Author Posts

January 1, 2012 at 12:00 am

by yooakim at 2012-09-02 02:29:08

We have a domain with a three OUs,

* domain.local/PROD
* domain.local/STAGE
* domain.local/TEST

In the PROD OU we have a number of Groups with users (including nested groups) We want to copy the entire group and member structure to the OUs STAGE and TEST. In the copy process we will prefix the new groupname with the OU it is part of. So if a Group is called "domain.local/PROD/Users" it will be "domain.local/STAGE/stageUsers" when copied. (I know there are better ways to structure this but this is a customers application...)

I have been searching all over for a simple example of how to get this done. Some use ADSI, some use ActiveDirectory cmdlets, others use Quests AD cmdlets. But most of the examples are for coyping between domains. So now I am wondering if there are anyone here that could show me a good way to do this? The environment is Windows Server 2008 R2 with PowerShell 2.0 and Quest AD cmdlets.

Cheers,
Joakim

by DonJ at 2012-09-02 07:39:23

The task isn't really different than copying between domains. This is a good starting point; what it won't do is enumerate nested groups.

Having to do nested groups is going to make this tricky for you – or at least require careful programming. Essentially, you've got to enumerate all of the groups that are members of the group, and then create each of those in the new location, starting from the most deeply-nested ones and working your way back outward. I don't have a handy example of doing this – but you said you had one that worked across domains; it'd be pretty much the same within a domain, and that code would be a good starting point, since you've got it.

by yooakim at 2012-09-03 06:48:42

Thanks, I'm working my through this! I appreciate good feedback here 🙂