cookies to improve your experience while you navigate through the website. Out of these, the cookies that are categorized as necessary are stored on your browser as they are essential for the working of basic functionalities of the website. We also use third-party cookies that help us analyze and understand how you use this website. These cookies will be stored in your browser only with your consent. You also have the option to opt-out of these cookies. But opting out of some of these cookies may affect your browsing experience.
Necessary
Always Enabled
Necessary cookies are absolutely essential for the website to function properly. This category only includes cookies that ensures basic functionalities and security features of the website. These cookies do not store any personal information.
Non-necessary
Any cookies that may not be particularly necessary for the website to function and is used specifically to collect user personal data via analytics, ads, other embedded contents are termed as non-necessary cookies. It is mandatory to procure user consent prior to running these cookies on your website.
SAVE & ACCEPT