Export AD users & computer accounts

[Mark Muto]

Hello All,

I am setting up a new Windows 2000 server as a DC with AD
and a new domain for a customer offsite. I was wondering
if there was any way to get the users and the computer
accounts from the old Windows 2000 AD server to a file
that can be imported to the new DC without having to
connect to the same network.

A long time ago, I was able to copy some registry keys on
a Windows NT 4.0 server to a new one to achieve this.

I don't need to copy anything but the computer accounts
and the users & groups.

Any insight would be appreciated.

Thanks

 

[Cary Shultz [A.D. MVP]]

Mark,

There is something called ldifde that you can use. Please take a look at
the following two sample entries that you can massage to fit your needs:

1) ldifde -f groups1.ldf -s servername.domain.com -t 389 -d
"DC=mydomain,DC=com" -p subtree -r "(objectClass=group)" -l
"DN,member,info,description,groupType,instanceType,objectClass,name,sAMAccou
ntName"

2) ldifde -f users.ldf -s servername.domain.com -t 389 -d
"DC=mydomain,DC=com" -p subtree -r
"(&(objectCategory=person)(objectClass=user))" -l
"DN,objectClass,userAccountControl,sAMAccountName,displayName,givenName,sn,s
treetAddress,l,st,postalCode,c,co,countyCode,
department,company,physicalDeliveryOfficeName,telephoneNumber"

You might want to include the -m switch as well. This will remove any user
accounts that you would already have in the new domain ( such as
Administrator ).

This will give you two .ldf files that you can save to a floppy. You might
have to change the domain name ( the -d "DC=mydomain,DC=com part as well as
the DN entries for all accounts ) to match your new domain. This is really
easy to do, though. Make use of Notepad's find and replace functionality.
Simply transfer it to the DC in the new domain and copy the .ldf files to
the C:\ and then enter ldifde -i -f groups.ldf and ldifde -i -f users.ldf.
If you have Organizational Units in the current domain and these OUs contain
user account objects or group account objects then you will need to make
sure that you either 1) create the same structure in your new domain, or 2)
change the .ldf files to reflect a location that exits in the new domain (
probably the default USERS container ).

HTH,

Cary

 

[Jerold Schulman]

Hello All,

I am setting up a new Windows 2000 server as a DC with AD
and a new domain for a customer offsite. I was wondering
if there was any way to get the users and the computer
accounts from the old Windows 2000 AD server to a file
that can be imported to the new DC without having to
connect to the same network.

A long time ago, I was able to copy some registry keys on
a Windows NT 4.0 server to a new one to achieve this.

I don't need to copy anything but the computer accounts
and the users & groups.

Any insight would be appreciated.

Thanks

Addusers from the reskit or supplement One, tip 3277 in the 'Tips & Tricks' at
http://www.jsiinc.com, will dump from one and add to the other, using a
delimited file.


Jerold Schulman
Windows: General MVP
JSI, Inc.
http://www.jsiinc.com

 

[Pat Coghlan]

This sounds exactly like what I need to move users from one DC to a new
one I just set up (different domain).

How does one get a copy of that CD?

-Pat