ACtive Directory OUs users export

Dear experts,

Thanks in advance.

Please fine the below scenario. Testking.local is domain. and an OU called Test and there are two sub OUs called test1 and test2. There are 100 users in the test1 ou. Now plan is create a separate domain called abc.testking.local and export all the 100 users from test1 ou and import it to the abc.testking.local domain. How would I proceed for this.
LVL 1
JJ KRWindows System administratorAsked:
Who is Participating?

[Product update] Infrastructure Analysis Tool is now available with Business Accounts.Learn More

x
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

FOXActive Directory/Exchange EngineerCommented:
You can use the active directory migration tool and move the users to your desired OU in the other domain.. Make sure there is a trust established between both domains and that your domain admin account has rights to both domains and you are good to go.
JJ KRWindows System administratorAuthor Commented:
Dear Foxluv,

Organization does not want to move the users. keep the users in the old domain just copy the whole users in to the new domain.
FOXActive Directory/Exchange EngineerCommented:
So what you are saying is that you just want to create the same users in another domain?
Big Business Goals? Which KPIs Will Help You

The most successful MSPs rely on metrics – known as key performance indicators (KPIs) – for making informed decisions that help their businesses thrive, rather than just survive. This eBook provides an overview of the most important KPIs used by top MSPs.

JJ KRWindows System administratorAuthor Commented:
yes sir. you are right
JJ KRWindows System administratorAuthor Commented:
HI,

In the migration process is there any deletion in users, because we dont want to delete any thing. we need same users should be in the new domain.
FOXActive Directory/Exchange EngineerCommented:
Ok the first thing you want to do is get your userlist from that OU.
Open powershell with "run as administrator"  
Type in import-module activedirectory
Get-Aduser -filter * -properties * -Searchbase "Ou=test1,ou=test,dc=testking,dc=local" | select samaccountname, displayname, distinguishedname |sort-object samaccountname | out-file c:\temp\userlist.csv

set your searchbase to match your scenario
Do that first then open up the list  in notepad and verify
Peter HutchisonSenior Network Systems SpecialistCommented:
You can use the CSVDE and LDIFDE command line tools to export users to a file.
You can export usernames, personal details, groups but not passwords.
JJ KRWindows System administratorAuthor Commented:
Dear Peter ,

I have already exported using CSDVE. Now what is the next step. how can I copy those users into new domain
FOXActive Directory/Exchange EngineerCommented:
If you want to get them pushed in quick , download quest free Quest ActiveRoles,
Add the OU to the spreadsheet you want the users dropped in and any other options such as dept, phone, number etc.

Reference below.

http://pc-addicts.com/powershell-create-multiple-users-ver-2/
Peter HutchisonSenior Network Systems SpecialistCommented:
You can import users using the file with CSVDE with the -I (import mode), you will need to modify the dn (distinguished name) column so that it matches the new domain and ous first.

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
FOXActive Directory/Exchange EngineerCommented:
Will SzymkowskiSenior Solution ArchitectCommented:
You can use the script below which is the one that i use to create new users from a CSV file. You just need to make sure that in your CSV you are using the same headings. You do not need to use all of the properties.

Import-Module activedirectory

$Userlist = Import-Csv "c:\filename.csv"

ForEach ($Person in $Userlist) {
$Person.Name
$Person.sn
$Person.Country
$Person.st
$Person.title
$Person.City
$Person.postalCode
$Person.telephoneNumber
$Person.Fax
$Person.givenName
$Person.displayName
$Person.department
$Person.company
$Person.SamAccountName
$Person.userPrincipalName
$Person.description
$Person.StreetAddress
$Person.Path
$Person.Password

New-ADUser -Name $Person.Name -Surname $Person.sn -Country $Person.Country -State $Person.st -Title $Person.title -City $Person.City -PostalCode $Person.postalCode -OfficePhone $Person.telephoneNumber -Fax $Person.Fax -GivenName $Person.givenName -DisplayName $Person.displayName -Department $Person.department -Company $Person.Company -SamAccountName $Person.SamAccountName -UserPrincipalName $Person.userPrincipalName -Description $Person.description -StreetAddress $Person.StreetAddress -Path $Person.Path -Enabled $true -AccountPassword (ConvertTo-SecureString $Person.Password -AsPlainText -force)
}

Open in new window


Will.
JJ KRWindows System administratorAuthor Commented:
Hello Experts,

As suggested by Peter Hutchison I am trying to import users using CSVDE method and I am getting this error.

Importing directory from the file c:\import.csv. Loading entries... Add error on line 2: Already exist.

The server side error is "An attempt was made to add an object to the directory
with a name that is already in use."
0 entries modified successfully.
An error has occurred in the program
No log files were written.  In order to generate a log file, please
specify the log file path via the -j option.
Peter HutchisonSenior Network Systems SpecialistCommented:
Did you modify the csv file for the new domain? Also, did you login to the new domain first with rights to create users?

What is the format of the CSV file? Do you have an example user that fails.
JJ KRWindows System administratorAuthor Commented:
Dear Peter Hutchison,

Thanks a lot for your valuable time. Yes I have modified the CSV file and successfully imported AD.
Now the problem is when user is going to login to the new domain its giving the attached error.20151113_225938-1-.jpg20151113_225938-1-.jpg
JJ KRWindows System administratorAuthor Commented:
Dear Experts,

Please suggest . I am waiting for your answer.
Peter HutchisonSenior Network Systems SpecialistCommented:
This error can sometimes occur for Guest accounts and can be unblocked via GPEDit.msc and check for accounts in Computer Configuration > Windows Settings > Local Policies > User Rights Assignment > Look at all 'deny log on' policies to see if your account is listed.

Make sure that new accounts are members of the Domain Users group, which is the default group for new users.

Make sure that a valid password is set for the new user and the account flags are set appropiately, the account should also matches the domain's password policies (use GPMC.msc and view the Default Domain Policy).
JJ KRWindows System administratorAuthor Commented:
Thanks Peter Hutchison I will try and let you know.
Thanks again for your quick response.
JJ KRWindows System administratorAuthor Commented:
Dear Peter Hutchison,

I checked  GPEDit.msc  for accounts in Computer Configuration > Windows Settings > Local Policies > User Rights Assignment >  'deny log on' policies but the account is not listed . I have also reset password no results.
JJ KRWindows System administratorAuthor Commented:
Dear experts I am getting this error while importing AD users using CSVDE

C:\>csvde -i -f c:\test\imported.csv
Connecting to "(null)"
Logging in as current user using SSPI
Importing directory from file "c:\test\imported.csv"
Loading entries.
Add error on line 2: Referral
The server side error is "A referral was returned from the server."
0 entries modified successfully.
An error has occurred in the program
No log files were written.  In order to generate a log file, please
specify the log file path via the -j option.
Peter HutchisonSenior Network Systems SpecialistCommented:
a) First row of file, should be a list of column names.
b) in DN and distinguishedName column, check the spelling of the user dn's (use quotes for names with spaces or other special characters):
It should be format: cn=username,ou=orgunit-name[,ou=orgunit-name2]dc=mycompany,dc=com
c) objectClass is 'user' for user accounts.
d) Do not include some attributes which are auto generated by the system eg. numbers such as guids, SNs, versions, etc.
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Windows Server 2012

From novice to tech pro — start learning today.