Welcome to Powergui.org - an open source community for Windows Powershell

PowerGUI.org PowerGUI.org and blogs

Forums » Active Directory and PowerShell

Thread: Copy user between forests

This question is not answered. Helpful answers available: 2. Answered answers available: 1.

Reply to this Thread Reply to this Thread Back to Thread List Back to Thread List Point your RSS reader here for a feed of the latest messages in all forums

Permlink Replies: 5 - Pages: 1 - Last Post: Dec 7, 2009 6:27 AM by: JacobSaaby
Neobyte

Posts: 3
Registered: 10/6/09
Copy user between forests
Posted: Oct 6, 2009 8:54 PM 		 
  Click to reply to this thread Reply

I want to copy a user account from my production domain to my test domain. Here is what I am trying:

$me = Get-QADUser myAccount -IncludeAlProperties -connection $prodDomain
$me | New-QADUser -parentcontainer 'OU=Test,DC=domain,DC=local' -connection $testDomain

On the new account, the only thing copied across is the name. None of the other attributes - samAccountName, FirstName, exchange attributes etc, have come across. What am I doing wrong?

Neobyte

Posts: 3
Registered: 10/6/09
Re: Copy user between forests
Posted: Oct 6, 2009 8:55 PM   in response to: Neobyte 		 
  Click to reply to this thread Reply

To clarify, the only thing that has come across is the CN (which happens to be the full name). The actual name fields have not come across.

JacobSaaby

Posts: 13
Registered: 4/16/09
Re: Copy user between forests
Posted: Nov 25, 2009 7:31 AM   in response to: Neobyte 		 
  Click to reply to this thread Reply

This is how I did it:

$User = Get-QADUser ocstest -Connection $slocalconnection | select Name, FirstName, Initials, LastName, DisplayName, SamAccountName
$User | New-QADUser -Name $User.DisplayName -ParentContainer 'OU=Users,DC=domain,DC=local' -Connection $sgroupconnection -FirstName $User.FirstName -Initials $User.Initials -LastName $User.LastName -DisplayName $User.Displayname -SamAccountName $User.Samaccountname -UserPrincipalName "$($User.Samaccountname)@domain.local" -UserPassword 'WhateverGoeshere'
-- Best regards, Jacob Saaby Nielsen http://www.comm-fu.com IM: first name dot middle name at hotmail dot com Twitter: http://www.twitter.com/jsaaby
JacobSaaby

Posts: 13
Registered: 4/16/09
Re: Copy user between forests
Posted: Nov 25, 2009 7:49 AM   in response to: Neobyte 		 
  Click to reply to this thread Reply

For those that need it, here's the full script including the connection stuff. I'm only doing this for one user, due to it being in a test phase, but use it as you please for your inspiration, and to build on:

# Get credentials and create connection object to the receiving domain

$todomaincreds = Get-Credential todomain.local\to-admin-account
$todomainconnection = Connect-QADService -Service to-domain-dc.todomain.local -Credential $todomaincreds

# Get credentials and create connection object to providing domain

$fromdomaincreds = Get-Credential fromdomain.local\from-admin-account
$fromdomainconnection = Connect-QADService -Service from-domain-dc.domain.local -Credential $fromdomaincreds

$User = Get-QADUser ocstest -Connection $fromdomainconnection | select Name, FirstName, Initials, LastName, DisplayName, SamAccountName
$User | New-QADUser -Name $User.DisplayName -ParentContainer 'OU=Users,DC=todomain,DC=local' -Connection $todomainconnection -FirstName $User.FirstName -Initials $User.Initials -LastName $User.LastName -DisplayName $User.Displayname -SamAccountName $User.Samaccountname -UserPrincipalName "$($User.Samaccountname)@todomain.local" -UserPassword 'WhateverGoesHere'

I anonymized it, of course. So if something went wrong in that process that makes the above fail, my apologies :)
-- Best regards, Jacob Saaby Nielsen http://www.comm-fu.com IM: first name dot middle name at hotmail dot com Twitter: http://www.twitter.com/jsaaby
JacobSaaby

Posts: 13
Registered: 4/16/09
Re: Copy user between forests
Posted: Dec 4, 2009 4:47 AM   in response to: Neobyte 		 
  Click to reply to this thread Reply

This is the complete script I created. It works. Can use refinements, code can probably be more efficient. But it works. Just transferred/checked 450 users using it.

# Get credentials and create connection object to todomain.local
# Edit the values of $todomain and $todomainadm, to change the domain you copy to, and the admin account you use

$todomain = "todomain.local"
$todomainadm = "admin1"

$sgroupcreds = Get-Credential "$todomain\$todomainadm"
$sgroupconnection = Connect-QADService -Service "dcindomain.$todomain" -Credential $sgroupcreds

# Get credentials and create connection object to fromdomain.local
# Edit the values of $fromdomain and $fromdomainadm, to change the domain you copy from, and the admin account you use

$fromdomain = "fromdomain.local"
$fromdomainadm = "admin2"

$syslocalcreds = Get-Credential "$fromdomain\$fromdomainadm"
$slocalconnection = Connect-QADService -Service "dcindomain.$fromdomain" -Credential $syslocalcreds

function Copy-User 
{
    param($UserArg)
   
    if (!$(Get-QADUser $UserArg -Connection $sgroupconnection))
        {
            # Read the user to the $User variable
            $User = Get-QADUser $UserArg -Connection $slocalconnection `
            | select Name, FirstName, Initials, LastName, DisplayName, SamAccountName, PhoneNumber, `
            StreetAddress, City, PostalCode, countryCode, HomePhone, MobilePhone, Notes, Title, Department
   
            $User | New-QADUser -Name $User.DisplayName -ParentContainer 'OU=Users,DC=todomain,DC=local' -Connection $sgroupconnection `
            -FirstName $User.FirstName -Initials $User.Initials -LastName $User.LastName -DisplayName $User.Displayname -PhoneNumber $User.PhoneNumber `
            -StreetAddress $User.StreetAddress -City $User.City -PostalCode $User.PostalCode -HomePhone $User.HomePhone -MobilePhone $User.MobilePhone `
            -Notes $User.Notes -Title $User.Title -Department $User.Department -SamAccountName $User.Samaccountname -UserPrincipalName "$($User.Samaccountname)@$todomain" `
            -UserPassword 'Whatever2009!'
   
            Start-Sleep -Seconds 1
   
            Set-QADUser -Connection $sgroupconnection -Identity "$($User.Samaccountname)@$todomain"  -PasswordNeverExpires $True
        }
    else
        {
            Write-Warning "$UserArg already existed !"
        }
}

$UserList = Get-QADUser -SizeLimit 0 | where {$_.parentcontainer -eq "fromdomain.local/Users"} | Select SamAccountName | foreach ($_) {Copy-User $_.SamAccountName}
-- Best regards, Jacob Saaby Nielsen http://www.comm-fu.com IM: first name dot middle name at hotmail dot com Twitter: http://www.twitter.com/jsaaby
JacobSaaby

Posts: 13
Registered: 4/16/09
Re: Copy user between forests
Posted: Dec 7, 2009 6:27 AM   in response to: JacobSaaby 		 
  Click to reply to this thread Reply

Then again, seems something is missing. Damnit. Just ran it, then compared number of accounts in each AD. Difference of 15.

And I specifically see the script warning me that one user already exists in the new AD. Except he doesn't ;)

Hmm, anyone up for helping out with this one ?
-- Best regards, Jacob Saaby Nielsen http://www.comm-fu.com IM: first name dot middle name at hotmail dot com Twitter: http://www.twitter.com/jsaaby
Pages: 1
Back to Thread List Back to Thread List
Legend
MVP: 2501 + pts
Guru: 2001 - 2500 pts
Expert: 751 - 2000 pts
Enthusiast: 31 - 750 pts
Novice: 0 - 30 pts
Moderators
Helpful answer (5 pts)
Answered (10 pts)

Point your RSS reader here for a feed of the latest messages in all forums



© 2010 Quest Software, Inc  |  Legal Agreement  |  Privacy Policy  |  Terms of Use  |  Report a Problem with This Site
Powered By Jive Software