Windows Servers - Copy user

csehz
csehz used Ask the Experts™
on
Dear Experts,

Can you please advise is there maybe DS tool command so like dsadd to copy and Active Directory user?

Basically for dsadd would be needed all of the memberships of the user, and so a copy of an existing one could be much faster.

Thanks,
Comment
Watch Question

Do more with

Expert Office
EXPERT OFFICE® is a registered trademark of EXPERTS EXCHANGE®
You can do a copy of an existing user from within the GUI of active directory users and computers.

As far as the DS command line tools go there is no single command to let you create another user as a copy of an existing user.

You could probably script this out using multiple DS commands but to answer your question there is nothing like DScopy.

Commented:
Do you mean copy a user from one Active Directory to another?  Otherwise if it's the same AD just go to ADUC, right-click and copy..
csehzIT consultant

Author

Commented:
Thanks the answers,

Yes I supposed that maybe something can be existing as DScopy.. But so in this way not existing.

In AD doing this right-click copy of course actually, but thought that for multiple users copy could be something like this
11/26 Forrester Webinar: Savings for Enterprise

How can your organization benefit from savings just by replacing your legacy backup solutions with Acronis' #CyberProtection? Join Forrester's Joe Branca and Ryan Davis from Acronis live as they explain how you can too.

Krzysztof PytkoSenior Active Directory Engineer
Top Expert 2012

Commented:
Please check an article about DSADD on my blog at
http://kpytko.wordpress.com/2011/10/11/microsoft-ds-tools-part-4/

and try to follow this way. In case of any further questions, do not hesitate to ask. We will help you

Regards,
Krzysztof
Krzysztof PytkoSenior Active Directory Engineer
Top Expert 2012

Commented:
OK, you can do that this way. Create a text file with user's data, i.e.

iSiek;Krzysztof;Pytko;
user2;Some;Users;

save this on C-Drive as c:\newusers.txt

and use this syntax:

for /f "tokens=1-3 delims=;" %i in (c:\users.txt) do dsadd user "cn=%i,ou=OULocation,dc=domain,dc=local" -samid %i -fn %j -ln %k -display "%j %k" -upn %i@domain.local -pwd P@ssw0rd -memberof "cn=group1,ou=GroupLocation,dc=domain,dc=local" "cn=group2,ou=GroupLocation,dc=domain,dc=local" -mustchpwd yes -disabled no

Open in new window


where "cn=group1,ou=GroupLocation,dc=domain,dc=local" is a reference group of existing user (from his memberOF tab). To simply get DN of that group, type in command-line

dsquery group -name "Group1"

Open in new window


and use the output :D

Krzysztof
csehzIT consultant

Author

Commented:
Krzysztof thanks, do you mean that this method assumes that all of the group membership is downloaded for the copy from user and also listed in the command?

Because the issue is that these sample users have a lot of group membership, so if those should be listed in the command, then that one does not sound too easy.

As I can imagine maybe so before anything such command should be

dsget user "CN=Joe Doe,OU=Users,OU=MM,DC=it,DC=corp,DC=local" -memberof > c:\users\myuser\desktop\groups.txt

and after having all group membership, continue with your way?

thanks,
Zsolt
Krzysztof PytkoSenior Active Directory Engineer
Top Expert 2012

Commented:
Ok, now I know what did you mean. Yes, we can achieve that using DSTools but we need also file with groups. Give me short time and I will give you a syntax, now I'm on mobile and it is difficult to write ;)

Krzysztof
Senior Active Directory Engineer
Top Expert 2012
Commented:
So, let's try to do that this way.

First of all we need to get all groups from reference user (use user login). To do that use this syntax:

dsquery user -samid ReferenceUserLogin | dsget user -memberof | find /v "dsget" | find /v "memberof" >c:\groups.txt

Open in new window


Now, create new users as I posted above (create text files with necessary data):

for /f "tokens=1-3 delims=;" %i in (c:\users.txt) do dsadd user "cn=%i,ou=OULocation,dc=domain,dc=local" -samid %i -fn %j -ln %k -display "%j %k" -upn %i@domain.local -pwd P@ssw0rd -mustchpwd yes -disabled no

Open in new window


you can also set up other attributes like logon script, description, home drive, home directory etc. If you're interested, let me know.

And now, you can add new users into groups from reference user:

for /f %i in (c:\users.txt) do (for /f "tokens=*" %j in (c:\groups.txt) do dsquery user -samid %i | dsmod group %j -addmbr -c)

Open in new window


and that's all. You should have all new users in many groups added.

Krzysztof
csehzIT consultant

Author

Commented:
Krzysztof thanks just again, all of my point is yours :) It is really not so important that you dealt with it even in the evening.

Yes absolutely I thought like this so firstly identifying all groups, basically we are just preparing to the future with this when would get mass user creation requests. So will try to test these steps first

thanks,
Zsolt
Krzysztof PytkoSenior Active Directory Engineer
Top Expert 2012

Commented:
Hi Zsolt,

you're welcome :)

Yes, this is good idea to prepare a process for that and test it first to avoid any issues in the future.

Krzysztof

Do more with

Expert Office
Submit tech questions to Ask the Experts™ at any time to receive solutions, advice, and new ideas from leading industry professionals.

Start 7-Day Free Trial