Skip to main content

PowerShell Move-ADObject: Move Objects Between OUs

• 3 min read
powershell active-directory move-adobject ou-management tutorial

PowerShell Move-ADObject: Complete Guide to Moving AD Objects

Overview

The Move-ADObject cmdlet moves Active Directory objects (users, computers, groups, OUs) from one container to another. Used for organizational restructuring, user transfers, and OU reorganization.

Common Tasks:

  • Move users between department OUs
  • Relocate computers to different OUs
  • Move groups to new containers
  • Transfer OUs to different parent containers
  • Bulk reorganize after company restructuring

Prerequisites:

  • PowerShell 5.1 or later
  • Active Directory PowerShell module
  • Domain Administrator or delegated Move permissions
  • Target OU must exist

Syntax

Move-ADObject [-Identity] <ADObject> -TargetPath <string> [-Server <string>]
```powershell

### Key Parameters

| Parameter | Type | Description |
|-----------|------|-------------|
| `-Identity` | ADObject | Object to move (DN, GUID, or distinguished name) |
| `-TargetPath` | String | Target container distinguished name (required) |
| `-Server` | String | Domain controller to contact |

---

## Examples

### Example 1: Move Single User to Different OU

```powershell
# Get the user
$user = Get-ADUser "jsmith"

# Move to Finance OU
Move-ADObject -Identity $user `
    -TargetPath "OU=Finance,OU=Users,DC=contoso,DC=com"

Write-Host "✓ Moved $($user.Name) to Finance OU"
```powershell

### Example 2: Move User by Distinguished Name

```powershell
$userDN = "CN=John Smith,OU=IT,OU=Users,DC=contoso,DC=com"

Move-ADObject -Identity $userDN `
    -TargetPath "OU=Finance,OU=Users,DC=contoso,DC=com"
```powershell

### Example 3: Move Computer Between OUs

```powershell
# Get the computer
$computer = Get-ADComputer "WS-NYC-001"

# Move to Workstations OU
Move-ADObject -Identity $computer `
    -TargetPath "OU=Workstations,OU=Computers,DC=contoso,DC=com"

Write-Host "✓ Moved $($computer.Name) to Workstations OU"
```powershell

### Example 4: Move Multiple Users via Pipeline

```powershell
# Move all users from IT to Finance department
Get-ADUser -Filter * -SearchBase "OU=IT,OU=Users,DC=contoso,DC=com" |
ForEach-Object {
    Move-ADObject -Identity $_ `
        -TargetPath "OU=Finance,OU=Users,DC=contoso,DC=com"
    Write-Host "✓ Moved $($_.Name)"
}
```powershell

### Example 5: Bulk Move from CSV

```powershell
$csv = Import-Csv "C:\move-users.csv"

foreach ($item in $csv) {
    try {
        $object = Get-ADObject -Filter "Name -eq '$($item.ObjectName)'" `
            -ErrorAction Stop

        Move-ADObject -Identity $object `
            -TargetPath $item.TargetOU `
            -ErrorAction Stop

        Write-Host "✓ Moved: $($item.ObjectName) to $($item.TargetOU)"
    }
    catch {
        Write-Host "✗ Failed: $($item.ObjectName) - $($_.Exception.Message)"
    }
}
```powershell

**CSV Format:**
```csv
ObjectName,TargetOU
John Smith,"OU=Finance,OU=Users,DC=contoso,DC=com"
Jane Jones,"OU=Sales,OU=Users,DC=contoso,DC=com"
DESKTOP-001,"OU=Workstations,OU=Computers,DC=contoso,DC=com"
```powershell

### Example 6: Move Users by Department Change

```powershell
# Function to move user to new department
function Move-UserToDepartment {
    param(
        [string]$UserName,
        [string]$NewDepartment,
        [string]$DomainRoot = "DC=contoso,DC=com"
    )

    try {
        $user = Get-ADUser $UserName -ErrorAction Stop
        $targetOU = "OU=$NewDepartment,OU=Users,$DomainRoot"

        Move-ADObject -Identity $user -TargetPath $targetOU
        Write-Host "✓ $UserName moved to $NewDepartment"
    }
    catch {
        Write-Host "✗ Error: $($_.Exception.Message)"
    }
}

# Usage
Move-UserToDepartment -UserName "jsmith" -NewDepartment "Finance"
Move-UserToDepartment -UserName "jjones" -NewDepartment "Sales"
```powershell

### Example 7: Move Computers by Location

```powershell
# Move all computers from one location to another
$oldLocation = "OU=NewYork,OU=Computers,DC=contoso,DC=com"
$newLocation = "OU=Boston,OU=Computers,DC=contoso,DC=com"

Get-ADComputer -Filter * -SearchBase $oldLocation |
ForEach-Object {
    Move-ADObject -Identity $_ -TargetPath $newLocation
    Write-Host "✓ Moved $($_.Name) to Boston"
}
```powershell

### Example 8: Move with Error Handling

```powershell
function Move-ADObjectSafe {
    param(
        [string]$Identity,
        [string]$TargetPath
    )

    try {
        # Verify source object exists
        $object = Get-ADObject -Identity $Identity -ErrorAction Stop

        # Verify target OU exists
        Get-ADOrganizationalUnit -Identity $TargetPath -ErrorAction Stop | Out-Null

        # Move the object
        Move-ADObject -Identity $object -TargetPath $TargetPath -ErrorAction Stop
        Write-Host "✓ Successfully moved $($object.Name)"
    }
    catch {
        if ($_.Exception.Message -like "*not found*") {
            Write-Host "✗ Object or target OU not found"
        }
        else {
            Write-Host "✗ Error: $($_.Exception.Message)"
        }
    }
}
```powershell

### Example 9: Move OU with All Contents

```powershell
# Get the OU to move
$sourceOU = Get-ADOrganizationalUnit -Filter "Name -eq 'OldDepartment'"

# Move the OU to new parent
Move-ADObject -Identity $sourceOU `
    -TargetPath "OU=Users,DC=contoso,DC=com"

Write-Host "✓ OU and all contents moved"
```powershell

### Example 10: Reorganize After Restructuring

```powershell
# Move all users to new department structure
$moves = @(
    @{Source="jsmith"; Target="OU=Finance,OU=Users,DC=contoso,DC=com"},
    @{Source="jjones"; Target="OU=Sales,OU=Users,DC=contoso,DC=com"},
    @{Source="bwilson"; Target="OU=IT,OU=Users,DC=contoso,DC=com"}
)

foreach ($move in $moves) {
    try {
        $user = Get-ADUser $move.Source
        Move-ADObject -Identity $user -TargetPath $move.Target
        Write-Host "✓ $($user.Name) moved successfully"
    }
    catch {
        Write-Host "✗ Failed to move $($move.Source): $($_.Exception.Message)"
    }
}
```powershell

---

## Finding Objects to Move

### Find Users by Filter

```powershell
# Users without department prefix in their OU
Get-ADUser -Filter * -SearchBase "OU=Temp,DC=contoso,DC=com" |
Select-Object Name, UserPrincipalName
```powershell

### Find Computers in Specific Location

```powershell
# Computers in old location
Get-ADComputer -Filter * -SearchBase "OU=OldLocation,OU=Computers,DC=contoso,DC=com"
```powershell

### Find All Objects Without Proper OU

```powershell
# Objects directly under domain
Get-ADObject -Filter * -SearchBase "DC=contoso,DC=com" `
    -SearchScope OneLevel | Where-Object { $_.ObjectClass -ne "container" }
```powershell

---

## Common Scenarios

### Scenario 1: Employee Transfer Between Departments

```powershell
# User transferred from IT to Finance
$user = Get-ADUser "jsmith"
Move-ADObject -Identity $user `
    -TargetPath "OU=Finance,OU=Users,DC=contoso,DC=com"

# Update department attribute
Set-ADUser $user -Department "Finance"
Write-Host "✓ $($user.Name) transferred to Finance"
```powershell

### Scenario 2: Cleanup Unorganized Users

```powershell
# Move all users from unorganized location to proper OUs
$tempUsers = Get-ADUser -Filter * -SearchBase "OU=NewUsers,DC=contoso,DC=com"

foreach ($user in $tempUsers) {
    $dept = $user.Department
    $targetOU = "OU=$dept,OU=Users,DC=contoso,DC=com"

    Move-ADObject -Identity $user -TargetPath $targetOU
    Write-Host "✓ $($user.Name) moved to $dept"
}
```powershell

### Scenario 3: Consolidate Test/Development Objects

```powershell
# Move all test computers to Test OU
Get-ADComputer -Filter "Name -like '*TEST*'" |
ForEach-Object {
    Move-ADObject -Identity $_ `
        -TargetPath "OU=Test,OU=Computers,DC=contoso,DC=com"
}

Write-Host "✓ All test computers consolidated"
```powershell

---

## Best Practices

✅ **Verify Before Moving**
- Confirm object exists
- Confirm target OU exists
- Check current group memberships
- Plan for GPO reapplication

✅ **Bulk Moves in Off-Hours**
- GPO reapplication can cause temporary slowdown
- Move during maintenance windows
- Notify users if moving their computers

✅ **Log All Moves**
- Document who was moved
- Record source and target OUs
- Keep for auditing purposes
- Maintain for rollback if needed

✅ **Test Before Production**
- Test moves on test domain
- Verify GPO application after move
- Check for unexpected policy changes

✅ **Communicate Changes**
- Notify users of computer moves
- Document organizational changes
- Update documentation

---

## Troubleshooting

### Problem: "Cannot Find Object"

```powershell
# Verify object exists
Get-ADUser "jsmith"  # May not exist or name different

# Search for similar names
Get-ADUser -Filter "Name -like '*smith*'"
```powershell

### Problem: "Target OU Not Found"

```powershell
# Verify target OU exists
Get-ADOrganizationalUnit -Filter "DistinguishedName -eq 'OU=Finance,OU=Users,DC=contoso,DC=com'"

# Or list available OUs
Get-ADOrganizationalUnit -Filter * -SearchBase "OU=Users,DC=contoso,DC=com"
```powershell

### Problem: "Permission Denied"

```powershell
# Verify you have Move permissions
# Usually requires Domain Admin
whoami /groups | findstr "Domain Admins"

# Or have delegated Move permissions on target OU
```powershell

### Problem: GPO Not Applied After Move

```powershell
# Force Group Policy refresh
gpupdate /force

# Or wait for next refresh cycle (default 90 minutes + offset)
# Computers refresh more frequently than users (60 min + offset)
```powershell

---

## FAQs

### Q: How long does object move take?
A: Immediate in AD. GPO reapplication takes next login or refresh cycle.

### Q: Can I move objects to different domain?
A: No, Move-ADObject works only within same domain. Use adsmove.exe for inter-forest moves.

### Q: Does moving user affect group memberships?
A: No, group memberships are unchanged. User keeps all groups.

### Q: What about forwarding email after move?
A: Moving changes OU, not email. Update mail attributes separately if needed.

### Q: Can I undo a move?
A: Yes, move back to original OU. No direct undo, but reversible.

### Q: Does move affect user login?
A: Only initial Group Policy application delay. No disruption to current session.

### Q: How do I move objects without downtime?
A: Moves are immediate with minimal impact. Safe to do during business hours.

---

## Related Commands

- **[Get-ADOrganizationalUnit](/powershell-get-adorganizationalunit)** - Query OUs
- **[Get-ADUser](/powershell-get-aduser)** - Find users
- **[Get-ADComputer](/powershell-get-adcomputer)** - Find computers
- **[Get-ADGroup](/powershell-get-adgroup)** - Find groups

---

## See Also

- **[Active Directory OU Overview](/active-directory-ou)** - OU concepts
- **[Active Directory OU Structure](/active-directory-ou-structure)** - Design patterns
- **[PowerShell Get-ADOrganizationalUnit](/powershell-get-adorganizationalunit)** - Query OUs

---

**Last Updated:** February 6, 2026
**Difficulty Level:** Intermediate
**Reading Time:** 8 minutes

Related Articles

PowerShell Get-ADOrganizationalUnit: Query Active Directory OUs

Master PowerShell Get-ADOrganizationalUnit cmdlet. Learn to query organizational units with filters, properties, and examples for OU management.

PowerShell New-ADOrganizationalUnit: Create Active Directory OUs

Master PowerShell New-ADOrganizationalUnit cmdlet. Learn to create organizational units with protection, nesting, and bulk operations for AD structure.

PowerShell Remove-ADOrganizationalUnit: Delete Active Directory OUs

Master PowerShell Remove-ADOrganizationalUnit cmdlet. Learn to safely delete organizational units with protection handling and best practices.