Q and A

AD Audit Script Q and A

I got the following comment on Part 3 of the script.
RobDolfijn

Hi Colin,

This is just what I need so I’m looking forward to the whole script!
I’m getting stuc on Get_Users because it is not recognized as a cmdlet, please help me?

So I am not sure how you have it set up but I think I have an idea of what is going on. One of two things.

1. You have the function below the main part of the script that calls the function. The function has to be before the main part of the script so that Powershell knows about the function.

2. The other thing is that you do not have the function defined in the {} brackets.

My assumption here is that the first thing is the issue. The Powershell ‘Engine’ looks for the function definitions before the function is called. It seems strange but that is how it works in many languages. So just make sure that you put all the functions above the function call and you should be good. Hope that this helps. Please let me know if you have any issues.

AD Migration Script Q and A

I received a question from Sandeep as follows:

Hi Colin,

I saw your answer to one of the AD user creation question on IT Knowledge Exchange. You had mentioned that a script can be written using Powershell to migrate a lot of users. I’m completely new to AD and I have a few queries, could you please help?

Queries:

1. I would like to migrate all the users from one Active Directory, Say “X” on MS NT to Active Directory, say “Y” on MS 2000/ MS 2003, is this possible to do without using any tool?

2. Please provide me some details on the scripts that need to be written to accomplish this.

3. What are the steps I need to follow to successfully migrate all the users?

4. If I have to use the ADMT 3 tool, is it reliable? Any other information that I’d need related to this?…

Thanks in advance for your help.

Regards,

Sandeep

This is my reply:

Sandeep,

First I will give you straight answers and then some detail to follow.

1. I would like to migrate all the users from one Active Directory, Say “X” on MS NT to Active Directory, say “Y” on MS 2000/ MS 2003, is this possible to do without using any tool? Migrate might be tough. Copy all users from X to Y for sure. In this though all users will lose password and SID and possibly other attributes.

2. Please provide me some details on the scripts that need to be written to accomplish this.
The script would use the Quest AD cmd-lets to get all the users and all the attributes that you would like to copy over. We would then use that data and create the new users with all the attributes in the new domain.

3. What are the steps I need to follow to successfully migrate all the users?
If you just want to migrate users and not groups or any other objects then you can script this as I said above. If you want passwords and all attributes to migrate the the ADMT is a good tool.

4. If I have to use the ADMT 3 tool, is it reliable? Any other information that I’d need related to this?…
ADMT is a good tool, however, I have not used it very much. Like I said above, if you need all the data then this is a better way to go.

You could write a powershell script or even a batch script if all you want to do is get user information from the old domain and create new users in the new domain. If you want to keep all the users passwords and other object information then the ADMT tool is probably going to be a better option, unless you want to write a lot of code and really dig into AD Objects. If you do not care about any of that and you want to start from scratch then you can certainly write a script to get all the AD User accounts and all attributes that you want to carry over to the new AD  (Y). If you decide that you would like to use scripts for this task then I am more then willing to help you with some basic scripts for this. Have you used Powershell much? Are you familiar with the syntax? If so then you should go download the Quest AD cmd-lets as they will be useful to us in this task. Please let me know how you would like to proceed on this.

In summary I would say that Powershell is an Awesome tool, but in this case, depending on what Sandeep needs, I am not sure that it is the best tool for the task. Powershell is great and comes in handy when your boss says I need to add 30 accounts to AD or I need to modify these 30 accounts or something of that nature. For a Domain Migration I think that Microsoft Utilities may be best.

If you have any other questions please visit http://sysadminsmith.com and click the submit a question link on the right.