From 432d3d51d88ba2ebc9b28d9cefb1ba83d0b28d1e Mon Sep 17 00:00:00 2001
From: jessikitty <jess.rogerson.29@outlook.com>
Date: Wed, 20 May 2026 11:27:09 +1000
Subject: [PATCH] Skip OU move for Domain Admin accounts

---
 Update-StaffAD.ps1 | 11 ++++++++---
 1 file changed, 8 insertions(+), 3 deletions(-)

diff --git a/Update-StaffAD.ps1 b/Update-StaffAD.ps1
index 67f3bc5..72e5010 100644
--- a/Update-StaffAD.ps1
+++ b/Update-StaffAD.ps1
@@ -186,10 +186,16 @@ foreach ($entry in $Deduped.Values) {
         if ($DryRun) { $disables++ }
     }
 
-    # Move user to correct OU
+    # Move user to correct OU (skip Domain Admins)
     if ($willMove) {
-        if ($DryRun) {
+        $isDomainAdmin = (Get-ADUser $samAccount -Properties MemberOf).MemberOf |
+                         Where-Object { $_ -match "^CN=Domain Admins," }
+
+        if ($isDomainAdmin) {
+            Write-Log "  OU Move : SKIPPED - user is a Domain Admin" "Yellow"
+        } elseif ($DryRun) {
             Write-Log "  OU Move : WOULD MOVE to $targetOU" "Magenta"
+            $moved++
         } else {
             try {
                 Move-ADObject -Identity $adUser.DistinguishedName -TargetPath $targetOU
@@ -199,7 +205,6 @@ foreach ($entry in $Deduped.Values) {
                 Write-Log "  OU Move : FAILED to move - $_" "Red"
             }
         }
-        if ($DryRun) { $moved++ }
     }
 }