Go Premium for a chance to win a PS4. Enter to Win

x
?
Solved

AD Migration

Posted on 2011-03-03
6
Medium Priority
?
1,239 Views
Last Modified: 2013-12-24
Hello All,
We are going to be breaking off a complete OU to a new domain include all the sub-OU's, users and groups.  I have done some research and and ldif seems to be the way to go.  Will need to change the domain from abc.com to xyz.com.  ADMT is not an option.

The question I have is what attributes need to be exported and then changed in the ldif file before I import into the new domain.
0
Comment
Question by:92corrado
  • 2
  • 2
  • 2
6 Comments
 
LVL 37

Expert Comment

by:Neil Russell
ID: 35030905
Can I ask WHY you can not use ADMT?
0
 
LVL 37

Expert Comment

by:Neil Russell
ID: 35030985
Also can i politely ask WHY a new Domain? Is this a new domain in the same forest or a new child domain or.....?
0
 

Author Comment

by:92corrado
ID: 35031659
Can't use admt period.  why doesn't really matter.

This is a completely new domain.  We are branching off from the parent company.  But need to move the ou's, users, groups, group memberships.

Essentially it is starting new and fresh, except we need to move over one ou and all its user's, groups, sub-ou's etc.
0
Get your Disaster Recovery as a Service basics

Disaster Recovery as a Service is one go-to solution that revolutionizes DR planning. Implementing DRaaS could be an efficient process, easily accessible to non-DR experts. Learn about monitoring, testing, executing failovers and failbacks to ensure a "healthy" DR environment.

 
LVL 6

Expert Comment

by:jwilleke
ID: 35034974
No reason why LDIF will not work.

There are some limitations: (AFAIK)
You will not be able to get passwords
ACLs assigned to any of the entries
Access to any File Systems will not transfer


I would recommend you obtain Apache Studio or LDAP Administrator and do a few tests to make sure you get what you want.

Exporting all "User" Attributes (not operational) should work for what it appears you want.

You will, of course need to have the "new" AD instance installed and running before you can do this.

Good Luck and let us know how it goes.
-jim
0
 

Author Comment

by:92corrado
ID: 35036180
The new AD instance is built and ready to go.  I have an LDAP Admin to do the export/import.  I also already know about the password issue and File System issue.  But you also mention the ACL's.  Does this mean the ACL's (Permissions) will not transfer?

From what you are saying I can import ALL the user attributes after changing/updating the domain in the ldif file?
0
 
LVL 6

Accepted Solution

by:
jwilleke earned 2000 total points
ID: 35036395
You should be able to.

You will need to check the exported LDIF and do a search and replace for any "non-conforming" data.

Like for Groups, you will see something like:
CN=MediaAdmins,CN=Users,DC=mad,DC=willeke,DC=com

If you new tree and ou is different, you will need to replace the "CN=Users,DC=mad,DC=willeke,DC=com" with something like "OU=NewPlace,,DC=mad,DC=willeke,DC=com"

Be prepared to import ONE "test" user a couple of time until you get it right.

When I look at mine AD, (which is pretty simple):
Looks like you may need to pull a couple of attributes.
You would not want to bring in these:
uSNChanged: 434239
uSNCreated: 20752
whenChanged: 20110219205054.0Z
whenCreated: 20090111114242.0Z
objectGUID:: NBsCZBfLX0Orm/JCsaqgnQ==
objectSid:: AQUAAAAAAAUVAAAAJY7P3hHw1rfWR5hfVQQAAA==
distinguishedName: CN=jim,CN=Users,DC=mad,DC=willeke,DC=com


You may not want these:
accountExpires: 0
adminCount: 1
badPasswordTime: 129161469496434072
badPwdCount: 0
lastLogoff: 0
lastLogon: 129170286789973419
lastLogonTimestamp: 129426222542305700
logonCount: 2

-jim
0

Featured Post

Free Tool: SSL Checker

Scans your site and returns information about your SSL implementation and certificate. Helpful for debugging and validating your SSL configuration.

One of a set of tools we are providing to everyone as a way of saying thank you for being a part of the community.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Your data is at risk. Probably more today that at any other time in history. There are simply more people with more access to the Web with bad intentions.
One of the most important things in an application is the query performance. This article intends to give you good tips to improve the performance of your queries.
This is a high-level webinar that covers the history of enterprise open source database use. It addresses both the advantages companies see in using open source database technologies, as well as the fears and reservations they might have. In this…
In this video, Percona Solutions Engineer Barrett Chambers discusses some of the basic syntax differences between MySQL and MongoDB. To learn more check out our webinar on MongoDB administration for MySQL DBA: https://www.percona.com/resources/we…

916 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question