Which command line utility can be used to move an Active Directory object from one container to another?

Skip to main content

This browser is no longer supported.

Upgrade to Microsoft Edge to take advantage of the latest features, security updates, and technical support.

Dsmove

• Article
• 08/31/2016
• 2 minutes to read

In this article

Applies To: Windows Server 2003, Windows Server 2008, Windows Server 2003 R2, Windows Server 2012, Windows Server 2003 with SP1, Windows 8

Moves a single object, within a domain, from its current location in the directory to a new location, or renames a single object without moving it in the directory tree.

Dsmove is a command-line tool that is built into Windows Server 2008. It is available if you have the Active Directory Domain Services (AD DS) or Active Directory Lightweight Directory Services (AD LDS) server role installed. To use dsmove, you must run the dsmove command from an elevated command prompt. To open an elevated command prompt, click Start, right-click Command Prompt, and then click Run as administrator.

For examples of how to use this command, see Examples.

Syntax

dsmove <ObjectDN> [-newname <NewRDN>] [-newparent <ParentDN>] [{-s <Server> | -d <Domain>}] [-u <UserName>] [-p {<Password> | *}] [-q] [{-uc | -uco | -uci}]

Parameters

Remarks

• If a value that you supply contains spaces, use quotation marks around the text, for example, "CN=Mike Danseglio,CN=Users,DC=Contoso,DC=Com".

• If you supply multiple values for a parameter, use spaces to separate the values, for example, a list of distinguished names.

Examples

To rename a user object from Kim Akers to Kim Ralls, type:

dsmove "CN=Kim Akers,OU=Sales,DC=Contoso,DC=Com" -newname "Kim Ralls"

To move the user object for Kim Akers from the Sales organization to the Marketing organization, type:

dsmove "CN=Kim Akers,OU=Sales,DC=Contoso,DC=Com" -newparent OU=Marketing,DC=Contoso,DC=Com

To combine the rename and move operations, type:

dsmove "CN=Kim Akers,OU=Sales,DC=Contoso,DC=Com" -newparent OU=Marketing,DC=Contoso,DC=Com -newname "Kim Ralls"

Additional references

Command-Line Syntax Key

Windows Server 2003 provides a number of tools that allow you to move objects within domains and between them.The tools that can be used for moving objects include Active Directory Users and Computers, and two command-line utilities. As we've seen, Active Directory Users and Computers is an MMC snap-in that allows you to interact with Active Directory through a graphical interface. The DSMOVE and MOVETREE are command-line tools that allow you to move objects by entering textual commands at the command prompt. In the sections that follow, we will look at these tools, and see how they can be used to move objects within and between domains.

Moving Objects with Active Directory Users and Computers

Active Directory Users and Computers can be used to move user, computer, and group accounts to other locations of the directory.With this tool, objects can be moved within a domain. It can't, however, be used to move objects to other domains.

Active Directory Users and Computers is the only tool that allows you to move accounts using a GUI. Because it's a graphical tool, you can move Active Directory objects using your mouse. Select an object by holding down your left mouse button, drag the object to a different container or OU, and release the left mouse button to drop it into the new location.

In addition, you can also move objects within the directory by right-clicking on the object, and selecting Move from the context menu. A dialog box will appear asking you to choose the container or OU the object should be moved to. As seen in Figure 2.44, the

Move dialog box displays a tree that represents the directory tree. By browsing the folders in this tree, you can select the container you want the object moved to, and then click OK to being the move.

Figure 2.44 Move Dialog Box

When using Active Directory Users and Computers, multiple objects can be selected and moved to other locations.You can select these objects as you would files in Windows Explorer, by dragging your mouse over the objects to be moved.You can also select a series of objects by holding down the Shift key as you click on objects, or select a number of individual objects by holding down the Ctrl key as you click on them. After selecting the objects to be moved, perform the actions we just discussed to move them to another container or OU.

Moving Objects with the DSMOVE Command

As we saw in Chapter 1, DSMOVE is used to move objects within a domain, and can be used to rename objects. DSMOVE is a command-line utility that is used from the command prompt. Providing you don't need to move an object to another domain, you can use this tool to move an object to other locations in the directory tree. The syntax for using this tool is as follows:

DSMOVE UserDN [-newparent ParentDN] -pwd {Password/*}

In using this syntax, several different parameters must be entered for moving the object. The UserDN parameter specifies the DN of the object being moved.The -newparent switch indicates that you are using DSMOVE to move an object, and is used with the ParentDN variable to specify the DN of the new location.

To illustrate how this command is used, let's say you wanted to move an object called BuddyJ from the Sales OU in knightware.ca to the Finance OU in the same domain.To move this object, you would use the following command:

Dsmove CN=BuddyJ,OU=Sales,DC=knightware,DC=ca -newparent OU=Finance,DC=knightware,DC=ca

Test Day Tip_

DSMOVE is a new tool for managing Active Directory. This command-line tool will only allow objects to be moved within a domain. For moving objects to other domains, the MOVETREE command-line utility (which we'll discuss later in this chapter) must be used.

DSMOVE also provides additional parameters to perform actions such as renaming an object, or controlling the type of input and output for this command. To review these parameters, refer to the section on DSMOVE in Chapter 1.

Moving Objects with the MOVETREE Command

MOVETREE is the Active Directory Object Manager tool. In addition to other capabilities, it is a command-line tool that allows you to move objects to other domains in a forest. By using this tool, you have the freedom to move a user account, computer account, group, or OU to any location within the directory, regardless of the domain.

When an object is moved using this tool, it is first copied to the Lost and Found container before being moved to the destination domain. Objects that can't be moved remain in this container, so you can manage them as needed. Because orphaned data might reside in this domain after using MOVETREE, you should check this container after performing a move.

Exam Warning_

The Active Directory Object Manager is MOVETREE.EXE. This tool isn't automatically installed with Active Directory and must be installed separately with the Active Directory Support Tools on the installation CD. This tool allows you to move objects from one domain to another in Active Directory.

A variety of information isn't moved with this tool. This includes data such as profiles, logon scripts, and personal information when moving user accounts. Local groups and global groups also aren't moved, but membership in these groups remains unaffected so that security involving the moved objects remains the same.

In addition to the limitations on data associated with accounts, there are also limitations when MOVETREE is used to move OUs between domains.When an OU is moved, group policies aren't affected, as clients will continue to receive these settings from a link to the policy in the original domain. In other words, although the OU is now in another domain, clients will connect to the Group Policy Object (GPO) that is located in the orig inal domain. Because this can cause performance issues, it is wise to recreate these policies in the domain where the OU has been moved, and then delete the GPO in the original domain (which is no longer needed).

As a command-line tool, MOVETREE requires that certain parameters be used to effectively complete operations. The syntax for MOVETREE is as follows, and the parameters are explained in Table 2.6.

MoveTree [/start | /continue | /check] [/s SrcDSA] [/d DstDSA]

[/sdn SrcDN] [/ddn DstDN] [/u Domain\Username] [/p Password] [/quiet]

output.

The Active Directory Object Manager tool isn't installed with Active Directory, and thereby isn't initially available for use. MOVETREE is available as part of the Active Directory Support Tools on the installation CD, and can be installed through Windows Explorer. By accessing the Support\Tools folder on the installation CD, right-clicking on SUPTOOLS.MSI, and then choosing Install from the menu that appears, the Windows Support Tools Setup Wizard will start. By following the instructions in this wizard, which are detailed in Exercise 2.06, MOVETREE and the other support tools will be installed.

Continue reading here: Creating an Extensive Defense Model

Was this article helpful?

Which of the following command

What is Dsmove command?

Which of the following command is used to import or export Active Directory data to a file?

Which of the following commands can be used to import from and export to a file the Active Directory objects?