Peter,
Please do a search in this newsgroup on how to do this. I have posted many
replies to similar questions. Here is a copy of a post some eight days ago:
==========================================================================
Good evening, Tony!
Simon, hope that you do not mind but I will jump in for a moment.
Tony, this is relatively easy to do. Now, I say this having done it many
times. The first few times ( in a test lab ) never went so well! But, that
is why you learn in a test lab so that when you do it for real you get it
done.
In the 'old' domain you are going to want to use ldifde to create a
'users.ldf' file. To do this you need to know the syntax for ldifde command
and a few of the switches. This is easy enough to figure out as you can
simply enter 'ldifde /?' and you will get a ton of examples ( going on
memory here....the links that Simon gave you look to be good, especially the
last one! ).
So, what we are going to do is to use ldifde to grab those 1800 user account
objects and export them to a text file, one that we can then slightly modify
( well, we will see if that is necessary in a moment ) and then import into
the 'new' domain.
So, here is an example of the ldifde command that you could run in the 'old'
domain:
ldifde -m -f users.ldf -s dc01.olddomain.com -t 389 -d
"dc=olddomain,dc=com" -r "(&(objectCategory=person)(objectClass=user))" -l
"DN,userAccountControl,sAMAccount,displayName,cn,givenName,sn,streetAddress,
l,st,postalCode,c,co,countryCode,telephoneNumber,company,department,physical
DeliveryOfficeName"
This would give you a text file named users.ldf ( the -f switch ) located at
c:\users.ldf on the server DC01 ( the -s switch ) in the 'olddomain' at the
domain level ( the -d switch tells you where to start this ). You are
filtering this to include only user account objects ( the -r switch ) and
you are specifying which attributes you want to be included ( the -l
switch ).
You could specify whatever attributes you want! You would just include them
in the -l switch.....
Now, let's assume that the new domain is called 'newdomain.local'. The .ldf
file that you have is not going to work because you have dc=olddomain,dc=com
all over the place. Well, this is easy to fix. In Notepad ( you must use
Notepad, not WordPad or MS Word...it must be Notepad! ) simply use the Edit
| Replace and then click on the Replace All... button. Simply replace
dc=olddomain,dc=com with dc=newdomain,dc=local and you will have a nice file
for the import.
So, put that on a floppy or a network location or CD or whatever and get to
the new domain. Copy that file to C:\ and -IMPORTANT- make sure to create
that OU so that it has the same 'path' as in the old domain. Remember that
each user account object is going to have a DN: cn=Cary
Shultz,ou=seniors,ou=class,dc=olddomain,dc=com. This indicates that you
have created an OU underneath the domain called Class and have created a
sub-OU called Seniors ( as well as Juniors and Sophomores and Freshman....we
are just worried about the Seniors for the moment - well, in this example ).
Now you can simply do the following:
ldifde -i -f users.ldf
In about five seconds you have all 1800 users. And all of them will now
have DN: cn=Cary Shultz,ou=seniors,ou=class,dc=newdomain,dc=local.
Now, the fun part comes in where you need to set each of their passwords.
1800 is a lot!
If this is a problem then you might want to take a look at addusers.exe
which will allow you to specify a password and then go behind that with
ADModify and fill in the blanks. However, this method involves a lot of
manual work ( in creating the 1800 user account objects from scratch ).
HTH,
Cary
=========================================================================
Does this help you?
Cary
