There must be a better way to recreate an AD domain.
Enter: LDIFDE!!! – http://technet.microsoft.com/en-us/library/bb727091.aspx
– http://support.microsoft.com/kb/555634
6. LDIFDE doesn’t support exporting Passwords.
7. By default “User must change password at next logon” attribute is selected,
You can use this tool to manage AD objects.
Immediately, I’m concerned only with exporting user objects.
You need to know who holds the FSMO roles in the domain you want to export from.
NETDOM query FSMO
Thanks to Daan Kragt – http://massivelydigital.com/powershell-quickly-backup-and-restore-users-with-ldifde/
We can automate this with Powershell:
#expUsers.ps1 – Usage: .\expUsers.ps1 -mode export
param(
[string]$mode = “default”
)
# Clear screen and load Active Directory module
Clear-Host
Import-Module ActiveDirectory
# Configure these variables first, it won’t work without them!
$dcHostname = “HWCDIDC.HWCDI.org”
$ouDistinguishedName = “ou=HWCDI,dc=HWCDI,dc=org”
$exportFile = “usersFile.ldf”
#$importFile = “usersFile.ldf”
# What to do when the script parameter is “script.ps1 -mode export”
if($mode -eq “export”){
write-Host ” ”
Write-Host “Exporting users to ” $exportFile “…”
ldifde -f $ExportFile -s $dcHostname -d $ouDistinguishedName -p subtree -r “(&(objectCategory=person)(objectClass=User)(givenname=*))” -l “cn,givenName,objectclass,samAccountName”
Write-Host ” ”
}
You can use the above information to derive way more complicated solutions.
To do a full export of all objects: ldifde -f fullexport.ldf
If you’re authenticated in the domain, this will run without issue and create a usersFile.ldf file.
Next steps will be to modify (if needed) and import objects into new AD domain.
Stay tuned.
