jessikitty/Staff-AD-email-disabler
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Skip OU move for Domain Admin accounts

Browse Source
This commit is contained in:
jessikitty
2026-05-20 11:27:09 +10:00
parent 9cfe3c8b48
commit 432d3d51d8
1 changed files with 8 additions and 3 deletions
Download Patch File Download Diff File Expand all files Collapse all files
Update-StaffAD.ps1
+8 -3
View File
@@ -186,10 +186,16 @@ foreach ($entry in $Deduped.Values) {
if ($DryRun) { $disables++ }
}
# Move user to correct OU
# Move user to correct OU (skip Domain Admins)
if ($willMove) {
if ($DryRun) {
$isDomainAdmin = (Get-ADUser $samAccount -Properties MemberOf).MemberOf |
Where-Object { $_ -match "^CN=Domain Admins," }
if ($isDomainAdmin) {
Write-Log " OU Move : SKIPPED - user is a Domain Admin" "Yellow"
} elseif ($DryRun) {
Write-Log " OU Move : WOULD MOVE to $targetOU" "Magenta"
$moved++
} else {
try {
Move-ADObject -Identity $adUser.DistinguishedName -TargetPath $targetOU
@@ -199,7 +205,6 @@ foreach ($entry in $Deduped.Values) {
Write-Log " OU Move : FAILED to move - $_" "Red"
}
}
if ($DryRun) { $moved++ }
}
}