Hostile takeover? All employees of a department being reassigned? We won’t go into ‘how to disable way lots of employees because your upper management said ‘because we told you”. So, we’ll go into changing departments for the entire company.
There’s a few different ways to do this:
- Exporting to CSV, making absolutely sure who’s in the list.
- Or just changing everyone in one department, and replacing it with an entirely different department name.
Typically, you want option 1. This is fact checking, validation, all that stuff.
In that scenario you follow the same sort of methodolgy:
-Export all users that meet the criteria (in this case, everyone of a certain department) into a CSV file
-Take CSV file, inject into powershell and set new value
There is also a ‘once and done’ approach. Where you can simply replace the values in one string. I don’t suggest this for production environments, namely because there’s always a margin for error.
The ‘typical’ option
Export all users that fit a filter into a CSV file. In this example, I’m looking for all AD users with Department ‘Support’. Exporting to a CSV file. Export something unique, like the samAccountName.
Get-ADUser -Filter 'Department -like "Support"' -Properties * | select samaccountname | Export-CSV "C:\Path_to_csv\department_users.csv"
With this exported file “department_users.csv”, we use another piece of code to pick up the CSV file, run a for-loop to go through each user in that CSV file and update their department.
Import-Module Active Directory
$Set_Department = Import-Csv "C:\Path_to_csv\department_users.csv" #Store CSV file into $Set_Department variable
$Department = "Operations Support" #New Department
foreach ($User in $Set_Department) {
#For each name or account in the CSV file $Resetpassword, reset the password with the Set-ADAccountPassword string below
$User.sAMAccountName
Set-ADUser -Identity $User.sAMAccountName -Department $Department
write-output $User
}
Write-Host " Departments changed "
$total = ($Set_Department).count
$total
Write-Host "AD User Departments have been updated..."
Just make sure your end CSV file has a format of only the SamAccountname (like below).
| sAMAccountName |
| Zuzana.Burris |
| Zandra.Caig |
The ‘Once-and-Done’ Option
Again, I don’t suggest this unless you feel absolutely comfortable with the results. If, however you’re in a hurry and need to change all attributes to the new updated attribute, this is the line of code for you.
Get-ADUser -Filter 'Department -like "Old Department Name"' | Set-ADUser -replace @{department="New Department Name"}
As always, you can retrofit this code to suit your needs.
You could also change other AD attributes with this sort of syntax as well, just be sure to change your code, and TEST first.
Showing the Results
Let’s see which AD Accounts by SamAccountName, Department and Title have a specific title. We’ll say anything with a title of “Support”.
Get-ADUser -Filter 'Department -like "*Support*"' -Properties * | select samaccountname, department, title | out-gridview
Or you could search for all users that do NOT have a department specified
Get-ADUser -Filter * -Properties * | select samaccountname, Department,title | where department -eq $Null