Re: Export/import AD

Hi Cary,

I am trying that now. The system is W2K SP4+rollup and you do
understand the situation correctly.

My problem at the moment is figuring out what attributes to export in
order to get just users and groups. I've tried using the -m switch as
well as various filters on ldifde but can't get it.

Even something as simple as this, run on dc1.local.pmci.net gives an
error "A referral was returned from the server"

<text file starts here>
dn: DC=local,DC=pmci,DC=net
changetype: add
name: local

dn: OU=No screen lock,DC=local,DC=pmci,DC=net
changetype: add
name: No screen lock

dn: CN=(Ying) Chanram Sornsilp,OU=No screen
lock,DC=local,DC=pmci,DC=net
changetype: add
name: (Ying) Chanram Sornsilp

dn: OU=Staff,DC=local,DC=pmci,DC=net
changetype: add
name: Staff
<text file ends here>

Thanks a lot,

Peter

On Tue, 16 Aug 2005 14:14:53 -0400, "Cary Shultz [A.D. MVP]"
<cwshultz@xxxxxxxx> wrote:

>Peter,
>
>I will take a different approach from the one that Paul is suggesting. And
>here is why ---- just to make sure that I am reading your post correctly.
>
>It sounds to me like you want to take all of the user account objects and
>group objects from an existing domain and somehow 'import' them into another
>domain. Most likely for testing purposes. In other words, you want to
>recreate your existing production environment into a testing environment
>without having to manually create each group object and user account objects
>et al.
>
>I would very much look at ldifde for this. It will do a very nice job.
>Have used it several times in production environments.
>
>All you would do would make sure that you specify the attributes that you
>want included in the .ldf file ( by using the -l switch ....and that is a
>lower case letter 'L' and not the number "1" ). Then, in your test domain
>simply recreate the OU structure ( assuming that you have created such a
>structure ) and then import that .ldf file. That would be your user account
>objects. I would then do the same for the groups objects.
>
>Now, the one caveat that you might need to consider ( well, there are
>several ) is if you are using different domain names. Say that your
>production environment is abc.com and your test environment is abc.local.
>Clearly there will be a problem when you try to import that .ldf file. So,
>to create this simply use the 'replace' function in Notepad and replace
>dc=abc, dc=com with dc=abc,dc=local. Then there should be no problems.
>
>Please notice that ldifde does not allow you to create a password.....well,
>not without a lot of trouble. So, you will be creating a bunch of user
>account objects in the test domain that do not have a password. Since you
>did not mention if this is in a WIN2000 or a WIN2003 environment you might
>have a problem with the creation of the user account objects. Simply
>disable the requirement for complex passwords - if that is indeed the
>problem - and you should be fine.
>
>HTH,
>
>--
>Cary W. Shultz
>Roanoke, VA 24012
>Microsoft Active Directory MVP
>
>http://www.activedirectory-win2000.com
>http://www.grouppolicy-win2000.com
>
>
>
>"Peter Kaufman" <pmkdatabase_at_yahoo_dot_ca> wrote in message
>news:5lj3g1tupl4ucibud1fr33ht7hqhnartq3@xxxxxxxxxx
>> For various reasons, I want to recreate, not rebuild, a domain Put
>> another way, replace the domain with another one of the same name,
>> which will contain the same users, groups, and eventually mailboxes
>> and mail.
>>
>> Right now my concern is not with the workstations but AD and Exchange.
>> Will tools like csvde or ldifde allow me to import *just* users and
>> groups into the new domain - are they designed for different forests
>> like that?
>>
>> Playing around with this on virtual machines I am not getting very
>> far, but would like to know if I am working in the right direction.
>>
>> Thanks,
>>
>> Peter
>>
>

.

Relevant Pages

  • Re: Export/import AD
    ... for the user account objects try something like this: ... For the group objects try something like this: ... this is what you would run on your production environment. ... > changetype: add ...
    (microsoft.public.win2000.active_directory)
  • Re: Export/import AD
    ... group objects from an existing domain and somehow 'import' them into another ... without having to manually create each group object and user account objects ... I would very much look at ldifde for this. ... production environment is abc.com and your test environment is abc.local. ...
    (microsoft.public.win2000.active_directory)
  • Re: Export/import AD
    ... I really appreciate you and all the MVPs ... Since ldifde defaults to exporting you ... 368 is for user account objects ... this is what you would run on your production environment. ...
    (microsoft.public.win2000.active_directory)
  • Re: Export/import AD
    ... one stupid mistake and one typo! ... do not really need to specify anything for what are doing. ... 368 is for user account objects ... this is what you would run on your production environment. ...
    (microsoft.public.win2000.active_directory)
  • Re: multiple user modifications
    ... I typically use ADModify or ldifde for this sort of thing. ... the value would have to be the same for all of the user account objects. ... second line make it "changeType: modify" and then on the third line make it ...
    (microsoft.public.win2000.active_directory)
Loading