Solved

AD users & computers copying or exporting

Posted on 2014-11-14
7
203 Views
Last Modified: 2014-11-17
Dear Experts,

As I am new to the servers & self learning now  for testing purpose I have created two servers with 2008 installed. Configured one server as a Domain & created some OUS & users. I want to create another domain & export all the OUS & users from the old domain to the new one . How can I. I have attached the screenshot of my old server. I have to copy or export the full AD users & computers page.

Regards,

JCT
AD.jpg
0
Comment
Question by:jct_777
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 3
  • 2
  • 2
7 Comments
 
LVL 35

Expert Comment

by:Joseph Daly
ID: 40443588
So since you are learning i am going to ask a few questions as to you what you are trying to do.

You mention you created a domain and then added some users to it. Good start. With your second server do you want to create a seperate domain or do you want to join it to the existing domain.

I would think you would want to join the new server to the existing domain at which point the users will replicate between the two.
0
 
LVL 81

Expert Comment

by:David Johnson, CD, MVP
ID: 40443763
you should look in to the Active Directory Migraion Toolkit
Though it is easy enough to capture the users using a powershell script to a csv and then use powershell to import the users..
Export https://4sysops.com/archives/export-active-directory-users-with-powershell/
0
 
LVL 1

Author Comment

by:jct_777
ID: 40443802
Hi,

With the second server i want to configure it as a child domain or want to replicate the main one. In case if something happens to the main DC then full organisation is affected. Without downtime how can i make this server up with all the configurations.

Regards,

JCT
0
DevOps Toolchain Recommendations

Read this Gartner Research Note and discover how your IT organization can automate and optimize DevOps processes using a toolchain architecture.

 
LVL 35

Expert Comment

by:Joseph Daly
ID: 40443817
So if you want to join it to the domain and make it a second domain controller that will fill the replication and will copy the objects over

Most organizations have two or more domain controllers for this exact reason

For the steps you want to look at in order to do this Google dcpromo process.

I would paste a link for you but I'm mobile currently
0
 
LVL 1

Author Comment

by:jct_777
ID: 40443835
Hi ,

Its ok .I will google dcpromo process. What if i want to create a totally separate  new domain & want to add all the AD users & settings from the old server to the new one. What I have to do for that. After doing this I will remove the old server & make the new server the primary one.

Regards,

JCT
0
 
LVL 1

Author Comment

by:jct_777
ID: 40445390
Hi,

Still waiting for valuable reply.

Regards,

JCT
0
 
LVL 81

Accepted Solution

by:
David Johnson, CD, MVP earned 500 total points
ID: 40445740
you will have to export the users from the old AD domain into preferably a .csv and then import the users into the new AD domain. You may have to export the groups first and then import the groups into the new AD
export-ADgroups-members.ps1
$GroupInfo = '' | Select 'Group Name','Group Description','Member Name','Member Description'
$AllGroups = @()
$MyGroups = Get-QADGroup -SearchRoot "xxx.local/Company/Groups/Resources/Filesrv" -DontUseDefaultIncludedProperties  -IncludedProperties Name,Description,Member | select Name,Description,Member
foreach($Group in $MyGroups){
    $GroupInfo.'Group Name' = $Group.Name
    $GroupInfo.'Group Description' = $Group.Description
    foreach($Member in $Group.Member){
        $User = Get-QADUser $Member -DontUseDefaultIncludedProperties -IncludedProperties Name,Description | select Name,Description
        $GroupInfo.'Member Name' = $User.Name
        $GroupInfo.'Member Description' = $User.Description 
        #it takes a while to go through a lot of goups...this just lets you watch so you don't think it's broke and cancel it.
        $GroupInfo | select 'Group Name','Group Description','Member Name','Member Description'
        $AllGroups += $GroupInfo | Select 'Group Name','Group Description','Member Name','Member Description'
    }
}

$AllGroups | Export-Csv allginfo.csv -NoTypeInformation #Export all that group info to csv file.

Open in new window


csvde -f test.csv  
exportADusers.ps1
$alist = "Name`tAccountName`tDescription`tEmailAddress`tLastLogonDate`tManager`tTitle`tDepartment`tCompany`twhenCreated`tAcctEnabled`tGroups`n"
$userlist = Get-ADUser -Filter * -Properties * | Select-Object -Property Name,SamAccountName,Description,EmailAddress,LastLogonDate,Manager,Title,Department,Company,whenCreated,Enabled,MemberOf | Sort-Object -Property Name
$userlist | ForEach-Object {
    $grps = $_.MemberOf | Get-ADGroup | ForEach-Object {$_.Name} | Sort-Object
    $arec = $_.Name,$_.SamAccountName,$_.Description,$_.EmailAddress,$_LastLogonDate,$_.Manager,$_.Title,$_.Department,$_.Company,$_.whenCreated,$_.Enabled
    $aline = ($arec -join "`t") + "`t" + ($grps -join "`t") + "`n"
    $alist += $aline
}
$alist | Out-File D:\Temp\ADUsers.csv

Open in new window

http://bit.ly/1ERvvzJ

import-ADusers.ps1
########################################################### 
# AUTHOR  : Marius / Hican - http://www.hican.nl - @hicannl  
# DATE    : 26-04-2012  
# EDIT    : 07-08-2014 
# COMMENT : This script creates new Active Directory users, 
#           including different kind of properties, based 
#           on an input_create_ad_users.csv. 
# VERSION : 1.3 
########################################################### 
 
# CHANGELOG 
# Version 1.2: 15-04-2014 - Changed the code for better 
# - Added better Error Handling and Reporting. 
# - Changed input file with more logical headers. 
# - Added functionality for account Enabled, 
#   PasswordNeverExpires, ProfilePath, ScriptPath, 
#   HomeDirectory and HomeDrive 
# - Added the option to move every user to a different OU. 
# Version 1.3: 08-07-2014 
# - Added functionality for ProxyAddresses 
 
# ERROR REPORTING ALL 
Set-StrictMode -Version latest 
 
#---------------------------------------------------------- 
# LOAD ASSEMBLIES AND MODULES 
#---------------------------------------------------------- 
Try 
{ 
  Import-Module ActiveDirectory -ErrorAction Stop 
} 
Catch 
{ 
  Write-Host "[ERROR]`t ActiveDirectory Module couldn't be loaded. Script will stop!" 
  Exit 1 
} 
 
#---------------------------------------------------------- 
#STATIC VARIABLES 
#---------------------------------------------------------- 
$path     = Split-Path -parent $MyInvocation.MyCommand.Definition 
$newpath  = $path + "\import_create_ad_users.csv" 
$log      = $path + "\create_ad_users.log" 
$date     = Get-Date 
$addn     = (Get-ADDomain).DistinguishedName 
$dnsroot  = (Get-ADDomain).DNSRoot 
$i        = 1 
 
#---------------------------------------------------------- 
#START FUNCTIONS 
#---------------------------------------------------------- 
Function Start-Commands 
{ 
  Create-Users 
} 
 
Function Create-Users 
{ 
  "Processing started (on " + $date + "): " | Out-File $log -append 
  "--------------------------------------------" | Out-File $log -append 
  Import-CSV $newpath | ForEach-Object { 
    If (($_.Implement.ToLower()) -eq "yes") 
    { 
      If (($_.GivenName -eq "") -Or ($_.LastName -eq "") -Or ($_.Initials -eq "")) 
      { 
        Write-Host "[ERROR]`t Please provide valid GivenName, LastName and Initials. Processing skipped for line $($i)`r`n" 
        "[ERROR]`t Please provide valid GivenName, LastName and Initials. Processing skipped for line $($i)`r`n" | Out-File $log -append 
      } 
      Else 
      { 
        # Set the target OU 
        $location = $_.TargetOU + ",$($addn)" 
 
        # Set the Enabled and PasswordNeverExpires properties 
        If (($_.Enabled.ToLower()) -eq "true") { $enabled = $True } Else { $enabled = $False } 
        If (($_.PasswordNeverExpires.ToLower()) -eq "true") { $expires = $True } Else { $expires = $False } 
 
        # A check for the country, because those were full names and need  
        # to be land codes in order for AD to accept them. I used Netherlands  
        # as example 
        If($_.Country -eq "Netherlands") 
        { 
          $_.Country = "NL" 
        } 
        Else 
        { 
          $_.Country = "EN" 
        } 
        # Replace dots / points (.) in names, because AD will error when a  
        # name ends with a dot (and it looks cleaner as well) 
        $replace = $_.Lastname.Replace(".","") 
        If($replace.length -lt 4) 
        { 
          $lastname = $replace 
        } 
        Else 
        { 
          $lastname = $replace.substring(0,4) 
        } 
        # Create sAMAccountName according to this 'naming convention': 
        # <FirstLetterInitials><FirstFourLettersLastName> for example 
        # htehp 
        $sam = $_.Initials.substring(0,1).ToLower() + $lastname.ToLower() 
        Try   { $exists = Get-ADUser -LDAPFilter "(sAMAccountName=$sam)" } 
        Catch { } 
        If(!$exists) 
        { 
          # Set all variables according to the table names in the Excel  
          # sheet / import CSV. The names can differ in every project, but  
          # if the names change, make sure to change it below as well. 
          $setpass = ConvertTo-SecureString -AsPlainText $_.Password -force 
 
          Try 
          { 
            Write-Host "[INFO]`t Creating user : $($sam)" 
            "[INFO]`t Creating user : $($sam)" | Out-File $log -append 
            New-ADUser $sam -GivenName $_.GivenName -Initials $_.Initials ` 
            -Surname $_.LastName -DisplayName ($_.LastName + "," + $_.Initials + " " + $_.GivenName) ` 
            -Office $_.OfficeName -Description $_.Description -EmailAddress $_.Mail ` 
            -StreetAddress $_.StreetAddress -City $_.City -State $_.State ` 
            -PostalCode $_.PostalCode -Country $_.Country -UserPrincipalName ($sam + "@" + $dnsroot) ` 
            -Company $_.Company -Department $_.Department -EmployeeID $_.EmployeeID ` 
            -Title $_.Title -OfficePhone $_.Phone -AccountPassword $setpass -Manager $_.Manager ` 
            -profilePath $_.ProfilePath -scriptPath $_.ScriptPath -homeDirectory $_.HomeDirectory ` 
            -homeDrive $_.homeDrive -Enabled $enabled -PasswordNeverExpires $expires 
            Write-Host "[INFO]`t Created new user : $($sam)" 
            "[INFO]`t Created new user : $($sam)" | Out-File $log -append 
      
            $dn = (Get-ADUser $sam).DistinguishedName 
            # Set an ExtensionAttribute 
            If ($_.ExtensionAttribute1 -ne "" -And $_.ExtensionAttribute1 -ne $Null) 
            { 
              $ext = [ADSI]"LDAP://$dn" 
              $ext.Put("extensionAttribute1", $_.ExtensionAttribute1) 
              Try   { $ext.SetInfo() } 
              Catch { Write-Host "[ERROR]`t Couldn't set the Extension Attribute : $($_.Exception.Message)" } 
            } 
 
            # Set ProxyAdresses 
            Try { $dn | Set-ADUser -Add @{proxyAddresses = ($_.ProxyAddresses -split ";")} -ErrorAction Stop } 
            Catch { Write-Host "[ERROR]`t Couldn't set the ProxyAddresses Attributes : $($_.Exception.Message)" } 
        
            # Move the user to the OU ($location) you set above. If you don't 
            # want to move the user(s) and just create them in the global Users 
            # OU, comment the string below 
            If ([adsi]::Exists("LDAP://$($location)")) 
            { 
              Move-ADObject -Identity $dn -TargetPath $location 
              Write-Host "[INFO]`t User $sam moved to target OU : $($location)" 
              "[INFO]`t User $sam moved to target OU : $($location)" | Out-File $log -append 
            } 
            Else 
            { 
              Write-Host "[ERROR]`t Targeted OU couldn't be found. Newly created user wasn't moved!" 
              "[ERROR]`t Targeted OU couldn't be found. Newly created user wasn't moved!" | Out-File $log -append 
            } 
        
            # Rename the object to a good looking name (otherwise you see 
            # the 'ugly' shortened sAMAccountNames as a name in AD. This 
            # can't be set right away (as sAMAccountName) due to the 20 
            # character restriction 
            $newdn = (Get-ADUser $sam).DistinguishedName 
            Rename-ADObject -Identity $newdn -NewName ($_.GivenName + " " + $_.LastName) 
            Write-Host "[INFO]`t Renamed $($sam) to $($_.GivenName) $($_.LastName)`r`n" 
            "[INFO]`t Renamed $($sam) to $($_.GivenName) $($_.LastName)`r`n" | Out-File $log -append 
          } 
          Catch 
          { 
            Write-Host "[ERROR]`t Oops, something went wrong: $($_.Exception.Message)`r`n" 
          } 
        } 
        Else 
        { 
          Write-Host "[SKIP]`t User $($sam) ($($_.GivenName) $($_.LastName)) already exists or returned an error!`r`n" 
          "[SKIP]`t User $($sam) ($($_.GivenName) $($_.LastName)) already exists or returned an error!" | Out-File $log -append 
        } 
      } 
    } 
    Else 
    { 
      Write-Host "[SKIP]`t User ($($_.GivenName) $($_.LastName)) will be skipped for processing!`r`n" 
      "[SKIP]`t User ($($_.GivenName) $($_.LastName)) will be skipped for processing!" | Out-File $log -append 
    } 
    $i++ 
  } 
  "--------------------------------------------" + "`r`n" | Out-File $log -append 
} 
 
Write-Host "STARTED SCRIPT`r`n" 
Start-Commands 
Write-Host "STOPPED SCRIPT"

 

In the Excel file / Input CSV the following (general) structure was used (the values are example values).

import_create_ad_users.csv

 
PowerShell

# LINE1 (the table headings in the Excel) 
  
# Implement,GivenName,LastName,Initials,OfficeName, 
# Description,Mail,StreetAddress,City,PostalCode, 
# State,Country,Company,Department,EmployeeID, 
# ExtensionAttribute1,Title,Phone,Manager,ProfilePath, 
# ScriptPath,HomeDirectory,HomeDrive,Password, 
# PasswordNeverExpires,Enabled,TargetOU,ProxyAddresses 
 
# LINE2 (first entry, all other entries look the same. As you can see 
# there are also tables which aren't used, but are no problem for 
# the script to work! 
  
# Yes,Hican,TehPwn,H.,Hican Building,Hican Net, 
# info@hican.nl,Hicanstreet 1,Hicancity,1337, 
# TheStateOfHican,Netherlands,Hican.nl,*,HIC1337,, 
# CEO,+0000000000,Hican,\\profile\path,\\script\path,\\home\\dir,H:,IDDQD_1337#, 
# False,True,"OU=Users,OU=Lab","SMTP:CHECK;SMTP:CHECK2"

Open in new window

http://bit.ly/1x9TSqe
0

Featured Post

Free Tool: Port Scanner

Check which ports are open to the outside world. Helps make sure that your firewall rules are working as intended.

One of a set of tools we are providing to everyone as a way of saying thank you for being a part of the community.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Introduction: I have always been a big fan of Windows but my liking towards it is slowly being eroded by the variety of other Applications that I encounter, when I browse the Web. Most of the software available is free and maybe Open Source too. …
Ever notice how you can't use a new drive in Windows without having Windows assigning a Disk Signature?  Ever have a signature collision problem (especially with Virtual Machines?)  This article is intended to help you understand what's going on and…
In this video, we discuss why the need for additional vertical screen space has become more important in recent years, namely, due to the transition in the marketplace of 4x3 computer screens to 16x9 and 16x10 screens (so-called widescreen format). …
With the advent of Windows 10, Microsoft is pushing a Get Windows 10 icon into the notification area (system tray) of qualifying computers. There are many reasons for wanting to remove this icon. This two-part Experts Exchange video Micro Tutorial s…

751 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question