import export of AD objects in different domain.

[CoolAndy]

hi all,

I have one quary regarding AD.

My company have one office at seattel & another at bombay.This
two offices are not connected with dedicated link & both have different
domains.
seattel administrator sends us the .LDF file (using LDIFDE
)which contains users & groups of there domain.
My work is that add this file in our domain such as there users
& groups entry should be as contact in our domain.

Pls.help me in this regards,


Thanks & regards,

Anand kale
System & Exchange administrator
(e-mail address removed)

 

[Tomasz Onyszko]

hi all,

I have one quary regarding AD.

My company have one office at seattel & another at bombay.This
two offices are not connected with dedicated link & both have different
domains.
seattel administrator sends us the .LDF file (using LDIFDE
)which contains users & groups of there domain.
My work is that add this file in our domain such as there users
& groups entry should be as contact in our domain.

Pls.help me in this regards,

Ask this admin to send You export of the users and groups in csvde
format and then You have to make a script which will add to Your domain
contatcs based on this file- Of course You can read it from LDIF files
too but it requires more work on the scripting.
Examples how to write such scrpt You will find on Technet site.

 

[Guest]

I notice you said that you don't have a "dedicated link" between the sites.
If you have some kind of connection, it may be worth looking at the Identity
Integration Feature pack
(http://www.microsoft.com/downloads/...10-c04d-41c4-b7ea-6f56819769d5&DisplayLang=en)
It'll take a little effort to set up, but once done it will be worth it.

 

[Cary Shultz [A.D. MVP]]

CoolAndy,

The .ldf file that you get from Seattle will have
"dc=seattle,dc=theirdomain,dc=com" which will not work in your domain. You
would have to change that to "dc=bombay,dc=yourdomain,dc=com".

What do I mean?

All of the user account objects will have something called a DN ( or
distinguished name ) that will look like the following:

DN: CN=Cary Shultz,OU=IT,DC=seattle,DC=theirdomain,DC=com.

It would work just find were you in that domain. Your are not. So, you
would have to change this to the following:

DN: CN=Cary Shultz,OU=IT,DC=bombay,DC=yourdomain,DC=com.

You can easily do this using Notepad. Just make sure that it is all
accurate.

Now you can use it. However, you would have to make sure that the .ldf file
is in the correct format. When importing a file you need to use the -i
switch. You also need to make sure that the changeType: value is 'add' and
not 'modify'. You also need to make sure that you have a - at the end of
each record. Yes, that is a dash.

I have done this many times and it can be a bit difficult. If there is an
error then you are going to have a good time finding it. I would suggest
that you play with this in a lab/test environment first. Once everything
works there then use that .ldf file in your production environment.

--
Cary W. Shultz
Roanoke, VA 24012

WIN2000 Active Directory MVP
http://www.activedirectory-win2000.com
(soon to be updated!!!)
http://www.grouppolicy-win2000.com
(soon to be updated!!!)