Copy AD Users & Security groups to new domain
Hi Experts!
I have an old AD domain, abc.com, and a new domain, xyz.com.
I need to copy all users and groups (along with group memberships) to the new domain...
I have successfully utilized LDIFDE to clone the OU Structure to the new domain, now I need to do the following:
1. Export all users from abc.com domain, with all attributes if possible
2. Export all groups from abc.com domain
3. Export Group membership list from abc.com
4. Import list of all users to new domain, xyz.com
5. Import list of new groups to new domain, xyz.com
6. Add users to required security groups in new domain, xyz.com
As I said, I have the OU structure in place and ready to be populated, I'm just having a very difficult time with the outstanding items!
Any advise / assistance with some powershell scripting would be awesome!
Many thanks,
Simon
I have an old AD domain, abc.com, and a new domain, xyz.com.
I need to copy all users and groups (along with group memberships) to the new domain...
I have successfully utilized LDIFDE to clone the OU Structure to the new domain, now I need to do the following:
1. Export all users from abc.com domain, with all attributes if possible
2. Export all groups from abc.com domain
3. Export Group membership list from abc.com
4. Import list of all users to new domain, xyz.com
5. Import list of new groups to new domain, xyz.com
6. Add users to required security groups in new domain, xyz.com
As I said, I have the OU structure in place and ready to be populated, I'm just having a very difficult time with the outstanding items!
Any advise / assistance with some powershell scripting would be awesome!
Many thanks,
Simon
Alan Cox
admt is your friend. in done many such migrations
ADMT would be preferable assuming you want to keep the SID history etc etc. However are you doing a migration or are you creating a test domain or something?
Thanks
Alex
Thanks
Alex
ASKER
Hi Alex, yes, we're doing a migration from an on-prem domain to a new domain in Azure.
THanks!
THanks!
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
great idea - I simply didn't think of that!
I'll work on that now and get back to you.. thanks!
Simon
I'll work on that now and get back to you.. thanks!
Simon
for sure, if your goal is to use Azure AD (THIS IS NOT THE SAME AS WINDOWS ACTIVE DIRECTORY), then use AAD Connect. Just know that this is not a replacement for windows active directory. But certainly if you want your accounts in Azure AD from windows active directory, that's your ticket.
this is not a replacement for windows active directory
Actually it's more than capable of being a replacement for your on-premise AD. As long as he doesn't mind the misssing functionality it's not an issue.