The Multifunctioning DBA

Feb 19 2009   4:53PM GMT

AD Migration Script Q and A



Posted by: Colin Smith
Tags:
Active Directory
Microsoft Windows
Powershell
Q and A
Windows Administration

I received a question from Sandeep as follows:

Hi Colin,

I saw your answer to one of the AD user creation question on IT Knowledge Exchange. You had mentioned that a script can be written using Powershell to migrate a lot of users. I’m completely new to AD and I have a few queries, could you please help?

Queries:

1. I would like to migrate all the users from one Active Directory, Say “X” on MS NT to Active Directory, say “Y” on MS 2000/ MS 2003, is this possible to do without using any tool?

2. Please provide me some details on the scripts that need to be written to accomplish this.

3. What are the steps I need to follow to successfully migrate all the users?

4. If I have to use the ADMT 3 tool, is it reliable? Any other information that I’d need related to this?…

Thanks in advance for your help.

Regards,

Sandeep

This is my reply:

Sandeep,

First I will give you straight answers and then some detail to follow.

1. I would like to migrate all the users from one Active Directory, Say “X” on MS NT to Active Directory, say “Y” on MS 2000/ MS 2003, is this possible to do without using any tool? Migrate might be tough. Copy all users from X to Y for sure. In this though all users will lose password and SID and possibly other attributes.

2. Please provide me some details on the scripts that need to be written to accomplish this.
The script would use the Quest AD cmd-lets to get all the users and all the attributes that you would like to copy over. We would then use that data and create the new users with all the attributes in the new domain.

3. What are the steps I need to follow to successfully migrate all the users?
If you just want to migrate users and not groups or any other objects then you can script this as I said above. If you want passwords and all attributes to migrate the the ADMT is a good tool.

4. If I have to use the ADMT 3 tool, is it reliable? Any other information that I’d need related to this?…
ADMT is a good tool, however, I have not used it very much. Like I said above, if you need all the data then this is a better way to go.

You could write a powershell script or even a batch script if all you want to do is get user information from the old domain and create new users in the new domain. If you want to keep all the users passwords and other object information then the ADMT tool is probably going to be a better option, unless you want to write a lot of code and really dig into AD Objects. If you do not care about any of that and you want to start from scratch then you can certainly write a script to get all the AD User accounts and all attributes that you want to carry over to the new AD  (Y). If you decide that you would like to use scripts for this task then I am more then willing to help you with some basic scripts for this. Have you used Powershell much? Are you familiar with the syntax? If so then you should go download the Quest AD cmd-lets as they will be useful to us in this task. Please let me know how you would like to proceed on this.

In summary I would say that Powershell is an Awesome tool, but in this case, depending on what Sandeep needs, I am not sure that it is the best tool for the task. Powershell is great and comes in handy when your boss says I need to add 30 accounts to AD or I need to modify these 30 accounts or something of that nature. For a Domain Migration I think that Microsoft Utilities may be best.

If you have any other questions please visit http://sysadminsmith.com and click the submit a question link on the right.


 Comment on this Post

 
There was an error processing your information. Please try again later.
Thanks. We'll let you know when a new response is added.
Send me notifications when other members comment.

REGISTER or login:

Forgot Password?
By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy

Forgot Password

No problem! Submit your e-mail address below. We'll send you an e-mail containing your password.

Your password has been sent to: