How to Copy users, groups and computer objects from one domain to another domain

This topic contains 2 replies, has 2 voices, and was last updated by  KAMALANATHAN DORAIRAJ 1 week, 1 day ago.

  • Author
    Posts
  • #100693

    Hi,
    I have to copy selected users and computer objects from my parent domain to a newly created child domain. I exported the users by using the below PowerShell script. But I am not sure how to export the groups, computer objects and import into child domain with correct order to make sure it looks the same as the parent. Deeply Appreciate your input on this.

    Get-ADUser -Filter {enabled -eq $true} -SearchBase "OU=***,DC=****,DC=COM" -Properties * | Get-Unique | export-csv -path C:\Users\***\Documents\export\allusers_objects_unique_useracct.csv

    Note: Nothing should be deleted in the parent domain.

    Thanks,
    Kamal.

  • #100704

    Cole
    Participant

    I had to do something similar for a test environment. I tweaked this code a bit to suite my needs to make it domain independent. This also exports the members of each group to a string to later be imported.

    #// Import AD Module
    Import-Module ActiveDirectory
    #// Get Domain Distinguished Name
    $DomainDN = (Get-ADDomain).DistinguishedName
    #// Get year and month for csv export file 
    $DateTime = Get-Date -f "yyyy-MM" 
    #// Set CSV file names
    $GroupCSVFile = "AD_Groups"+$DateTime+".csv" 
    #//Create array for CSV data
    $CSVOutput = @()
    #// Get All AD Groups in Domain
    $ADGroups = Get-ADGroup -Filter * -Properties *
    #// Set progress bar variables 
    $i=0 
    $tot = $ADGroups.count 
    foreach ($ADGroup in $ADGroups) { 
        #// Set up progress bar 
        $i++ 
        $status = "{0:N0}" -f ($i / $tot * 100) 
        Write-Progress -Activity "Exporting AD Groups" -status "Processing Group $i of $tot : $status% Completed" -PercentComplete ($i / $tot * 100) 
     
        #// Ensure Members variable is empty 
        $Members = "" 
     
        #// Get group members which are also groups and add to string 
        $MembersArr = Get-ADGroup -filter {Name -eq $ADGroup.Name} | Get-ADGroupMember |  select samaccountname 
        if ($MembersArr) { 
            foreach ($Member in $MembersArr) { 
                $Members = $Members + "," + $Member.samaccountname 
            } 
            $Members = $Members.Substring(1,($Members.Length) -1) 
        } 
        #// Set up hash table and add values 
        $HashTab = $NULL 
        $HashTab = [ordered]@{ 
            "Name" = $ADGroup.Name 
            "Category" = $ADGroup.GroupCategory 
            "Scope" = $ADGroup.GroupScope 
            "Description" = $ADGroup.Description
            "Members" = $Members 
            "OU" = ($ADGroup.DistinguishedName -replace "^CN=[^,]+,|,DC=.+$") 
        } 
        #// Add hash table to CSV data array 
        $CSVOutput += New-Object PSObject -Property $HashTab 
    } 
    #// Export to CSV files 
    Write-Host "Exporting CSV to $pwd\$GroupCSVFile"
    $CSVOutput | Sort-Object Name | Export-Csv $GroupCSVFile -NoTypeInformation 

    I then have a script that imports the CSV file (as long as the OU structure is already the same – version 2 will likely do create the OU structure if it doesn't exist in the target domain)

    #//Retrieve current domain
    $DomainDN = (Get-ADDomain).DistinguishedName
    #// Create Groups via CSV
    function Import-ADGroups{
        foreach ($Group in $Groups){
        try{
            New-ADGroup -Name $Group.Name -DisplayName $Group.Name -GroupScope $Group.Scope -GroupCategory $Group.Category -Path "$($Group.OU),$DomainDN" -Description $Group.Description
            }
        catch [Microsoft.ActiveDirectory.Management.ADException]{
            Write-Warning "$($Group.Name) already exists." 
     }}
    }
    

    Hopefully this helps you get going on your script.

    • #100707

      Oh Fantastic... Awesome... Many Thanks Cole for the quick and detail response... the script saved days of my time.... your script is very professional and advanced... I just started working in PowerShell...

      One last question: Can I use the same framework to get the Users and Compueter objects?. Which order I have to import into my target domain?.

      Thanks Again Mr.Cole.

You must be logged in to reply to this topic.