Active Directory estates change all the time. You might be:
-
moving devices into a new OU for a rollout
-
separating machines by site, department, or build type
-
tidying up after a refresh project
-
preparing a clean OU structure for new Group Policy or security rules
Doing this manually in Active Directory Users and Computers works for a handful of devices, but it quickly becomes slow and error-prone when you have dozens (or hundreds).
This PowerShell script lets you move a batch of computer accounts into a target OU using a simple text file of hostnames. You provide a list of computer names, set the OU path, and the script handles the rest.
Why people need this script
You might use this when:
-
you need to move computers into an OU that has a new GPO linked
-
you are re-structuring OUs by region, site, or client
-
you are building a “staging OU” for testing policies before wider rollout
-
you want a repeatable process your team can run consistently
If you are working heavily with OU structure and policies, this pairs well with PowerShell Startup Scripts Using GPO and Copy Files and Folders to User Computers via GPO, because OU placement often decides what policies and deployments a machine receives.
What this script does
At a high level, the script:
-
Reads hostnames from a text file
-
Looks up each computer account in Active Directory
-
Moves the computer account into a target OU
-
Prints a success message for each move
-
Prints a failure message if a computer cannot be found or moved
Before you run it
1) Make sure you have permissions
You will need rights to move computer objects into the target OU. If you do not, you will see access denied errors.
2) Ensure the Active Directory module is available
Run it on:
-
a domain-joined admin machine with RSAT installed, or
-
a server where the AD tools are installed
3) Create your hostname list
Create a text file containing one computer name per line, for example:
The two lines you must change
Because OU paths and naming can identify a company, I have replaced them with safe example values.
You must update these in your environment:
-
$TargetOU→ change to your real OU distinguished name -
Get-Content -Path "C:\hostnames.txt"→ change if your file is in a different location
Script
<#
.SYNOPSIS
This script moves Active Directory computer accounts to a specified organizational unit (OU).
.DESCRIPTION
The script:
- Reads a list of computer names from a text file (<code data-start="2794" data-end="2812">C:\hostnames.txt</code>).
- For each computer, attempts to retrieve its AD object using <code data-start="2881" data-end="2897">Get-ADComputer</code>.
- If the computer is found, it moves the computer object to a target organizational unit (OU).
- If an error occurs, it will display the error message.
.PARAMETER None
This script does not require any input parameters.
.INPUTS
A text file (<code data-start="3151" data-end="3169">C:\hostnames.txt</code>) containing a list of computer names to move.
.OUTPUTS
A message for each computer indicating whether the move was successful or failed.
.NOTES
Version: 1.0
Author: DigitalGeekery
Creation Date: 13/03/2025
Last Updated: 13/03/2025
Purpose/Change: Moves Active Directory computer objects to a target organizational unit.
.EXAMPLE
Run the script to move all computers listed in <code data-start="3578" data-end="3596">C:\hostnames.txt</code> to the target OU.
#>
$TargetOU = "OU=Workstations,OU=Region,OU=Computers,DC=Example,DC=Local"
$ADComputers = Get-Content -Path "C:\hostnames.txt"
foreach ($computerName in $ADComputers) {
try {
if (($currentComputer = Get-ADComputer -Identity $computerName -ErrorAction Stop)) {
Move-ADObject -Identity $currentComputer -TargetPath $TargetOU -ErrorAction Stop
"OKAY: Moved $($computerName) to $TargetOU" | Out-Default
}
}
catch {
"FAIL: $($_.Exception.Message)" | Out-Default
}
}
How to run it safely
-
Start with a small test list (2–5 machines)
-
Confirm the devices appear in the new OU
-
Confirm expected policies apply (or run a policy refresh)
If you are troubleshooting policy behaviour after the move, your post Fix Windows Log-On Issues by Repairing Critical Services and Forcing Group Policy can be a useful follow-on read.
Common issues and quick fixes
“Cannot find an object with identity…”
-
The hostname in the text file is wrong
-
The computer account does not exist
-
There are trailing spaces in the file
Tip: keep the list clean and use one name per line.
“Access is denied”
-
You do not have permission to move objects into that OU
-
OU delegation or protected objects are blocking it
“The directory service is unavailable”
-
You are not running it from a domain-joined context
-
DNS/connectivity issue to a domain controller
