Solved

AD Migration

Posted on 2011-03-03
6
1,216 Views
Last Modified: 2013-12-24
Hello All,
We are going to be breaking off a complete OU to a new domain include all the sub-OU's, users and groups.  I have done some research and and ldif seems to be the way to go.  Will need to change the domain from abc.com to xyz.com.  ADMT is not an option.

The question I have is what attributes need to be exported and then changed in the ldif file before I import into the new domain.
0
Comment
Question by:92corrado
  • 2
  • 2
  • 2
6 Comments
 
LVL 37

Expert Comment

by:Neil Russell
ID: 35030905
Can I ask WHY you can not use ADMT?
0
 
LVL 37

Expert Comment

by:Neil Russell
ID: 35030985
Also can i politely ask WHY a new Domain? Is this a new domain in the same forest or a new child domain or.....?
0
 

Author Comment

by:92corrado
ID: 35031659
Can't use admt period.  why doesn't really matter.

This is a completely new domain.  We are branching off from the parent company.  But need to move the ou's, users, groups, group memberships.

Essentially it is starting new and fresh, except we need to move over one ou and all its user's, groups, sub-ou's etc.
0
Efficient way to get backups off site to Azure

This user guide provides instructions on how to deploy and configure both a StoneFly Scale Out NAS Enterprise Cloud Drive virtual machine and Veeam Cloud Connect in the Microsoft Azure Cloud.

 
LVL 6

Expert Comment

by:jwilleke
ID: 35034974
No reason why LDIF will not work.

There are some limitations: (AFAIK)
You will not be able to get passwords
ACLs assigned to any of the entries
Access to any File Systems will not transfer


I would recommend you obtain Apache Studio or LDAP Administrator and do a few tests to make sure you get what you want.

Exporting all "User" Attributes (not operational) should work for what it appears you want.

You will, of course need to have the "new" AD instance installed and running before you can do this.

Good Luck and let us know how it goes.
-jim
0
 

Author Comment

by:92corrado
ID: 35036180
The new AD instance is built and ready to go.  I have an LDAP Admin to do the export/import.  I also already know about the password issue and File System issue.  But you also mention the ACL's.  Does this mean the ACL's (Permissions) will not transfer?

From what you are saying I can import ALL the user attributes after changing/updating the domain in the ldif file?
0
 
LVL 6

Accepted Solution

by:
jwilleke earned 500 total points
ID: 35036395
You should be able to.

You will need to check the exported LDIF and do a search and replace for any "non-conforming" data.

Like for Groups, you will see something like:
CN=MediaAdmins,CN=Users,DC=mad,DC=willeke,DC=com

If you new tree and ou is different, you will need to replace the "CN=Users,DC=mad,DC=willeke,DC=com" with something like "OU=NewPlace,,DC=mad,DC=willeke,DC=com"

Be prepared to import ONE "test" user a couple of time until you get it right.

When I look at mine AD, (which is pretty simple):
Looks like you may need to pull a couple of attributes.
You would not want to bring in these:
uSNChanged: 434239
uSNCreated: 20752
whenChanged: 20110219205054.0Z
whenCreated: 20090111114242.0Z
objectGUID:: NBsCZBfLX0Orm/JCsaqgnQ==
objectSid:: AQUAAAAAAAUVAAAAJY7P3hHw1rfWR5hfVQQAAA==
distinguishedName: CN=jim,CN=Users,DC=mad,DC=willeke,DC=com


You may not want these:
accountExpires: 0
adminCount: 1
badPasswordTime: 129161469496434072
badPwdCount: 0
lastLogoff: 0
lastLogon: 129170286789973419
lastLogonTimestamp: 129426222542305700
logonCount: 2

-jim
0

Featured Post

Ransomware-A Revenue Bonanza for Service Providers

Ransomware – malware that gets on your customers’ computers, encrypts their data, and extorts a hefty ransom for the decryption keys – is a surging new threat.  The purpose of this eBook is to educate the reader about ransomware attacks.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Shadow IT is coming out of the shadows as more businesses are choosing cloud-based applications. It is now a multi-cloud world for most organizations. Simultaneously, most businesses have yet to consolidate with one cloud provider or define an offic…
Never store passwords in plain text or just their hash: it seems a no-brainier, but there are still plenty of people doing that. I present the why and how on this subject, offering my own real life solution that you can implement right away, bringin…
Video by: Steve
Using examples as well as descriptions, step through each of the common simple join types, explaining differences in syntax, differences in expected outputs and showing how the queries run along with the actual outputs based upon a simple set of dem…
Polish reports in Access so they look terrific. Take yourself to another level. Equations, Back Color, Alternate Back Color. Write easy VBA Code. Tighten space to use less pages. Launch report from a menu, considering criteria only when it is filled…

861 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

24 Experts available now in Live!

Get 1:1 Help Now