Flow - Move user to AD OU

matt_a · ‎02-09-2022

Afternoon all, I am trying to move a user to a different active directory OU on the execution of a flow (not workflow).

I can see there is a PSscript: ActionMoveADObjecttoOU.ps1

Has anyone managed to get this working for a user rather than a computer using the AD spoke? And if so, how did you achieve it?

Thanks

DanielCordick · ‎02-18-2022

To get this working i created a custom action using this PS script: In my set up, i have a table with all the OU's I need. then dynamically set it in my flow.

Create an action | ServiceNow Docs

if (test-path env:\SNC_username) {
$UserName = $env:SNC_username;
$OU = $env:SNC_OU;
};

try {

Get-ADUser -Identity "$UserName" | Move-ADObject -TargetPath "$OU"

Write-Host "SUCCESS: Moved $UserName to $OU"

}

catch {

$ErrorMessage = $_.Exception.Message

Write-Host "FAILED to move $UserName to $OU. Error message: $ErrorMessage"

}

Please mark helpful or correct 🙂

View solution in original post

Brian Dean · ‎03-01-2024

Hello Saurabh,

What Organizational Unit, what did you use as a flow variable? I am trying to move my user object to the "Disabled OU".

OU=Disabled Accounts,OU=Users & Desktops,OU= Company Standard Users & Computers,DC=Company,DC=com"

Saurabh Gupta · ‎03-03-2024

Hi @Brian Dean
What error are you getting?

Thanks and Regards,

Saurabh Gupta

Brian Dean · ‎03-04-2024

Hi Saurabh,

To move the computer account to "Disabled" OU (Organization unit) what should data pill contain?

In my Catalog item, for OU field do you know if I am suppose to select the variable as the "reference" field, if so, what table should I select from the bottom and would there be a reference qualifier information I need to enter as below.

"OU=Disabled Accounts,OU=Computers,DC=company,DC=com"

I am already using the action "Update AD Object" from Flow Designer.

Thank you.

nkarunakar13092 · ‎04-10-2025

Using Sam Account Name was throwing an authentication error to us even though look up worked perfectly fine with the Sam Account Name.

These are the steps I followed:

First we used 'Look up user' action in AD using Sam Account Name as the input.

Second we used 'Update Object OU'

For inputs:

1. Object - got the Distinguished Name of the user from the first action. This worked perfectly.

2. OU= whichever OU you want the user to be moved.

Thank you.

Nicole Disbro · ‎05-16-2025

I was able to do this without anything custom! Here are a few helpful tips!

Use the AD v2 spoke action to Look up User
Use Update Object OU AD v2 spoke action
1. Populate Object as the Look up User>User>Object GUID
2. Populate Organizational Unit to something like this: OU=Disabled Accounts,DC=domain,DC=domainname,DC=COM
  1. You can get the OU path from your AD instance!

Hope this helps the next person not need anything custom!!