How to Move Active Directory Objects with Ease

19 September 2016
Chen Huang

It is not uncommon that you run into the requirement that you have to move Active Directory objects from one container to another. This can be easily done using the "Active Directory Users and Computers" program that is available on the domain controllers. However, this wasn't something that could be easily done in data integration projects as our SSIS Integration Toolkit for Directory Services software (the only SSIS-based integration solution available on market for mass active directory operations) did not come with such capabilities in our previous releases.

This requirement was recently brought up by one of our clients who had some great success using our Directory Services product in the past. We assessed the requirement and believed it to be a perfectly valid integration scenario that our software could help with, so our development team put in the effort within a very short period of time, and the feature was added to the v2.3 release of our SSIS Integration Toolkit for Directory Services.

In this blog post, I will show you how to use this feature to move users, computers, groups, and service accounts to a new container path.

To use the feature, you would add an Active Directory destination component to your SSIS data flow which receives input data from upstream SSIS pipeline components. You would set the component's Action Type to Move which helps facilitate the move of Active Directory objects. Then you would move to the Columns page to configure the input mapping.

As you can see, there are three fields available for the Move action, which are:

  • AdsPath - this would be the path of the Active Directory object that you want to move
  • NewParentPath - this would be the new parent path that the Active Directory object should reside in after the move
  • NewObjectName - this field is optional, it is only required if you want to rename the object.

The Move action can be used in one of the following three integration scenarios.

  1. Move an Active Directory object to a new parent path - in this case, you would provide an input for the AdsPath and NewParentPath fields but leave the NewObjectName empty (or unmapped).
  2. Move an Active Directory object to a new parent path and at the same time rename the object - in this case, you would provide an input for all three fields (AdsPath, NewParentPath, NewObjectName), where the NewParentPath is different from where the object currently resides
  3. Rename an Active Directory object fields - in this case, you would provide an input for all three fields (AdsPath, NewParentPath, NewObjectName), where the NewParentPath is the same parent path that is where the object currently resides

The supported format for the input values are:

AdsPath LDAP://CN=ObjectToBeMoved,OU=ParentContainer,DC=domain,DC=com
NewParentPath LDAP://OU=NewParentContainer,DC=domain,DC=com
NewObjectName CN=NewObjectName

Please note that the path attribute can be serverless or not, the above examples show the serverless format. The format would be “LDAP://server/CN=ObjectToBeMoved,OU=ParentContainer,DC=domain,DC=com” If you’d like to add the server part in your input path values.

Hope this helps. Please feel free to let us know if you have any further comments or suggestions. We would like to hear from you about your success using our integration software, and our development team is always open to the option of adding new integration features in our software to make your job easier.

Archive

Tags