Solved

AD users & computers copying or exporting

Posted on 2014-11-14
7
208 Views
Last Modified: 2014-11-17
Dear Experts,

As I am new to the servers & self learning now  for testing purpose I have created two servers with 2008 installed. Configured one server as a Domain & created some OUS & users. I want to create another domain & export all the OUS & users from the old domain to the new one . How can I. I have attached the screenshot of my old server. I have to copy or export the full AD users & computers page.

Regards,

JCT
AD.jpg
0
Comment
Question by:jct_777
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 3
  • 2
  • 2
7 Comments
 
LVL 35

Expert Comment

by:Joseph Daly
ID: 40443588
So since you are learning i am going to ask a few questions as to you what you are trying to do.

You mention you created a domain and then added some users to it. Good start. With your second server do you want to create a seperate domain or do you want to join it to the existing domain.

I would think you would want to join the new server to the existing domain at which point the users will replicate between the two.
0
 
LVL 82

Expert Comment

by:David Johnson, CD, MVP
ID: 40443763
you should look in to the Active Directory Migraion Toolkit
Though it is easy enough to capture the users using a powershell script to a csv and then use powershell to import the users..
Export https://4sysops.com/archives/export-active-directory-users-with-powershell/
0
 
LVL 1

Author Comment

by:jct_777
ID: 40443802
Hi,

With the second server i want to configure it as a child domain or want to replicate the main one. In case if something happens to the main DC then full organisation is affected. Without downtime how can i make this server up with all the configurations.

Regards,

JCT
0
What does it mean to be "Always On"?

Is your cloud always on? With an Always On cloud you won't have to worry about downtime for maintenance or software application code updates, ensuring that your bottom line isn't affected.

 
LVL 35

Expert Comment

by:Joseph Daly
ID: 40443817
So if you want to join it to the domain and make it a second domain controller that will fill the replication and will copy the objects over

Most organizations have two or more domain controllers for this exact reason

For the steps you want to look at in order to do this Google dcpromo process.

I would paste a link for you but I'm mobile currently
0
 
LVL 1

Author Comment

by:jct_777
ID: 40443835
Hi ,

Its ok .I will google dcpromo process. What if i want to create a totally separate  new domain & want to add all the AD users & settings from the old server to the new one. What I have to do for that. After doing this I will remove the old server & make the new server the primary one.

Regards,

JCT
0
 
LVL 1

Author Comment

by:jct_777
ID: 40445390
Hi,

Still waiting for valuable reply.

Regards,

JCT
0
 
LVL 82

Accepted Solution

by:
David Johnson, CD, MVP earned 500 total points
ID: 40445740
you will have to export the users from the old AD domain into preferably a .csv and then import the users into the new AD domain. You may have to export the groups first and then import the groups into the new AD
export-ADgroups-members.ps1
$GroupInfo = '' | Select 'Group Name','Group Description','Member Name','Member Description'
$AllGroups = @()
$MyGroups = Get-QADGroup -SearchRoot "xxx.local/Company/Groups/Resources/Filesrv" -DontUseDefaultIncludedProperties  -IncludedProperties Name,Description,Member | select Name,Description,Member
foreach($Group in $MyGroups){
    $GroupInfo.'Group Name' = $Group.Name
    $GroupInfo.'Group Description' = $Group.Description
    foreach($Member in $Group.Member){
        $User = Get-QADUser $Member -DontUseDefaultIncludedProperties -IncludedProperties Name,Description | select Name,Description
        $GroupInfo.'Member Name' = $User.Name
        $GroupInfo.'Member Description' = $User.Description 
        #it takes a while to go through a lot of goups...this just lets you watch so you don't think it's broke and cancel it.
        $GroupInfo | select 'Group Name','Group Description','Member Name','Member Description'
        $AllGroups += $GroupInfo | Select 'Group Name','Group Description','Member Name','Member Description'
    }
}

$AllGroups | Export-Csv allginfo.csv -NoTypeInformation #Export all that group info to csv file.

Open in new window


csvde -f test.csv  
exportADusers.ps1
$alist = "Name`tAccountName`tDescription`tEmailAddress`tLastLogonDate`tManager`tTitle`tDepartment`tCompany`twhenCreated`tAcctEnabled`tGroups`n"
$userlist = Get-ADUser -Filter * -Properties * | Select-Object -Property Name,SamAccountName,Description,EmailAddress,LastLogonDate,Manager,Title,Department,Company,whenCreated,Enabled,MemberOf | Sort-Object -Property Name
$userlist | ForEach-Object {
    $grps = $_.MemberOf | Get-ADGroup | ForEach-Object {$_.Name} | Sort-Object
    $arec = $_.Name,$_.SamAccountName,$_.Description,$_.EmailAddress,$_LastLogonDate,$_.Manager,$_.Title,$_.Department,$_.Company,$_.whenCreated,$_.Enabled
    $aline = ($arec -join "`t") + "`t" + ($grps -join "`t") + "`n"
    $alist += $aline
}
$alist | Out-File D:\Temp\ADUsers.csv

Open in new window

http://bit.ly/1ERvvzJ

import-ADusers.ps1
########################################################### 
# AUTHOR  : Marius / Hican - http://www.hican.nl - @hicannl  
# DATE    : 26-04-2012  
# EDIT    : 07-08-2014 
# COMMENT : This script creates new Active Directory users, 
#           including different kind of properties, based 
#           on an input_create_ad_users.csv. 
# VERSION : 1.3 
########################################################### 
 
# CHANGELOG 
# Version 1.2: 15-04-2014 - Changed the code for better 
# - Added better Error Handling and Reporting. 
# - Changed input file with more logical headers. 
# - Added functionality for account Enabled, 
#   PasswordNeverExpires, ProfilePath, ScriptPath, 
#   HomeDirectory and HomeDrive 
# - Added the option to move every user to a different OU. 
# Version 1.3: 08-07-2014 
# - Added functionality for ProxyAddresses 
 
# ERROR REPORTING ALL 
Set-StrictMode -Version latest 
 
#---------------------------------------------------------- 
# LOAD ASSEMBLIES AND MODULES 
#---------------------------------------------------------- 
Try 
{ 
  Import-Module ActiveDirectory -ErrorAction Stop 
} 
Catch 
{ 
  Write-Host "[ERROR]`t ActiveDirectory Module couldn't be loaded. Script will stop!" 
  Exit 1 
} 
 
#---------------------------------------------------------- 
#STATIC VARIABLES 
#---------------------------------------------------------- 
$path     = Split-Path -parent $MyInvocation.MyCommand.Definition 
$newpath  = $path + "\import_create_ad_users.csv" 
$log      = $path + "\create_ad_users.log" 
$date     = Get-Date 
$addn     = (Get-ADDomain).DistinguishedName 
$dnsroot  = (Get-ADDomain).DNSRoot 
$i        = 1 
 
#---------------------------------------------------------- 
#START FUNCTIONS 
#---------------------------------------------------------- 
Function Start-Commands 
{ 
  Create-Users 
} 
 
Function Create-Users 
{ 
  "Processing started (on " + $date + "): " | Out-File $log -append 
  "--------------------------------------------" | Out-File $log -append 
  Import-CSV $newpath | ForEach-Object { 
    If (($_.Implement.ToLower()) -eq "yes") 
    { 
      If (($_.GivenName -eq "") -Or ($_.LastName -eq "") -Or ($_.Initials -eq "")) 
      { 
        Write-Host "[ERROR]`t Please provide valid GivenName, LastName and Initials. Processing skipped for line $($i)`r`n" 
        "[ERROR]`t Please provide valid GivenName, LastName and Initials. Processing skipped for line $($i)`r`n" | Out-File $log -append 
      } 
      Else 
      { 
        # Set the target OU 
        $location = $_.TargetOU + ",$($addn)" 
 
        # Set the Enabled and PasswordNeverExpires properties 
        If (($_.Enabled.ToLower()) -eq "true") { $enabled = $True } Else { $enabled = $False } 
        If (($_.PasswordNeverExpires.ToLower()) -eq "true") { $expires = $True } Else { $expires = $False } 
 
        # A check for the country, because those were full names and need  
        # to be land codes in order for AD to accept them. I used Netherlands  
        # as example 
        If($_.Country -eq "Netherlands") 
        { 
          $_.Country = "NL" 
        } 
        Else 
        { 
          $_.Country = "EN" 
        } 
        # Replace dots / points (.) in names, because AD will error when a  
        # name ends with a dot (and it looks cleaner as well) 
        $replace = $_.Lastname.Replace(".","") 
        If($replace.length -lt 4) 
        { 
          $lastname = $replace 
        } 
        Else 
        { 
          $lastname = $replace.substring(0,4) 
        } 
        # Create sAMAccountName according to this 'naming convention': 
        # <FirstLetterInitials><FirstFourLettersLastName> for example 
        # htehp 
        $sam = $_.Initials.substring(0,1).ToLower() + $lastname.ToLower() 
        Try   { $exists = Get-ADUser -LDAPFilter "(sAMAccountName=$sam)" } 
        Catch { } 
        If(!$exists) 
        { 
          # Set all variables according to the table names in the Excel  
          # sheet / import CSV. The names can differ in every project, but  
          # if the names change, make sure to change it below as well. 
          $setpass = ConvertTo-SecureString -AsPlainText $_.Password -force 
 
          Try 
          { 
            Write-Host "[INFO]`t Creating user : $($sam)" 
            "[INFO]`t Creating user : $($sam)" | Out-File $log -append 
            New-ADUser $sam -GivenName $_.GivenName -Initials $_.Initials ` 
            -Surname $_.LastName -DisplayName ($_.LastName + "," + $_.Initials + " " + $_.GivenName) ` 
            -Office $_.OfficeName -Description $_.Description -EmailAddress $_.Mail ` 
            -StreetAddress $_.StreetAddress -City $_.City -State $_.State ` 
            -PostalCode $_.PostalCode -Country $_.Country -UserPrincipalName ($sam + "@" + $dnsroot) ` 
            -Company $_.Company -Department $_.Department -EmployeeID $_.EmployeeID ` 
            -Title $_.Title -OfficePhone $_.Phone -AccountPassword $setpass -Manager $_.Manager ` 
            -profilePath $_.ProfilePath -scriptPath $_.ScriptPath -homeDirectory $_.HomeDirectory ` 
            -homeDrive $_.homeDrive -Enabled $enabled -PasswordNeverExpires $expires 
            Write-Host "[INFO]`t Created new user : $($sam)" 
            "[INFO]`t Created new user : $($sam)" | Out-File $log -append 
      
            $dn = (Get-ADUser $sam).DistinguishedName 
            # Set an ExtensionAttribute 
            If ($_.ExtensionAttribute1 -ne "" -And $_.ExtensionAttribute1 -ne $Null) 
            { 
              $ext = [ADSI]"LDAP://$dn" 
              $ext.Put("extensionAttribute1", $_.ExtensionAttribute1) 
              Try   { $ext.SetInfo() } 
              Catch { Write-Host "[ERROR]`t Couldn't set the Extension Attribute : $($_.Exception.Message)" } 
            } 
 
            # Set ProxyAdresses 
            Try { $dn | Set-ADUser -Add @{proxyAddresses = ($_.ProxyAddresses -split ";")} -ErrorAction Stop } 
            Catch { Write-Host "[ERROR]`t Couldn't set the ProxyAddresses Attributes : $($_.Exception.Message)" } 
        
            # Move the user to the OU ($location) you set above. If you don't 
            # want to move the user(s) and just create them in the global Users 
            # OU, comment the string below 
            If ([adsi]::Exists("LDAP://$($location)")) 
            { 
              Move-ADObject -Identity $dn -TargetPath $location 
              Write-Host "[INFO]`t User $sam moved to target OU : $($location)" 
              "[INFO]`t User $sam moved to target OU : $($location)" | Out-File $log -append 
            } 
            Else 
            { 
              Write-Host "[ERROR]`t Targeted OU couldn't be found. Newly created user wasn't moved!" 
              "[ERROR]`t Targeted OU couldn't be found. Newly created user wasn't moved!" | Out-File $log -append 
            } 
        
            # Rename the object to a good looking name (otherwise you see 
            # the 'ugly' shortened sAMAccountNames as a name in AD. This 
            # can't be set right away (as sAMAccountName) due to the 20 
            # character restriction 
            $newdn = (Get-ADUser $sam).DistinguishedName 
            Rename-ADObject -Identity $newdn -NewName ($_.GivenName + " " + $_.LastName) 
            Write-Host "[INFO]`t Renamed $($sam) to $($_.GivenName) $($_.LastName)`r`n" 
            "[INFO]`t Renamed $($sam) to $($_.GivenName) $($_.LastName)`r`n" | Out-File $log -append 
          } 
          Catch 
          { 
            Write-Host "[ERROR]`t Oops, something went wrong: $($_.Exception.Message)`r`n" 
          } 
        } 
        Else 
        { 
          Write-Host "[SKIP]`t User $($sam) ($($_.GivenName) $($_.LastName)) already exists or returned an error!`r`n" 
          "[SKIP]`t User $($sam) ($($_.GivenName) $($_.LastName)) already exists or returned an error!" | Out-File $log -append 
        } 
      } 
    } 
    Else 
    { 
      Write-Host "[SKIP]`t User ($($_.GivenName) $($_.LastName)) will be skipped for processing!`r`n" 
      "[SKIP]`t User ($($_.GivenName) $($_.LastName)) will be skipped for processing!" | Out-File $log -append 
    } 
    $i++ 
  } 
  "--------------------------------------------" + "`r`n" | Out-File $log -append 
} 
 
Write-Host "STARTED SCRIPT`r`n" 
Start-Commands 
Write-Host "STOPPED SCRIPT"

 

In the Excel file / Input CSV the following (general) structure was used (the values are example values).

import_create_ad_users.csv

 
PowerShell

# LINE1 (the table headings in the Excel) 
  
# Implement,GivenName,LastName,Initials,OfficeName, 
# Description,Mail,StreetAddress,City,PostalCode, 
# State,Country,Company,Department,EmployeeID, 
# ExtensionAttribute1,Title,Phone,Manager,ProfilePath, 
# ScriptPath,HomeDirectory,HomeDrive,Password, 
# PasswordNeverExpires,Enabled,TargetOU,ProxyAddresses 
 
# LINE2 (first entry, all other entries look the same. As you can see 
# there are also tables which aren't used, but are no problem for 
# the script to work! 
  
# Yes,Hican,TehPwn,H.,Hican Building,Hican Net, 
# info@hican.nl,Hicanstreet 1,Hicancity,1337, 
# TheStateOfHican,Netherlands,Hican.nl,*,HIC1337,, 
# CEO,+0000000000,Hican,\\profile\path,\\script\path,\\home\\dir,H:,IDDQD_1337#, 
# False,True,"OU=Users,OU=Lab","SMTP:CHECK;SMTP:CHECK2"

Open in new window

http://bit.ly/1x9TSqe
0

Featured Post

VIDEO: THE CONCERTO CLOUD FOR HEALTHCARE

Modern healthcare requires a modern cloud. View this brief video to understand how the Concerto Cloud for Healthcare can help your organization.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

This article describes how to set permissions to allow a limited-permissions user to start and stop a particular System Service.   It is always best to give users only the permissions that they need to perform their job, so tweaking particular permi…
The password reset disk is often mentioned as the best solution to deal with the lost Windows password problem. In Windows 2008, 7, Vista and XP, a password reset disk can be easily created. But besides Windows 7/Vista/XP, Windows Server 2008 and ot…
Windows 8 comes with a dramatically different user interface known as Metro. Notably missing from the new interface is a Start button and Start Menu. Many users do not like it, much preferring the interface of earlier versions — Windows 7, Windows X…
With the advent of Windows 10, Microsoft is pushing a Get Windows 10 icon into the notification area (system tray) of qualifying computers. There are many reasons for wanting to remove this icon. This two-part Experts Exchange video Micro Tutorial s…

624 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question