Often times there is a need to standardized Groups’ naming convention such as with migrations, when you don’t have a rich migration tool that can conform the names or when you don’t have a AD proxy management tool such as ARS in your normal provisioning process. Using Quest Cmdlets with PowerShell to rename groups is a snap. There are numerous ways you can fit the Cmdlets and different parameters to meet your need. In this post, I show you a few ways I have used to rename groups in bulk.
Following is an example where all (or most of your groups have a company name as prefix and now that the migration has occurred you would like to strip the company name out.
First, lets take a quick inventory to define your scope;
Get-QADGroup -Name companyname* -sizelimit 0 | ft name, SamAccountName
You can also define a specific OU to target a specific location;
Get-QADGroup -name companyname* -searchscope “onelevel” -searchroot “ou=Groups,ou=,dc=mydomain,dc=int” -sizelimit 0
Note that the ‘companyname’ string is the number of characters i.e 11 is what we are manipulating and stripping out here;
Get-QADGroup -name companyname* -searchscope “onelevel” -searchroot “ou=Groups,ou=,dc=mydomain,dc=int” -sizelimit 0 | Rename-QADObject -newName {$_.name.substring(11)} -whatif | Set-QADGroup -samAccountName {$_.samAccountName.substring(11)} -whatif
Always use the –whatif parameter to confirm what changes you are about to make before you process the change. If needed, export the results out to a CSV by adding the export-csv cmdlet at the end. Note, in above the piping “|” can be written on the same line, ignore the wrapping due the site layout.
Similarly, you can chose to rename to rename by adding a new name or after you have stripped out the name completely, you can add a new prefix to your groups
Get-QADGroup -searchscope “onelevel” -searchroot “ou=Groups,ou=,dc=mydomain,dc=int” -sizelimit 0 | FOREACH {Rename-QADObject $_ -newName (“IT-” + $_.name)}
Above query will grab all the Groups from the defined path and will add “IT-“ as the prefix to all groups. Make sure to append the –samAccountName command to ensure that rename happens properly.
Shariq,
This is helpful information – quick question though – can this only be done with Quest cmdlets, or it can be done via standard Microsoft Windows AD Powershell as well? I haven’t looked into it but I’m assuming it could be done.
I should mention that Quest’s Powershell additions are certainly valued and appreciated by everyone in the community dude, so thanks for covering this.
C:\Windows\Scottie>exit
PS: By the way, do you work for Quest?
Link | May 24th, 2010 at 7:23 pm
Hi Scottie,
It sure can be done with the native AD cmdlets, but I reckon the syntax might be different and little complicated to digest in comparison with Quest AMS Cmdlets.
P.S – No, I don’t work for Quest.
Thanks,
Link | May 26th, 2010 at 9:38 am
Hi,
Nice info, but I found that your Set-QADGroup command didn’t work due to a syntax issue. Here’s my code…
# Rename all groups that contain “-GS-”. Replace the -GS- with a -
Add-PSSnapin Quest.ActiveRoles.ADManagement
Get-QADGroup -name * -searchscope “onelevel” -searchroot “ou=Groups,ou=,dc=mydomain,dc=int” -sizelimit 0 | Rename-QADObject -newName {$_.name.replace(“-GS-”,”-”)} | %{Set-QADGroup $_ -samAccountName ($_.samAccountName.replace(“-GS-”,”-”)) -Description ($_.Description.replace(“-GS-”,”-”))}
Cheers,
Jeremy.
Link | August 15th, 2011 at 8:39 am