One way I had done it in the past was using the LDIFDE to export users, ou's, etc. and then editing the output files to work with the new domain, (i.e., replace "domain1" with "domain2") and also manually removing default entries (such as Administrator accounts, etc.)
Also - take care when exporting in the first place...not all fields are going to import nicely. For my purposes I just needed essentially a "boatload" of users migrated to the test domain and all groups, and OU's. So I only exported the following attributes on users: (Command used = ldifde -f exportUsers.ldf -d "dc=MyDomain,dc=COM " -r "(objectClass=user)" -l "cn,objectclass,ou,samAccountName" ) Groups and OU's had similar limitations. If I can dig up the original BAT files I used to create those LDIFDE dumps, I'll send them to you if you're interested. Hope that helps! Lou -----Original Message----- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of McDougal, Philip H Sent: Wednesday, April 27, 2005 10:24 AM To: ActiveDir@mail.activedir.org Subject: [ActiveDir] Importing AD into a test lab ... Hello, I have a question concerning getting my existing AD into a test lab. I saw some help in the archives but I'd like a fresh look on the topic. I am considering 2 options, that I know of: 1. Use LDIFDE to export and import the Schema, OUs, Users and GPs into the test lab. I built a box with W2003 Standard and DCPROMO'd it up with different machine name but same Domain name. This avenue sounded pretty good but I keep getting failure errors when I try to import the ldf files saying that "An attemp was made to add an object to the directory with a name that is already in use" or "Directory Object not found". my other choice was 2. http://support.microsoft.com/default.aspx?scid=kb;en-us;263532 But since this is a test lab, my library is not available and neither is my backup server. Plus, it's a DC and I don't want to introduce it to my existing domain. I guess I could DCPROMO it back out and then bring it into the existing domain as a standalone and then do a directed recover to it, but this seems like a huge amount of time and effort for something that should be pretty easy. Especillay for DR purposes. How many of us will recover AD to a system that has identical hardware? but I digress ;-) Any advice or ideas would bre greatly appreciated. Thanks in advance. Phil. -------------------------------------------------------- Philip H. McDougal Application Support Engineer Jenner & Block LLP One IBM Plaza Chicago, IL 60611-7603 Tel (312) 222-9350 Fax (312) 840-8879 [EMAIL PROTECTED] www.jenner.com CONFIDENTIALITY WARNING: This email may contain privileged or confidential information and is for the sole use of the intended recipient(s). Any unauthorized use or disclosure of this communication is prohibited. If you believe that you have received this email in error, please notify the sender immediately and delete it from your system. -------------------------------------------------------- List info : http://www.activedir.org/List.aspx List FAQ : http://www.activedir.org/ListFAQ.aspx List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ List info : http://www.activedir.org/List.aspx List FAQ : http://www.activedir.org/ListFAQ.aspx List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/
