• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 303
  • Last Modified:

Migrating from one AD to another, need a way to move the members of groups from to the new AD

So we are migrating to a completely different active directory (yuck!) so we have a bunch of security groups that we have to recreate in the new AD, and of course have the fun task of manually making the group memberships the same in the new AD (essentially looking at the ADUC from our current AD on one screen and then typing in the usernames in the ADUC for the new AD)

If anyone has an idea on how to possibly automate this somewhat with Powershell, perhaps have a text file that it can read etc. we are all ears!! :)
0
biocompute
Asked:
biocompute
1 Solution
 
Chris DentPowerShell DeveloperCommented:
SamAccountName the same on both sides?

This uses Quest's CmdLets, assumes Read access to the source domain, and Write to the destination (and both accessible).
Get-QADGroup -SearchRoot "old.domain.com/Groups" -Service old.domain.com | ForEach-Object {
  $Group = Get-QADGroup $_.Name -SearchRoot "new.domain.com/Groups" -Service new.domain.com

  If ($Group) {
    $_ | Get-QADGroupMember | ForEach-Object {
      $Username = $_.SamAccountName

      $Group | Add-QADGroupMember -Member $Username
  }
}

Open in new window

We could use files as intermediaries if you wished. The principal is the same though, find some common value between the two, grab it, export membership on the old domain, add it to the new.

Chris
0
 
Joseph DalyCommented:
You will definitely not want to do this manually. Microsoft has released the ADMT for this specific purpose.

http://www.microsoft.com/downloads/en/details.aspx?familyid=6f86937b-533a-466d-a8e8-aff85ad3d212&displaylang=en
0
 
biocomputeAuthor Commented:
Hey guys--thanks for the replies...I forgot to mention that the name of the group and the name of the folder isn't the same, so I don't think the script would work.  We ended up figuring out how to export the group memberships as a text file, then copy and paste the usernames into the new security group in the new AD.

I had also checked out the ADMT, but we don't have access to any of the DCs :(

giving the points to Chris for the cool powershell script though :)
0

Featured Post

NFR key for Veeam Agent for Linux

Veeam is happy to provide a free NFR license for one year.  It allows for the non‑production use and valid for five workstations and two servers. Veeam Agent for Linux is a simple backup tool for your Linux installations, both on‑premises and in the public cloud.

Tackle projects and never again get stuck behind a technical roadblock.
Join Now