Solved

AD users & computers copying or exporting

Posted on 2014-11-14
7
189 Views
Last Modified: 2014-11-17
Dear Experts,

As I am new to the servers & self learning now  for testing purpose I have created two servers with 2008 installed. Configured one server as a Domain & created some OUS & users. I want to create another domain & export all the OUS & users from the old domain to the new one . How can I. I have attached the screenshot of my old server. I have to copy or export the full AD users & computers page.

Regards,

JCT
AD.jpg
0
Comment
Question by:jct_777
  • 3
  • 2
  • 2
7 Comments
 
LVL 35

Expert Comment

by:Joseph Daly
ID: 40443588
So since you are learning i am going to ask a few questions as to you what you are trying to do.

You mention you created a domain and then added some users to it. Good start. With your second server do you want to create a seperate domain or do you want to join it to the existing domain.

I would think you would want to join the new server to the existing domain at which point the users will replicate between the two.
0
 
LVL 78

Expert Comment

by:David Johnson, CD, MVP
ID: 40443763
you should look in to the Active Directory Migraion Toolkit
Though it is easy enough to capture the users using a powershell script to a csv and then use powershell to import the users..
Export https://4sysops.com/archives/export-active-directory-users-with-powershell/
0
 
LVL 1

Author Comment

by:jct_777
ID: 40443802
Hi,

With the second server i want to configure it as a child domain or want to replicate the main one. In case if something happens to the main DC then full organisation is affected. Without downtime how can i make this server up with all the configurations.

Regards,

JCT
0
Maximize Your Threat Intelligence Reporting

Reporting is one of the most important and least talked about aspects of a world-class threat intelligence program. Here’s how to do it right.

 
LVL 35

Expert Comment

by:Joseph Daly
ID: 40443817
So if you want to join it to the domain and make it a second domain controller that will fill the replication and will copy the objects over

Most organizations have two or more domain controllers for this exact reason

For the steps you want to look at in order to do this Google dcpromo process.

I would paste a link for you but I'm mobile currently
0
 
LVL 1

Author Comment

by:jct_777
ID: 40443835
Hi ,

Its ok .I will google dcpromo process. What if i want to create a totally separate  new domain & want to add all the AD users & settings from the old server to the new one. What I have to do for that. After doing this I will remove the old server & make the new server the primary one.

Regards,

JCT
0
 
LVL 1

Author Comment

by:jct_777
ID: 40445390
Hi,

Still waiting for valuable reply.

Regards,

JCT
0
 
LVL 78

Accepted Solution

by:
David Johnson, CD, MVP earned 500 total points
ID: 40445740
you will have to export the users from the old AD domain into preferably a .csv and then import the users into the new AD domain. You may have to export the groups first and then import the groups into the new AD
export-ADgroups-members.ps1
$GroupInfo = '' | Select 'Group Name','Group Description','Member Name','Member Description'
$AllGroups = @()
$MyGroups = Get-QADGroup -SearchRoot "xxx.local/Company/Groups/Resources/Filesrv" -DontUseDefaultIncludedProperties  -IncludedProperties Name,Description,Member | select Name,Description,Member
foreach($Group in $MyGroups){
    $GroupInfo.'Group Name' = $Group.Name
    $GroupInfo.'Group Description' = $Group.Description
    foreach($Member in $Group.Member){
        $User = Get-QADUser $Member -DontUseDefaultIncludedProperties -IncludedProperties Name,Description | select Name,Description
        $GroupInfo.'Member Name' = $User.Name
        $GroupInfo.'Member Description' = $User.Description 
        #it takes a while to go through a lot of goups...this just lets you watch so you don't think it's broke and cancel it.
        $GroupInfo | select 'Group Name','Group Description','Member Name','Member Description'
        $AllGroups += $GroupInfo | Select 'Group Name','Group Description','Member Name','Member Description'
    }
}

$AllGroups | Export-Csv allginfo.csv -NoTypeInformation #Export all that group info to csv file.

Open in new window


csvde -f test.csv  
exportADusers.ps1
$alist = "Name`tAccountName`tDescription`tEmailAddress`tLastLogonDate`tManager`tTitle`tDepartment`tCompany`twhenCreated`tAcctEnabled`tGroups`n"
$userlist = Get-ADUser -Filter * -Properties * | Select-Object -Property Name,SamAccountName,Description,EmailAddress,LastLogonDate,Manager,Title,Department,Company,whenCreated,Enabled,MemberOf | Sort-Object -Property Name
$userlist | ForEach-Object {
    $grps = $_.MemberOf | Get-ADGroup | ForEach-Object {$_.Name} | Sort-Object
    $arec = $_.Name,$_.SamAccountName,$_.Description,$_.EmailAddress,$_LastLogonDate,$_.Manager,$_.Title,$_.Department,$_.Company,$_.whenCreated,$_.Enabled
    $aline = ($arec -join "`t") + "`t" + ($grps -join "`t") + "`n"
    $alist += $aline
}
$alist | Out-File D:\Temp\ADUsers.csv

Open in new window

http://bit.ly/1ERvvzJ

import-ADusers.ps1
########################################################### 
# AUTHOR  : Marius / Hican - http://www.hican.nl - @hicannl  
# DATE    : 26-04-2012  
# EDIT    : 07-08-2014 
# COMMENT : This script creates new Active Directory users, 
#           including different kind of properties, based 
#           on an input_create_ad_users.csv. 
# VERSION : 1.3 
########################################################### 
 
# CHANGELOG 
# Version 1.2: 15-04-2014 - Changed the code for better 
# - Added better Error Handling and Reporting. 
# - Changed input file with more logical headers. 
# - Added functionality for account Enabled, 
#   PasswordNeverExpires, ProfilePath, ScriptPath, 
#   HomeDirectory and HomeDrive 
# - Added the option to move every user to a different OU. 
# Version 1.3: 08-07-2014 
# - Added functionality for ProxyAddresses 
 
# ERROR REPORTING ALL 
Set-StrictMode -Version latest 
 
#---------------------------------------------------------- 
# LOAD ASSEMBLIES AND MODULES 
#---------------------------------------------------------- 
Try 
{ 
  Import-Module ActiveDirectory -ErrorAction Stop 
} 
Catch 
{ 
  Write-Host "[ERROR]`t ActiveDirectory Module couldn't be loaded. Script will stop!" 
  Exit 1 
} 
 
#---------------------------------------------------------- 
#STATIC VARIABLES 
#---------------------------------------------------------- 
$path     = Split-Path -parent $MyInvocation.MyCommand.Definition 
$newpath  = $path + "\import_create_ad_users.csv" 
$log      = $path + "\create_ad_users.log" 
$date     = Get-Date 
$addn     = (Get-ADDomain).DistinguishedName 
$dnsroot  = (Get-ADDomain).DNSRoot 
$i        = 1 
 
#---------------------------------------------------------- 
#START FUNCTIONS 
#---------------------------------------------------------- 
Function Start-Commands 
{ 
  Create-Users 
} 
 
Function Create-Users 
{ 
  "Processing started (on " + $date + "): " | Out-File $log -append 
  "--------------------------------------------" | Out-File $log -append 
  Import-CSV $newpath | ForEach-Object { 
    If (($_.Implement.ToLower()) -eq "yes") 
    { 
      If (($_.GivenName -eq "") -Or ($_.LastName -eq "") -Or ($_.Initials -eq "")) 
      { 
        Write-Host "[ERROR]`t Please provide valid GivenName, LastName and Initials. Processing skipped for line $($i)`r`n" 
        "[ERROR]`t Please provide valid GivenName, LastName and Initials. Processing skipped for line $($i)`r`n" | Out-File $log -append 
      } 
      Else 
      { 
        # Set the target OU 
        $location = $_.TargetOU + ",$($addn)" 
 
        # Set the Enabled and PasswordNeverExpires properties 
        If (($_.Enabled.ToLower()) -eq "true") { $enabled = $True } Else { $enabled = $False } 
        If (($_.PasswordNeverExpires.ToLower()) -eq "true") { $expires = $True } Else { $expires = $False } 
 
        # A check for the country, because those were full names and need  
        # to be land codes in order for AD to accept them. I used Netherlands  
        # as example 
        If($_.Country -eq "Netherlands") 
        { 
          $_.Country = "NL" 
        } 
        Else 
        { 
          $_.Country = "EN" 
        } 
        # Replace dots / points (.) in names, because AD will error when a  
        # name ends with a dot (and it looks cleaner as well) 
        $replace = $_.Lastname.Replace(".","") 
        If($replace.length -lt 4) 
        { 
          $lastname = $replace 
        } 
        Else 
        { 
          $lastname = $replace.substring(0,4) 
        } 
        # Create sAMAccountName according to this 'naming convention': 
        # <FirstLetterInitials><FirstFourLettersLastName> for example 
        # htehp 
        $sam = $_.Initials.substring(0,1).ToLower() + $lastname.ToLower() 
        Try   { $exists = Get-ADUser -LDAPFilter "(sAMAccountName=$sam)" } 
        Catch { } 
        If(!$exists) 
        { 
          # Set all variables according to the table names in the Excel  
          # sheet / import CSV. The names can differ in every project, but  
          # if the names change, make sure to change it below as well. 
          $setpass = ConvertTo-SecureString -AsPlainText $_.Password -force 
 
          Try 
          { 
            Write-Host "[INFO]`t Creating user : $($sam)" 
            "[INFO]`t Creating user : $($sam)" | Out-File $log -append 
            New-ADUser $sam -GivenName $_.GivenName -Initials $_.Initials ` 
            -Surname $_.LastName -DisplayName ($_.LastName + "," + $_.Initials + " " + $_.GivenName) ` 
            -Office $_.OfficeName -Description $_.Description -EmailAddress $_.Mail ` 
            -StreetAddress $_.StreetAddress -City $_.City -State $_.State ` 
            -PostalCode $_.PostalCode -Country $_.Country -UserPrincipalName ($sam + "@" + $dnsroot) ` 
            -Company $_.Company -Department $_.Department -EmployeeID $_.EmployeeID ` 
            -Title $_.Title -OfficePhone $_.Phone -AccountPassword $setpass -Manager $_.Manager ` 
            -profilePath $_.ProfilePath -scriptPath $_.ScriptPath -homeDirectory $_.HomeDirectory ` 
            -homeDrive $_.homeDrive -Enabled $enabled -PasswordNeverExpires $expires 
            Write-Host "[INFO]`t Created new user : $($sam)" 
            "[INFO]`t Created new user : $($sam)" | Out-File $log -append 
      
            $dn = (Get-ADUser $sam).DistinguishedName 
            # Set an ExtensionAttribute 
            If ($_.ExtensionAttribute1 -ne "" -And $_.ExtensionAttribute1 -ne $Null) 
            { 
              $ext = [ADSI]"LDAP://$dn" 
              $ext.Put("extensionAttribute1", $_.ExtensionAttribute1) 
              Try   { $ext.SetInfo() } 
              Catch { Write-Host "[ERROR]`t Couldn't set the Extension Attribute : $($_.Exception.Message)" } 
            } 
 
            # Set ProxyAdresses 
            Try { $dn | Set-ADUser -Add @{proxyAddresses = ($_.ProxyAddresses -split ";")} -ErrorAction Stop } 
            Catch { Write-Host "[ERROR]`t Couldn't set the ProxyAddresses Attributes : $($_.Exception.Message)" } 
        
            # Move the user to the OU ($location) you set above. If you don't 
            # want to move the user(s) and just create them in the global Users 
            # OU, comment the string below 
            If ([adsi]::Exists("LDAP://$($location)")) 
            { 
              Move-ADObject -Identity $dn -TargetPath $location 
              Write-Host "[INFO]`t User $sam moved to target OU : $($location)" 
              "[INFO]`t User $sam moved to target OU : $($location)" | Out-File $log -append 
            } 
            Else 
            { 
              Write-Host "[ERROR]`t Targeted OU couldn't be found. Newly created user wasn't moved!" 
              "[ERROR]`t Targeted OU couldn't be found. Newly created user wasn't moved!" | Out-File $log -append 
            } 
        
            # Rename the object to a good looking name (otherwise you see 
            # the 'ugly' shortened sAMAccountNames as a name in AD. This 
            # can't be set right away (as sAMAccountName) due to the 20 
            # character restriction 
            $newdn = (Get-ADUser $sam).DistinguishedName 
            Rename-ADObject -Identity $newdn -NewName ($_.GivenName + " " + $_.LastName) 
            Write-Host "[INFO]`t Renamed $($sam) to $($_.GivenName) $($_.LastName)`r`n" 
            "[INFO]`t Renamed $($sam) to $($_.GivenName) $($_.LastName)`r`n" | Out-File $log -append 
          } 
          Catch 
          { 
            Write-Host "[ERROR]`t Oops, something went wrong: $($_.Exception.Message)`r`n" 
          } 
        } 
        Else 
        { 
          Write-Host "[SKIP]`t User $($sam) ($($_.GivenName) $($_.LastName)) already exists or returned an error!`r`n" 
          "[SKIP]`t User $($sam) ($($_.GivenName) $($_.LastName)) already exists or returned an error!" | Out-File $log -append 
        } 
      } 
    } 
    Else 
    { 
      Write-Host "[SKIP]`t User ($($_.GivenName) $($_.LastName)) will be skipped for processing!`r`n" 
      "[SKIP]`t User ($($_.GivenName) $($_.LastName)) will be skipped for processing!" | Out-File $log -append 
    } 
    $i++ 
  } 
  "--------------------------------------------" + "`r`n" | Out-File $log -append 
} 
 
Write-Host "STARTED SCRIPT`r`n" 
Start-Commands 
Write-Host "STOPPED SCRIPT"

 

In the Excel file / Input CSV the following (general) structure was used (the values are example values).

import_create_ad_users.csv

 
PowerShell

# LINE1 (the table headings in the Excel) 
  
# Implement,GivenName,LastName,Initials,OfficeName, 
# Description,Mail,StreetAddress,City,PostalCode, 
# State,Country,Company,Department,EmployeeID, 
# ExtensionAttribute1,Title,Phone,Manager,ProfilePath, 
# ScriptPath,HomeDirectory,HomeDrive,Password, 
# PasswordNeverExpires,Enabled,TargetOU,ProxyAddresses 
 
# LINE2 (first entry, all other entries look the same. As you can see 
# there are also tables which aren't used, but are no problem for 
# the script to work! 
  
# Yes,Hican,TehPwn,H.,Hican Building,Hican Net, 
# info@hican.nl,Hicanstreet 1,Hicancity,1337, 
# TheStateOfHican,Netherlands,Hican.nl,*,HIC1337,, 
# CEO,+0000000000,Hican,\\profile\path,\\script\path,\\home\\dir,H:,IDDQD_1337#, 
# False,True,"OU=Users,OU=Lab","SMTP:CHECK;SMTP:CHECK2"

Open in new window

http://bit.ly/1x9TSqe
0

Featured Post

How to run any project with ease

Manage projects of all sizes how you want. Great for personal to-do lists, project milestones, team priorities and launch plans.
- Combine task lists, docs, spreadsheets, and chat in one
- View and edit from mobile/offline
- Cut down on emails

Join & Write a Comment

Have you ever had a hard drive that you can't boot into, but need to change the registry? Here is the solution! This article guides you through accessing and editing a registry of a non-primary drive. To read registry information on a non-prim…
The password reset disk is often mentioned as the best solution to deal with the lost Windows password problem. In Windows 2008, 7, Vista and XP, a password reset disk can be easily created. But besides Windows 7/Vista/XP, Windows Server 2008 and ot…
This video Micro Tutorial explains how to clone a hard drive using a commercial software product for Windows systems called Casper from Future Systems Solutions (FSS). Cloning makes an exact, complete copy of one hard disk drive (HDD) onto another d…
In this video, we discuss why the need for additional vertical screen space has become more important in recent years, namely, due to the transition in the marketplace of 4x3 computer screens to 16x9 and 16x10 screens (so-called widescreen format). …

706 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

17 Experts available now in Live!

Get 1:1 Help Now