[Webinar] Streamline your web hosting managementRegister Today

x
  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 223
  • Last Modified:

AD users & computers copying or exporting

Dear Experts,

As I am new to the servers & self learning now  for testing purpose I have created two servers with 2008 installed. Configured one server as a Domain & created some OUS & users. I want to create another domain & export all the OUS & users from the old domain to the new one . How can I. I have attached the screenshot of my old server. I have to copy or export the full AD users & computers page.

Regards,

JCT
AD.jpg
0
jct_777
Asked:
jct_777
  • 3
  • 2
  • 2
1 Solution
 
Joseph DalyCommented:
So since you are learning i am going to ask a few questions as to you what you are trying to do.

You mention you created a domain and then added some users to it. Good start. With your second server do you want to create a seperate domain or do you want to join it to the existing domain.

I would think you would want to join the new server to the existing domain at which point the users will replicate between the two.
0
 
David Johnson, CD, MVPOwnerCommented:
you should look in to the Active Directory Migraion Toolkit
Though it is easy enough to capture the users using a powershell script to a csv and then use powershell to import the users..
Export https://4sysops.com/archives/export-active-directory-users-with-powershell/
0
 
jct_777Author Commented:
Hi,

With the second server i want to configure it as a child domain or want to replicate the main one. In case if something happens to the main DC then full organisation is affected. Without downtime how can i make this server up with all the configurations.

Regards,

JCT
0
Get your problem seen by more experts

Be seen. Boost your question’s priority for more expert views and faster solutions

 
Joseph DalyCommented:
So if you want to join it to the domain and make it a second domain controller that will fill the replication and will copy the objects over

Most organizations have two or more domain controllers for this exact reason

For the steps you want to look at in order to do this Google dcpromo process.

I would paste a link for you but I'm mobile currently
0
 
jct_777Author Commented:
Hi ,

Its ok .I will google dcpromo process. What if i want to create a totally separate  new domain & want to add all the AD users & settings from the old server to the new one. What I have to do for that. After doing this I will remove the old server & make the new server the primary one.

Regards,

JCT
0
 
jct_777Author Commented:
Hi,

Still waiting for valuable reply.

Regards,

JCT
0
 
David Johnson, CD, MVPOwnerCommented:
you will have to export the users from the old AD domain into preferably a .csv and then import the users into the new AD domain. You may have to export the groups first and then import the groups into the new AD
export-ADgroups-members.ps1
$GroupInfo = '' | Select 'Group Name','Group Description','Member Name','Member Description'
$AllGroups = @()
$MyGroups = Get-QADGroup -SearchRoot "xxx.local/Company/Groups/Resources/Filesrv" -DontUseDefaultIncludedProperties  -IncludedProperties Name,Description,Member | select Name,Description,Member
foreach($Group in $MyGroups){
    $GroupInfo.'Group Name' = $Group.Name
    $GroupInfo.'Group Description' = $Group.Description
    foreach($Member in $Group.Member){
        $User = Get-QADUser $Member -DontUseDefaultIncludedProperties -IncludedProperties Name,Description | select Name,Description
        $GroupInfo.'Member Name' = $User.Name
        $GroupInfo.'Member Description' = $User.Description 
        #it takes a while to go through a lot of goups...this just lets you watch so you don't think it's broke and cancel it.
        $GroupInfo | select 'Group Name','Group Description','Member Name','Member Description'
        $AllGroups += $GroupInfo | Select 'Group Name','Group Description','Member Name','Member Description'
    }
}

$AllGroups | Export-Csv allginfo.csv -NoTypeInformation #Export all that group info to csv file.

Open in new window


csvde -f test.csv  
exportADusers.ps1
$alist = "Name`tAccountName`tDescription`tEmailAddress`tLastLogonDate`tManager`tTitle`tDepartment`tCompany`twhenCreated`tAcctEnabled`tGroups`n"
$userlist = Get-ADUser -Filter * -Properties * | Select-Object -Property Name,SamAccountName,Description,EmailAddress,LastLogonDate,Manager,Title,Department,Company,whenCreated,Enabled,MemberOf | Sort-Object -Property Name
$userlist | ForEach-Object {
    $grps = $_.MemberOf | Get-ADGroup | ForEach-Object {$_.Name} | Sort-Object
    $arec = $_.Name,$_.SamAccountName,$_.Description,$_.EmailAddress,$_LastLogonDate,$_.Manager,$_.Title,$_.Department,$_.Company,$_.whenCreated,$_.Enabled
    $aline = ($arec -join "`t") + "`t" + ($grps -join "`t") + "`n"
    $alist += $aline
}
$alist | Out-File D:\Temp\ADUsers.csv

Open in new window

http://bit.ly/1ERvvzJ

import-ADusers.ps1
########################################################### 
# AUTHOR  : Marius / Hican - http://www.hican.nl - @hicannl  
# DATE    : 26-04-2012  
# EDIT    : 07-08-2014 
# COMMENT : This script creates new Active Directory users, 
#           including different kind of properties, based 
#           on an input_create_ad_users.csv. 
# VERSION : 1.3 
########################################################### 
 
# CHANGELOG 
# Version 1.2: 15-04-2014 - Changed the code for better 
# - Added better Error Handling and Reporting. 
# - Changed input file with more logical headers. 
# - Added functionality for account Enabled, 
#   PasswordNeverExpires, ProfilePath, ScriptPath, 
#   HomeDirectory and HomeDrive 
# - Added the option to move every user to a different OU. 
# Version 1.3: 08-07-2014 
# - Added functionality for ProxyAddresses 
 
# ERROR REPORTING ALL 
Set-StrictMode -Version latest 
 
#---------------------------------------------------------- 
# LOAD ASSEMBLIES AND MODULES 
#---------------------------------------------------------- 
Try 
{ 
  Import-Module ActiveDirectory -ErrorAction Stop 
} 
Catch 
{ 
  Write-Host "[ERROR]`t ActiveDirectory Module couldn't be loaded. Script will stop!" 
  Exit 1 
} 
 
#---------------------------------------------------------- 
#STATIC VARIABLES 
#---------------------------------------------------------- 
$path     = Split-Path -parent $MyInvocation.MyCommand.Definition 
$newpath  = $path + "\import_create_ad_users.csv" 
$log      = $path + "\create_ad_users.log" 
$date     = Get-Date 
$addn     = (Get-ADDomain).DistinguishedName 
$dnsroot  = (Get-ADDomain).DNSRoot 
$i        = 1 
 
#---------------------------------------------------------- 
#START FUNCTIONS 
#---------------------------------------------------------- 
Function Start-Commands 
{ 
  Create-Users 
} 
 
Function Create-Users 
{ 
  "Processing started (on " + $date + "): " | Out-File $log -append 
  "--------------------------------------------" | Out-File $log -append 
  Import-CSV $newpath | ForEach-Object { 
    If (($_.Implement.ToLower()) -eq "yes") 
    { 
      If (($_.GivenName -eq "") -Or ($_.LastName -eq "") -Or ($_.Initials -eq "")) 
      { 
        Write-Host "[ERROR]`t Please provide valid GivenName, LastName and Initials. Processing skipped for line $($i)`r`n" 
        "[ERROR]`t Please provide valid GivenName, LastName and Initials. Processing skipped for line $($i)`r`n" | Out-File $log -append 
      } 
      Else 
      { 
        # Set the target OU 
        $location = $_.TargetOU + ",$($addn)" 
 
        # Set the Enabled and PasswordNeverExpires properties 
        If (($_.Enabled.ToLower()) -eq "true") { $enabled = $True } Else { $enabled = $False } 
        If (($_.PasswordNeverExpires.ToLower()) -eq "true") { $expires = $True } Else { $expires = $False } 
 
        # A check for the country, because those were full names and need  
        # to be land codes in order for AD to accept them. I used Netherlands  
        # as example 
        If($_.Country -eq "Netherlands") 
        { 
          $_.Country = "NL" 
        } 
        Else 
        { 
          $_.Country = "EN" 
        } 
        # Replace dots / points (.) in names, because AD will error when a  
        # name ends with a dot (and it looks cleaner as well) 
        $replace = $_.Lastname.Replace(".","") 
        If($replace.length -lt 4) 
        { 
          $lastname = $replace 
        } 
        Else 
        { 
          $lastname = $replace.substring(0,4) 
        } 
        # Create sAMAccountName according to this 'naming convention': 
        # <FirstLetterInitials><FirstFourLettersLastName> for example 
        # htehp 
        $sam = $_.Initials.substring(0,1).ToLower() + $lastname.ToLower() 
        Try   { $exists = Get-ADUser -LDAPFilter "(sAMAccountName=$sam)" } 
        Catch { } 
        If(!$exists) 
        { 
          # Set all variables according to the table names in the Excel  
          # sheet / import CSV. The names can differ in every project, but  
          # if the names change, make sure to change it below as well. 
          $setpass = ConvertTo-SecureString -AsPlainText $_.Password -force 
 
          Try 
          { 
            Write-Host "[INFO]`t Creating user : $($sam)" 
            "[INFO]`t Creating user : $($sam)" | Out-File $log -append 
            New-ADUser $sam -GivenName $_.GivenName -Initials $_.Initials ` 
            -Surname $_.LastName -DisplayName ($_.LastName + "," + $_.Initials + " " + $_.GivenName) ` 
            -Office $_.OfficeName -Description $_.Description -EmailAddress $_.Mail ` 
            -StreetAddress $_.StreetAddress -City $_.City -State $_.State ` 
            -PostalCode $_.PostalCode -Country $_.Country -UserPrincipalName ($sam + "@" + $dnsroot) ` 
            -Company $_.Company -Department $_.Department -EmployeeID $_.EmployeeID ` 
            -Title $_.Title -OfficePhone $_.Phone -AccountPassword $setpass -Manager $_.Manager ` 
            -profilePath $_.ProfilePath -scriptPath $_.ScriptPath -homeDirectory $_.HomeDirectory ` 
            -homeDrive $_.homeDrive -Enabled $enabled -PasswordNeverExpires $expires 
            Write-Host "[INFO]`t Created new user : $($sam)" 
            "[INFO]`t Created new user : $($sam)" | Out-File $log -append 
      
            $dn = (Get-ADUser $sam).DistinguishedName 
            # Set an ExtensionAttribute 
            If ($_.ExtensionAttribute1 -ne "" -And $_.ExtensionAttribute1 -ne $Null) 
            { 
              $ext = [ADSI]"LDAP://$dn" 
              $ext.Put("extensionAttribute1", $_.ExtensionAttribute1) 
              Try   { $ext.SetInfo() } 
              Catch { Write-Host "[ERROR]`t Couldn't set the Extension Attribute : $($_.Exception.Message)" } 
            } 
 
            # Set ProxyAdresses 
            Try { $dn | Set-ADUser -Add @{proxyAddresses = ($_.ProxyAddresses -split ";")} -ErrorAction Stop } 
            Catch { Write-Host "[ERROR]`t Couldn't set the ProxyAddresses Attributes : $($_.Exception.Message)" } 
        
            # Move the user to the OU ($location) you set above. If you don't 
            # want to move the user(s) and just create them in the global Users 
            # OU, comment the string below 
            If ([adsi]::Exists("LDAP://$($location)")) 
            { 
              Move-ADObject -Identity $dn -TargetPath $location 
              Write-Host "[INFO]`t User $sam moved to target OU : $($location)" 
              "[INFO]`t User $sam moved to target OU : $($location)" | Out-File $log -append 
            } 
            Else 
            { 
              Write-Host "[ERROR]`t Targeted OU couldn't be found. Newly created user wasn't moved!" 
              "[ERROR]`t Targeted OU couldn't be found. Newly created user wasn't moved!" | Out-File $log -append 
            } 
        
            # Rename the object to a good looking name (otherwise you see 
            # the 'ugly' shortened sAMAccountNames as a name in AD. This 
            # can't be set right away (as sAMAccountName) due to the 20 
            # character restriction 
            $newdn = (Get-ADUser $sam).DistinguishedName 
            Rename-ADObject -Identity $newdn -NewName ($_.GivenName + " " + $_.LastName) 
            Write-Host "[INFO]`t Renamed $($sam) to $($_.GivenName) $($_.LastName)`r`n" 
            "[INFO]`t Renamed $($sam) to $($_.GivenName) $($_.LastName)`r`n" | Out-File $log -append 
          } 
          Catch 
          { 
            Write-Host "[ERROR]`t Oops, something went wrong: $($_.Exception.Message)`r`n" 
          } 
        } 
        Else 
        { 
          Write-Host "[SKIP]`t User $($sam) ($($_.GivenName) $($_.LastName)) already exists or returned an error!`r`n" 
          "[SKIP]`t User $($sam) ($($_.GivenName) $($_.LastName)) already exists or returned an error!" | Out-File $log -append 
        } 
      } 
    } 
    Else 
    { 
      Write-Host "[SKIP]`t User ($($_.GivenName) $($_.LastName)) will be skipped for processing!`r`n" 
      "[SKIP]`t User ($($_.GivenName) $($_.LastName)) will be skipped for processing!" | Out-File $log -append 
    } 
    $i++ 
  } 
  "--------------------------------------------" + "`r`n" | Out-File $log -append 
} 
 
Write-Host "STARTED SCRIPT`r`n" 
Start-Commands 
Write-Host "STOPPED SCRIPT"

 

In the Excel file / Input CSV the following (general) structure was used (the values are example values).

import_create_ad_users.csv

 
PowerShell

# LINE1 (the table headings in the Excel) 
  
# Implement,GivenName,LastName,Initials,OfficeName, 
# Description,Mail,StreetAddress,City,PostalCode, 
# State,Country,Company,Department,EmployeeID, 
# ExtensionAttribute1,Title,Phone,Manager,ProfilePath, 
# ScriptPath,HomeDirectory,HomeDrive,Password, 
# PasswordNeverExpires,Enabled,TargetOU,ProxyAddresses 
 
# LINE2 (first entry, all other entries look the same. As you can see 
# there are also tables which aren't used, but are no problem for 
# the script to work! 
  
# Yes,Hican,TehPwn,H.,Hican Building,Hican Net, 
# info@hican.nl,Hicanstreet 1,Hicancity,1337, 
# TheStateOfHican,Netherlands,Hican.nl,*,HIC1337,, 
# CEO,+0000000000,Hican,\\profile\path,\\script\path,\\home\\dir,H:,IDDQD_1337#, 
# False,True,"OU=Users,OU=Lab","SMTP:CHECK;SMTP:CHECK2"

Open in new window

http://bit.ly/1x9TSqe
0

Featured Post

Get expert help—faster!

Need expert help—fast? Use the Help Bell for personalized assistance getting answers to your important questions.

  • 3
  • 2
  • 2
Tackle projects and never again get stuck behind a technical roadblock.
Join Now