Menu
CCMEXEC.COM – Enterprise Mobility
  • Home
  • General
  • Configuration Manager
  • Windows 10
  • Intune
  • GitHub
  • Windows 11
  • About the author
CCMEXEC.COM – Enterprise Mobility

Move the computer to the correct OU during OSD – PS version

Posted on March 7, 2018March 17, 2021 by Jörgen Nilsson

I wrote a blog post way back(2010) on how to move a computer to another OU during OS Deployment https://ccmexec.com/2010/12/move-computer-to-the-correct-ou-during-deployment/.
Could be that you want to move it when you upgrade to Windows 10 or if you reinstall a computer and it already exist in an different OU then it will not be moved automatically. The script is still being used, downloaded and commented on. So here is an updated blog post with a PowerShell script that does the move, if you don’t want to use a webservice.

The script:

# Script to move the computer object in AD to the OU supplied as a variable
# 1st Example Command line Powershell.exe -NoProfile -ExecutionPolicy bypass -file MoveToOU.ps1 "%MachineObjectOU%"
# 2nd example command line Powershell.exe -NoProfile -ExecutionPolicy bypass -file MoveToOU.ps1 "OU=Desktop,OU=Computers,OU=Test,DC=Test,DC=Local"

$OU = $args[0]

try {
$CompDN = ([ADSISEARCHER]"sAMAccountName=$($env:COMPUTERNAME)$").FindOne().Path
$CompObj = [ADSI]"$CompDN"
$CompObj.psbase.MoveTo([ADSI]"LDAP://$($OU)")
}
catch {
$_.Exception.Message ; Exit 1
}

It can be downloaded here as well: https://github.com/Ccmexec/MEMCM-OSD-Scripts

Save the script to a file in your package source folder for the script.

  1. Add the script to a package you replicate to all DPs
  2. In the Task Sequence add the following Run Command Line task (Make sure to add it after the “Setup Windows and Configuration Manager Client step”)
  3. Use a User Account with permission in the Active Directory to perform the task.

In this example the %MachineObjectOU% variable is used which can be set by MDT for example.

As simple as that and you are done!

NOTE: If you get an error like:

Exception calling “FindOne” with “0” argument(s): “Unknown error (0x80005000)”
Then check out this old post on an issue with the “Run this step as the following account” caused by .NET Framework 1.1. 
https://docs.microsoft.com/en-us/archive/blogs/deploymentguys/run-command-line-as-domain-user-incorrect-function-error 

Thanks to my colleague Johan Schrewelius for the help.

  • Move to OU
  • OSD
  • 28 thoughts on “Move the computer to the correct OU during OSD – PS version”

    1. DeployClarity says:
      March 14, 2018 at 4:11 am

      Hi Jorgan, great work. Looks to be working for me. Just one thing. In your example command line above the script, you have -Set-ExecutionPolicy not -ExecutionPolicy.

      Thanks again, love your work.

      Reply
      1. Jörgen Nilsson says:
        March 14, 2018 at 8:59 am

        Hi,
        Thanks for the heads-up! Fixed it! 😀
        /jörgen

        Reply
    2. Stewart says:
      March 16, 2018 at 4:09 pm

      Hi Jörgen, I can’t seem to get this to work in my build task sequence. The weird thing is, if I copy the relevant step into a blank custom TS and deploy once the same machine has been built, it works fine. I’ve got it inserted after setup windows and ConfigMgr. I get “Incorrect function Error Code 1”. Any ideas?

      Reply
      1. Jörgen Nilsson says:
        March 23, 2018 at 11:39 am

        Hi,
        Is the computer domain joined? the step is run after the Setup Windows and Configuration Manager step?
        Regards,
        Jörgen

        Reply
        1. Anders says:
          March 29, 2018 at 3:59 pm

          Hi,
          I’m having the exact same problem as Stewart is describing.
          Error 1 if i run it in build task and if i deploy the same step in a custom TS it works just fine.

          From smsts.log (build task): Exception calling “FindOne” with “0” argument(s): “Ok„nt fel (0x80005000)”

          Regards,
          Anders

          Reply
          1. Jörgen Nilsson says:
            April 5, 2018 at 9:04 am

            Hi,
            0 Arguments sounds like something is strange. can you paste the command line? Where in the TS are you running it?
            Regards,
            Jörgen

            Reply
            1. Anders says:
              April 11, 2018 at 1:06 pm

              Hi,
              Running in State Restore.
              Command line: powershell.exe -NoProfile -ExecutionPolicy Bypass -File Move-Computer.ps1 “OU=XX,DC=XX….”

              (I don´t know if this has anything to do with this but if i add a pause task right before the “move computer” task and try to run “runas /user:’domain admin account’ cmd” i get the error message “5: Access denied”.)

              Regards,
              Anders

          2. paulie says:
            February 18, 2019 at 3:12 am

            Hi, I have the same problem with Exception calling FindOne with 0 arguments.. did you find a solution? I wonder if its a problem because i’m using a joindomain account, that’s restricted..

            Reply
            1. Jörgen Nilsson says:
              February 18, 2019 at 10:09 am

              Hi,
              What if you run the script manually using that same account does it work then?
              Regards,
              Jörgen

    3. KevinVGW says:
      April 13, 2018 at 9:12 am

      Hi all,
      I was struggling with this ‘Access Denied’ issue as well.
      For me, it works after adding the following key, before I start the move script:

      REG ADD HKLM\Software\Microsoft\COM3 /v REGDBVersion /t REG_BINARY /d 010000 /f

      (https://blogs.technet.microsoft.com/deploymentguys/2012/04/24/run-command-line-as-domain-user-incorrect-function-error/)

      Reply
      1. Jörgen Nilsson says:
        April 13, 2018 at 9:36 am

        Hi,
        Thanks for posting it here! That is an often used workaround and will solve it as the script works but fails in some TS: I have seen it as well when I copy steps between TS.
        Regards,
        Jörgen

        Reply
    4. Pingback: Windows 10 1809 kiosk mode with an AD domain account – 4sysops
    5. Jo Bullimore says:
      December 11, 2018 at 3:52 pm

      Hi Jorgen,

      Is it possible to set the OU when calling the script instead of using MDT to set the %MachineObjectOU% variable?

      Particularly as we would like to use an if statement so that if the machine is a desktop, OU1 is selected and if a laptop OU2 is selected.

      Kind Regards,

      Jo

      Reply
      1. Jörgen Nilsson says:
        January 13, 2019 at 10:58 pm

        Hi,
        Yes will work just as well as the variable.
        Regards,
        Jörgen

        Reply
        1. Sam says:
          February 13, 2019 at 12:03 pm

          I have a similar scenario, if I want to specify an OU rather than a variable how would the script then look ? Do I set it within the script or should I set it in the command line task sequence ?

          Reply
          1. Jörgen Nilsson says:
            February 18, 2019 at 10:11 am

            Hi,
            You can set it as a Task Sequence variable or use the sample command line I added a couple of weeks ago to the Post:
            example command line:
            Powershell.exe -NoProfile -ExecutionPolicy bypass -file MoveToOU.ps1 “OU=Desktop,OU=Computers,OU=Test,DC=Test,DC=Local”
            That will work the same way.
            Regards,
            Jörgen

            Reply
    6. Jo Bullimore says:
      January 17, 2019 at 4:03 pm

      I am attempting to use this as part of a task sequence so that I can move a computer to a different OU once the machine has been upgraded from Windows 8.1 to Windows 10. Unfortunately this doesn’t work and doesn’t give me much info in the imaging logs as to why. As such, I have run the script locally on a test machine and I get the following error:

      “PS C:\WINDOWS\system32> z:\MoveToOU.ps1 “%OU=Laptops,OU=Staff 10,OU=Computer Accounts%”
      Exception calling “MoveTo” with “1” argument(s): “An operations error occurred.”

      When I look at $Error I get a little more info and it displays the following:

      At z:\MoveToOU.ps1:10 char:5
      + $CompObj.psbase.MoveTo([ADSI]”LDAP://$($OU)”)
      + ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
      + CategoryInfo : NotSpecified: (:) [], MethodInvocationException
      + FullyQualifiedErrorId : DotNetMethodException

      PS C:\WINDOWS\system32>

      I’m just stumped at this point, as from what I’ve found online the error suggests that there is an ‘access denied’ issue, however the PowerShell command window has been loaded to ask for credentials of the Active Directory account that has permission to move computer objects, so not sure what I am missing.

      I’d also appreciate any info/resources on how I can send what is caught during the ‘catch’ error handling segment so that this is written to the standard smsts.log file that is generated when the task sequence runs.

      Reply
      1. Jörgen Nilsson says:
        January 18, 2019 at 3:56 pm

        Hi,
        You need the full LDAP path for the move and not only the OU part, you need for example:
        OU=Desktop,OU=Computers,OU=Test,DC=Test,DC=Local and the “%” are not needed either, I will update the post with that example.
        Thanks
        /Jörgen

        Reply
        1. Jo Bullimore says:
          January 31, 2019 at 11:33 am

          Jorgen thanks for this. Much appreciated.
          I got this to work when running it manually, but when it doesn’t run/work when I run it as part of the task sequence and my smsts.log doesn’t give me any info as to why it hasn’t worked.
          I’m testing it with a task sequence that only executes the move before adding it to my full task sequence, but no joy there either. I’m sure I could crack it, it’s the absence of any error messages that has me stumped at this point.

          Reply
        2. Jo Bullimore says:
          February 6, 2019 at 3:30 pm

          Hi,
          I managed to get this working in a task sequence, but it is the only thing in this test task sequence. When I add it to the main task sequence I want it to run from I get a failure:

          “failed to get the linked token information. It may not be available. Error 1312”

          Yet works when separate. a little frustrating bnut it feels like I am close.
          Any help/advice really would be much appreciated.
          Thanks & Kind Regards,
          Jo

          Reply
          1. Jörgen Nilsson says:
            February 6, 2019 at 7:39 pm

            Hi, Where in the task sequence are you running it? It Should be run after the Setup Windows and Configuration Manager step.
            Regards,
            Jörgen

            Reply
            1. Jo Bullimore says:
              February 7, 2019 at 1:12 pm

              Hi,
              This task sequence is a Windows 8 – Windows 10 inplace upgrade annd as such I have the following:
              – Prepare for Upgrade: which removes apps that are caught by incompatibility checking and if not removed cause failure.
              – Upgrade the OS followed by a restart
              – Installs Applications for Windows 10
              – Customisations to the OS
              – OU Move: which includes the MDT Toolkit and Gather actions followed by the actual script to move depending on whether the machine is evaluated as a laptop/desktop using the variable IsLaptop, ending with a restart.

              The evaluation for laptop or desktop works fine, but when running the command there appears to be an issue downloading the content for the package which holds the script, which is the same package used in my test task sequence (which works) and only includes the actions for the OU Move.
              Again, thanks for all your help with this.
              Kind Regards,
              Jo

    7. Ciro says:
      March 6, 2019 at 4:56 pm

      Hi,
      I want to move new deployed computers to specific OUs by checking their IP addresses.
      So, I wrote a Powershell script which reads computer IP address and match it in an external CSV file, in which I specified IP subnets with OUs in the complete form: “OU=Computers Site 1,OU=Site 1,DC=contoso,DC=com”.
      So far so good: I call the “Run Command Line” task in the Task Sequence (after domain join and Setup Windows and ConfigMgr) and run the following command: powershell.exe -NoProfile -ExecutionPolicy Bypass -File MoveToOU.ps1
      Both PS1 and CSV files are in the same Package and the command runs with a domain admin account.
      In my log (from the script) all works but the OU moving: $CompObj.psbase.MoveTo([ADSI]”LDAP://$($OU)”)
      I have an exeption: “Exception calling “MoveOU” with “1” argument(s): “An invalid dn syntax has been specified.”
      Where “MoveOU” is my function to which I pass the $OU argument.
      If I run the script locally it works fine. If I create a TS in which there is only this task, it works fine. So, do I’m missing something?

      Reply
    8. Terry says:
      June 11, 2019 at 11:44 pm

      $username = ‘UName’
      $password = ‘PWord’
      $Key = ()
      $cred = New-Object -TypeName System.Management.Automation.PSCredential -argumentlist $username,($password | ConvertTo-SecureString -Key $Key)

      #Create variable capabable of querying Task Sequence variable
      $tsenv = New-Object -ComObject Microsoft.SMS.TSEnvironment

      #Moves Computer to Proper OU
      Import-Module ActiveDirectory
      Get-ADComputer $ENV:COMPUTERNAME -Credential $cred | Move-ADObject -TargetPath $tsenv.Value(“OSDDomainOUName”) -Credential $cred

      Reply
    9. Terry says:
      June 11, 2019 at 11:45 pm

      The above Worked for our environment.
      This part was the most important: $tsenv = New-Object -ComObject Microsoft.SMS.TSEnvironment

      Reply
    10. Majid says:
      November 13, 2019 at 8:48 pm

      Hi Jörgen,
      Thanks for the script. It works fine. I just don’t want to use “Run as …”.
      For some reason I like to use the username and password in the script.
      Can you help me please?

      Thanks

      Reply
    11. Merwin says:
      February 24, 2020 at 3:27 pm

      Hi , I am also getting the same error while running the task to move the computer object to target OU. Does anyone have an idea on the fix? I have used the above script and i am running it with my Domain Admin access.

      Reply
    12. Merwin says:
      February 24, 2020 at 8:02 pm

      apologies, script worked without any issues and the error due to the typo in my OU name!
      Merwin

      Reply

    Leave a Reply Cancel reply

    Your email address will not be published. Required fields are marked *

    This site uses Akismet to reduce spam. Learn how your comment data is processed.

    My name is Jörgen Nilsson and I work as a Senior Consultant at Onevinn in Malmö, Sweden. This is my blog where I will share tips and stuff for my own and everyone elses use on Enterprise Mobility and Windows related topics.
    All code is provided "AS-IS" with no warranties.

    Tweets by ccmexec

    Recent Posts

    • Windows Servicing, Personal Teams and Success.cmd
    • Windows MDM Security Baseline – Settings Catalog
    • Configuring MS Edge Security Baseline v107 using Settings Catalog
    • Configuring Desktop App Installer using CSP and script?!
    • Customizing Taskbar and Start in Windows 11 22h2 with PowerShell

    ©2023 CCMEXEC.COM – Enterprise Mobility | WordPress Theme by Superb Themes
    This website uses cookies to improve your experience. We'll assume you're ok with this, but you can opt-out if you wish.Accept Reject Read More
    Privacy & Cookies Policy

    Privacy Overview

    This website uses cookies to improve your experience while you navigate through the website. Out of these, the cookies that are categorized as necessary are stored on your browser as they are essential for the working of basic functionalities of the website. We also use third-party cookies that help us analyze and understand how you use this website. These cookies will be stored in your browser only with your consent. You also have the option to opt-out of these cookies. But opting out of some of these cookies may affect your browsing experience.
    Necessary
    Always Enabled
    Necessary cookies are absolutely essential for the website to function properly. This category only includes cookies that ensures basic functionalities and security features of the website. These cookies do not store any personal information.
    Non-necessary
    Any cookies that may not be particularly necessary for the website to function and is used specifically to collect user personal data via analytics, ads, other embedded contents are termed as non-necessary cookies. It is mandatory to procure user consent prior to running these cookies on your website.
    SAVE & ACCEPT