
Move an object of any type
Move an object of any type from one policy to another.
A rename can be done at the same time as the move by providing a full target path including the new object name.
Full path to an existing object in TPP
New path. This can either be an existing policy and the existing object name will be kept or a full path including a new object name.
.PARAMETER VenafiSession
Authentication for the function.
The value defaults to the script session object $VenafiSession created by New-VenafiSession.
A TPP token or VaaS key can also provided.
If providing a TPP token, an environment variable named TppServer must also be set.
SourcePath (Path)
Move-TppObject -SourceDN '\VED\Policy\My Folder\' -TargetDN '\VED\Policy\New Folder\'
Move object to a new Policy folder
Find-VenafiCertificate -Path '\ved\policy\certs' | Move-TppObject -TargetDN '\VED\Policy\New Folder'
Move all objects found in 1 folder to another

function Move-TppObject {


    param (
        [Parameter(Mandatory, ValueFromPipeline, ValueFromPipelineByPropertyName)]
        [ValidateScript( {
                if ( $_ | Test-TppDnPath ) {
                else {
                    throw "'$_' is not a valid DN path"
        [Alias('SourceDN', 'Path')]
        [String] $SourcePath,

        [ValidateScript( {
                if ( $_ | Test-TppDnPath ) {
                else {
                    throw "'$_' is not a valid DN path"
        [String] $TargetPath,

        [psobject] $VenafiSession = $script:VenafiSession

    begin {
        Test-VenafiSession -VenafiSession $VenafiSession -Platform 'TPP'

        # determine if target is a policy or other object
        # if policy, we'll need to append the object name when moving
        # if not policy, the item won't exist so handle the error
        $targetObject = Get-TppObject -Path $TargetPath -VenafiSession $VenafiSession -ErrorAction SilentlyContinue
        $targetIsPolicy = ($targetObject.TypeName -eq 'Policy')

    process {

        $params = @{
            VenafiSession = $VenafiSession
            Method        = 'Post'
            UriLeaf       = 'config/RenameObject'
            Body          = @{
                ObjectDN    = $SourcePath
                NewObjectDN = $TargetPath

        # if target is a policy, append the object name from source
        if ( $targetIsPolicy ) {
            $params.Body.NewObjectDN = Join-Path -Path $TargetPath -ChildPath (Split-Path -Path $SourcePath -Leaf)

        if ( $PSCmdlet.ShouldProcess($SourcePath, ('Move to {0}' -f $params.Body.NewObjectDN)) ) {
            $response = Invoke-VenafiRestMethod @params

            if ( $response.Result -ne [TppConfigResult]::Success ) {
                Write-Error $response.Error