Solved

script export+import group and user from forest A to Forest B

Posted on 2014-04-17
5
1,697 Views
Last Modified: 2014-05-13
hello,

i need to export user and group from my Active directory production forest to my lab forest.

AD 2008 R2.

i need to export all group  and user from specific organisationnel unit.

i need to keep the member of group from forest a to forest b.

thanks
0
Comment
Question by:cawasaki
  • 3
  • 2
5 Comments
 
LVL 13

Expert Comment

by:Santosh Gupta
ID: 40006300
Hi,

Use LDIFDE to import and export directory objects to Active Directory. its very easy.

firstly export groups then users.

CSVDE -f adusers.csv

CSVDE -i -f Newport.csv


http://support.microsoft.com/kb/237677
0
 

Author Comment

by:cawasaki
ID: 40006936
hello,

ok i have success to export and inport user, but i have a problem to import group, so any one have a working script to export and import group with memeber if possible?
0
 
LVL 13

Accepted Solution

by:
Santosh Gupta earned 500 total points
ID: 40007187
ldifde -f c:\LDIFDE_export\export_Groups_WITH_Members.ldf -s <DC NAME> -d "<DOMAIN DN>" -p subtree -r "(&(ObjectCategory=group)(objectClass=group)(name=*)(member=*))" -l "member" -j c:\

http://social.technet.microsoft.com/Forums/windowsserver/en-US/1b24edf2-9af5-447c-9f15-631e88eefe8c/exporting-users-groups-and-their-members-from-a-currently-installed-and-importing-them-to-a-new
0
 

Author Comment

by:cawasaki
ID: 40008303
i have already test this and import not work:

Logging in as current user using SSPI
Importing directory from file "c:\temp\export_Groups_WITH_Membersv3.ldf"
Loading entries......................
Add error on entry starting on line 244: Unwilling To Perform
The server side error is: 0x209a Access to the attribute is not permitted becaus
e the attribute is owned by the Security Accounts Manager (SAM).
The extended server error is:
0000209A: SvcErr: DSID-031A0FBB, problem 5003 (WILL_NOT_PERFORM), data 0

0 entries modified successfully.
An error has occurred in the program
No log files were written.  In order to generate a log file, please
specify the log file path via the -j option.

Open in new window

0
 
LVL 13

Expert Comment

by:Santosh Gupta
ID: 40009146
Hi,

see the url for import error.. http://support.microsoft.com/kb/276382
0

Featured Post

Problems using Powershell and Active Directory?

Managing Active Directory does not always have to be complicated.  If you are spending more time trying instead of doing, then it's time to look at something else. For nearly 20 years, AD admins around the world have used one tool for day-to-day AD management: Hyena. Discover why

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

While rebooting windows server 2003 server , it's showing "active directory rebuilding indices please wait" at startup. It took a little while for this process to complete and once we logged on not all the services were started so another reboot is …
A brief introduction to what I consider to be the best editor for PowerShell.
Learn the basics of while and for loops in Python.  while loops are used for testing while, or until, a condition is met: The structure of a while loop is as follows:     while <condition>:         do something         repeate: The break statement m…
This Micro Tutorial hows how you can integrate  Mac OSX to a Windows Active Directory Domain. Apple has made it easy to allow users to bind their macs to a windows domain with relative ease. The following video show how to bind OSX Mavericks to …

813 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

16 Experts available now in Live!

Get 1:1 Help Now