We Keep Coding

Bulk Disable PowerShell Script Not Executing

I am kinda new to powershell and started a role in support. Working on a powershell script that will do the following things:
Disable a user account
Remove all AD Groups except for Domain Users
Edit the description
Move AD object to a disabled users OU
I think I can probalby change the "$TargetOU = OUPath" because the disabled users OU is never really going to change...if that's the issue then i'll feel like a dumby lol.
I am trying and failing to complete this! I don't know what is going wrong. Powershell isn't faulting out or anything it is just not executing?
Thank you for any help!
My code is here:
Import-Module ActiveDirectory
$TargetOU = "OU=DisabledUsers"
Import-Csv "C:temp\DisableTest.csv" | ForEach-Object {
$samAccountName = $_."samAccountName"
Get-AdPrincipalGroupMembership -Identity $samAccountName {Where-Object -Property Name -Ne -Value 'Domain Users' | Remove-AdGroupMember -Members $samAccountName}
Get-ADUser -Identity $samAccountName | Disable-ADAccount
Get-ADUser -Identity $samAccountName -Description "Disabled Per Request XXXX"
Move-ADObject -Identity $UserDN -TargetPath $TargetOU
}
Need it to do four things:
Disable a user account
Remove all AD Groups except for Domain Users
Edit the description
Move AD object to a disabled users OU

You have several issues:
$TargetOU = "OU=DisabledUsers"
This should be the full distinguished name, so something like OU=DisabledUsers,DC=example,DC=com
Get-AdPrincipalGroupMembership -Identity $samAccountName {Where-Object -Property Name -Ne -Value 'Domain Users' | Remove-AdGroupMember -Members $samAccountName}
The sytax here is messed up. You want to pipe (|) the results from Get-AdPrincipalGroupMembership into Where-Object, but you have braces ({). The closing brace at the end of the line is thus unnecessary. The Where-Object cmdlet also lets you simplify the syntax to something more readable, like Where Name -ne 'Domain Users'.
Get-ADUser -Identity $samAccountName -Description "Disabled Per Request XXXX"
This should be Set-ADUser, which is explains why this isn't changing anything.
Move-ADObject -Identity $UserDN -TargetPath $TargetOU
You haven't defined $UserDN, so it's not going to find the user. And as already mentioned , the target path should be the full distinguished name.
You're also looking up the account several times. Every time you pass just the username, it has to search for the account. As you have it, it would be searching for the account 5 times. You can avoid that (and speed things up) by calling Get-ADUser once and passing the result into each of the other commands.
And just for simplicity, you can omit -Identity since the first parameter is assumed to be the identity.
Putting everything together, it would look something like this:
Import-Module ActiveDirectory
$TargetOU = "OU=DisabledUsers,DC=example,DC=com" #Change this to the real value
Import-Csv "C:temp\DisableTest.csv" | ForEach-Object {
$user = Get-ADUser $_."samAccountName"
Get-AdPrincipalGroupMembership $user | Where Name -ne 'Domain Users' | Remove-AdGroupMember -Members $user
Disable-ADAccount $user
Set-ADUser $user -Description "Disabled Per Request XXXX"
Move-ADObject $user -TargetPath $TargetOU
}

Add AD group not working [Powershell command]

I am figuring out how to add the AD group to my AD user within the same domain using powershell command but I cant get it work as expected. The example I found was mainly using DN instead of sAMAccountname. This is the example I found in Microsoft website
These are all of my attempt on the powershell command but none of it was working. The powershell CLI was run as an user that contain sufficient privilege for updating the AD
Get-ADGroup -Server myserver.com -SearchBase "OU=test,dc=myserver,dc=com" -filter {name -like "groupA"} | Add-ADGroupMember -Members 3090
3090 is the user sAMAccountname.If I tried Get-ADGroup -Server myserver.com -SearchBase "OU=test,dc=myserver,dc=com" -filter {name -like "groupA"} , its able to return a correct group name but I am not sure why after I added Add-ADGroupMember -Members 3090, the command seem like not working anymore. Here are the combination of different command but none of them were working. I need to add the group to user base on sAMAccountname or User Principle Name instead of DN because my users were not located in the same OU
Attempt 1
Get-ADGroup -Server myserver.com -SearchBase "OU=test,dc=myserver,dc=com" -filter {name -like "groupA"} | Add-ADGroupMember -Members "3090"
Attempt 2
Add-ADGroupMember -Identity groupA -Members 3090
Attempt 3
$User = Get-ADUser -Identity "3090" -Server "myserver.com"
$Group = Get-ADGroup -Identity "groupA" -Server "myserver.com"
Add-ADGroupMember -Identity $Group -Members $User -Server "myserver.com"
No error was displayed in my powershell CLI

I need to copy computers from the default active directory "container" to security group using powershell

I'm trying to remove all computers from the wk_test security group and then add all the computers in the default 'Computers' container in AD to the (now-empty) wk_test security group.
However, I don't want to export the computers to a list and then import them back into the security group.
I have the first part of the script working properly, and it removes the computers from the wk_test group with no errors. My issue is adding the computers to the wk_test group from the "computers" container.
Remove-ADGroupMember "wk_test" -Members (Get-ADGroupMember "wk_test") -Confirm:$false
Add-ADGroupMember -Identity "wk_test" -Members (Get-ADComputer -SearchBase "CN=computers,DC=ad,dc=org") -filter*
I think the main problem is that I am attempting to copy from the computers container. Most of the advice on the internet refers to copying from an OU and not a container.

The Add-ADGroupMember documentation says:
You cannot pass user, computer, or group objects through the pipeline to this cmdlet.
Which I think is what you are trying to do.
I've used this method before to add computers from an OU to a group:
Get-ADComputer -SearchBase "CN=computers,DC=ad,dc=org" -Filter * | foreach {Add-ADGroupMember "wk_test" -Members $_.DistinguishedName }
But I think you could also modify your code like this, but I've not tested this as I'm not on domain at the moment.
$Computers = Get-ADComputer -SearchBase "CN=computers,DC=ad,dc=org" -filter* | select -ExpandProperty DistinguishedName
Add-ADGroupMember -Identity "wk_test" -Members $Computers

If you are moving them, why not use Move-ADObject.
So it would be:
Get-ADGroupMember "wk_test" | Move-ADObject -TargetPath <ou path>

how to remove all OU from AD via powershell

I am testing powershell with active directory,
have created list of OU in particular domain, but unable to remove all the OU from AD, Want to remove all OU except built in from AD
below is the script i am using, but it is giving access denied-
using administrator id
Get-ADOrganizationalUnit -Filter {Name -notlike "Domain Controllers"} -SearchBase (Get-ADDomain).Distinguishedname -SearchScope OneLevel | Remove-ADOrganizationalUnit -Recursive -Confirm:$false

OU's are protected by default, you have to remove that flag before deleting:
Set-ADObject -ProtectedFromAccidentalDeletion $false

Powershell Move-ADObject wildcard

We want to have an automatic OU assignment in our ActiveDirectory.
I tried to use the Move-ADObject cmdlet. But since we want that every object which CN starts for example with "Notebook" to move in to the "Notebooks" OU I have to use some kind of a wildcard but I couldn't figure out how to do it yet.
The code I use (I know it doesn't work):
Move-ADObject CN=Notebook*,CN=Computers,DC=ivstlu,DC=ch -TargetPath 'OU=Notebooks,DC=ivstlu,DC=ch'

I would do something like this:
get-adcomputer -filter "name -like '*Notebook*'" -searchbase "CN=Computers,DC=contoso,DC=net" | move-adobject -targetpath "OU=Notebooks,DC=contoso,DC=net"