How to migrate OU structure from one domain to another

 

Sometimes you may face an “issue” when you are migrating domain, using ADMT or another tool which does not support OU migration, to the new domain within the same forest or to completely new one.

Do you need then to rebuild everything manually or resign from existing OU scheme? No, you can very simply extract OU structure from one domain and import it to another. To achieve that you need to only use LDIFDE command which is available on any Domain Controller.

In this example, I will show you how to export OUs from one domain to flat text file, modify appropriate part of that file and import it to the new domain.

As you can see below on a screen, in my test environment some Organizational Units already exist. I would like to keep them in my new forest but I do not want to recreate whole structure manually. LDIFDE will help me to get everything to text file in really short time.

OUs structure in the old domain

There are many Organizational Units which I want to create in the new domain in another forest. To export all necessary information about OU objects, I need to run below syntax

ldifde -f c:OUs.ldf -r “(objectClass=organizationalUnit)” -l objectClass,description

Exporting OU structure

on C-Drive in OUs.ldf file I will have all exported structure almost ready to import in another domain. There were 39 OUs exported which I can simply view in notepad

LDIFDE exported data

Now, I need to make some simple changes in LDF file to be able to import it in another domain. The most important part to change is distinguished name of the old domain. The old domain name is testenv.local and the new one is testcorp.local

So, I need to replace all dc=testenv,dc=local entries with the new domain’s DN dc=testcorp,dc=local

Old DN of domain

To do that, LDF file needs to be opened in notepad. When file is opened, CTRL+H key combination for text pattern replacement can be used

Old DN replacing by the new one

and LDF file is preapred with distinguished name of the new domain

New domain DN in LDF file

The last step before LDF file can be imported in the new domain, is “Domain Controllers” OU deletion from input file. As this OU exists by default in each domain, there is no need to create it. Just search Domain Controllers OU in LDF file and delete its entries as they are not required

Deleting Domain Controllers OU from LDF file

Now, file is ready to be copied to the new domain for import. On a Domain Controller from the new domain in command-line this syntax should be executed to import OU structure

ldifde -i -f c:OUs.ldf

OU structer import in the new domain

You can see that 39 entries were exported and 38 were imported (minus one as Domain Controllers OU was deleted from input file). So, whole operation has been finished successfully. I have all OUs in the new domain now.

OU structure in the new domain after OUs import

and that’s all! OU structure is the same in the new domain!

Author: Krzysztof Pytko

Facebooktwittergoogle_plusredditpinterestlinkedinmail

15 responses to “How to migrate OU structure from one domain to another”

  1. zahid saeed says :

    Great! it worked 100% for me. Million thanks for posting these nice easy steps

     
  2. Ron Cho says :

    I have to migrate everything in the current DC in diefferent forest different domain to a brand new forest and brand new domain. The biggest concern is preserving the current user accounts and the passwords. What do you recommend to accomplish that task?

     
  3. dave says :

    Awesome man, thanks

     
  4. Brajesh Panda says :

    Reblogged this on TechOnTip Weblog and commented:
    How to migrate OU structure from one domain to another

     
  5. Horace says :

    Great! Can this process also migrate the permissions on the OUs?

     
  6. Bartlomiej says :

    Instead of using notepad and changing Domain Name for all entries You can try this:

    ldif -i -f C:\OUs.ldf -c “DC=dc=testenv,dc=local” “dc=testcorp,dc=local”

     
  7. Mike Roca says :

    Thanks it was very helpful.

     
  8. Roberto Gacitua says :

    When I try to import the ldf file into a new domain, i get this error

    Loading entries
    1: OU=RAIZ,DC=imperial,DC=ch
    Entry modified successfully.

    2: OU=GERENCIAS,OU=ADMINISTRACION,OU=ORGIMPERIAL,OU=RAIZ,DC=imperial,DC=ch

    Add error on entry starting on line 7: No Such Object
    The server side error is: 0x208d Directory object not found.
    The extended server error is:
    0000208D: NameErr: DSID-03100238, problem 2001 (NO_OBJECT), data 0, best match o
    f:
    ‘OU=RAIZ,DC=imperial,DC=ch’

    Any comments?

     
    • Roberto Gacitua says :

      I review the ldf file and I have to reorganize the structure of file, because the parent OU’s are in lastest lines of file.

      Thanks!

       
      • iSiek says :

        Yes, this is important for LDF file structure, to have all objects in appropriate order.
        You are also able to use -z switch with ldifde command which continues in case of error appearing. Then you can execute it several times, as long as you can see that LDF imported 0 new objects. Just a workaround 😉

        Krzysztof

         
    • iSiek says :

      I’m sorry for late reply.
      A workaround solution in your newer post 🙂

      Krzysztof

       

Leave a Reply

Your email address will not be published. Required fields are marked *