I think you need to consider that the export to XML is far less difficult than the import back in to the directory on the other side.
Joe raised one....the ACL problems. And there are other problems you need to fix too. For example, you have a user and a group, the user is in the group. You need to ensure that you create the user before you try and tickle the 'member' attribute of the group. This problem would be out there for all link value attributes. And sometimes, perhaps you happen to have an attribute on objectA that points to objectB but also an attribute on objectB that points back to objectA. So you can't just reorder, you need to defer some of the operations to later on. You need to ensure you sort your object creates hierarchically so you don't try and create children before you have their parents. You need to ensure you have schema parity. Those are just a few problems that come to mind. Synchronization is tricky business. This is why we wrote MIIS and ADAMSync....so you don't have to. ;) Perhaps an easy approach for you would be adamsync + a little scripting (namely for ACLs + GPOs, two things that adamsync can't handle on it's own). ~Eric -----Original Message----- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of [EMAIL PROTECTED] Sent: Friday, October 21, 2005 8:08 AM To: ActiveDir@mail.activedir.org Subject: RE: [ActiveDir] Script to export an AD environment to XML Good points, joe. The whole effort started with a guy here writing a script which made two passes as you describe in order to avoid the chicken and egg dilemma.[1] He found he was having difficulty in applying OU perms so I started to look at the GPMC scripts hoping it would make his life easier. I guess we need the GPMC scripts plus his custom made scripts in some shape or form. With regard names vs SIDs - I am looking to create a fresh env from the XML file so that is less of an issue. The GPMC "createXMLfromEnv" script uses names and happily exports GPOs, their permissions and the related group objects. neil [1] this is clearly not a dilemma since the egg came first. Animals gave birth via an egg long before the chicken ever evolved into existence :) -----Original Message----- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of joe Sent: 21 October 2005 15:41 To: ActiveDir@mail.activedir.org Subject: RE: [ActiveDir] Script to export an AD environment to XML Perms are going to be fun to handle... You have two problems. First off you obviously can't use SIDs, everything will have to be named based with all objects with same names having to exist or a mapping file used. Second off, chicken an egg. If you are trying to build an OU X with the perms set for group XYZ to have permissions but XYZ is a member of some OU below X then you can't set the OU X perms until you have created XYZ. Simplest way to handle would be to build all objects, then come through and apply perms. I would probably look at writing a separate script to read and apply the perms. -----Original Message----- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of [EMAIL PROTECTED] Sent: Friday, October 21, 2005 10:21 AM To: ActiveDir@mail.activedir.org Subject: RE: [ActiveDir] Script to export an AD environment to XML That's where I started - but I need OU perms and don't believe that script exports that data, by default. Did you extend the script at all? neil -----Original Message----- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Smith, Brad Sent: 21 October 2005 15:03 To: ActiveDir@mail.activedir.org Subject: RE: [ActiveDir] Script to export an AD environment to XML Neil, have a look at CreateXMLFromEnvironment.wsf and CreateEnvironmentFromXML.wsf from C:\Program Files\GPMC\Scripts. Darren put me onto these a week or so ago and I have been able export Users, Groups, Group Membership, OU, GPO (incl ACLS and security) to about 80% accuracy so far. Check out the post titled "[ActiveDir] Interesting Scripting Task....." that is still ive and kicking. -----Original Message----- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Al Mulnick Sent: 21 October 2005 14:43 To: ActiveDir@mail.activedir.org Subject: RE: [ActiveDir] Script to export an AD environment to XML I believe some of the scripts that come with GPMC can be helpful here. As for creating the XML file for structure, not as sure it's already built. You do have some vbscript or perl options available that handle creating the XML structures for you though. Take a look at the GPMC file and you'll see what I mean. (there was a conversation yesterday about exporting the GPMC stuff on this list, and I just replied to some of that. You'll see the methods etc that relate to using XML vs. plain text in those files) Drop a note if that's not what you had in mind though. -ajm >From: <[EMAIL PROTECTED]> >Reply-To: ActiveDir@mail.activedir.org >To: <ActiveDir@mail.activedir.org> >Subject: [ActiveDir] Script to export an AD environment to XML >Date: Fri, 21 Oct 2005 13:22:42 +0100 > >I need to build a test env and then export it lock, stock and barrel to >an XML file, so that the env can be re-created just using the XML file. > >I need to export: >OU structure and permissions >GPOs and permissions >Users >Groups and memberships > >I would normally use ldifde to export objects and GPMC scripts to >export GPO information but cannot find a way/script to export all of >the above into one XML file. > >Any ideas? > >Thanks, >neil > > > > >___________________________ >Neil Ruston >Global Technology Infrastructure >Nomura International plc > > > >PLEASE READ: The information contained in this email is confidential >and intended for the named recipient(s) only. If you are not an >intended recipient of this email please notify the sender immediately >and delete your copy from your system. You must not copy, distribute or >take any further action in reliance on it. Email is not a secure method >of communication and Nomura International plc ('NIplc') will not, to >the extent permitted by law, accept responsibility or liability for (a) >the accuracy or completeness of, or (b) the presence of any virus, worm >or similar malicious or disabling code in, this message or any >attachment(s) to it. If verification of this email is sought then >please request a hard copy. Unless otherwise stated this email: (1) is >not, and should not be treated or relied upon as, investment research; >(2) contains views or opinions that are solely those of the author and >do not necessarily represent those of NIplc; (3) is intended for >informational purposes only and is not a recommendation, solicitation >or offer to buy or sell securities or related financial instruments. >NIplc does not provide investment services to private customers. >Authorised and regulated by the Financial Services Authority. >Registered in England no. 1550505 VAT No. 447 2492 35. Registered >Office: 1 St Martin's-le-Grand, London, EC1A 4NP. A member of the >Nomura group of companies. > List info : http://www.activedir.org/List.aspx List FAQ : http://www.activedir.org/ListFAQ.aspx List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ This message has been scanned for viruses by MailControl - (see http://bluepages.wsatkins.co.uk/?4318150) This email and any attached files are confidential and copyright protected. If you are not the addressee, any dissemination of this communication is strictly prohibited. Unless otherwise expressly agreed in writing, nothing stated in this communication shall be legally binding. List info : http://www.activedir.org/List.aspx List FAQ : http://www.activedir.org/ListFAQ.aspx List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ PLEASE READ: The information contained in this email is confidential and intended for the named recipient(s) only. If you are not an intended recipient of this email please notify the sender immediately and delete your copy from your system. You must not copy, distribute or take any further action in reliance on it. Email is not a secure method of communication and Nomura International plc ('NIplc') will not, to the extent permitted by law, accept responsibility or liability for (a) the accuracy or completeness of, or (b) the presence of any virus, worm or similar malicious or disabling code in, this message or any attachment(s) to it. If verification of this email is sought then please request a hard copy. Unless otherwise stated this email: (1) is not, and should not be treated or relied upon as, investment research; (2) contains views or opinions that are solely those of the author and do not necessarily represent those of NIplc; (3) is intended for informational purposes only and is not a recommendation, solicitation or offer to buy or sell securities or related financial instruments. NIplc does not provide investment services to private customers. Authorised and regulated by the Financial Services Authority. Registered in England no. 1550505 VAT No. 447 2492 35. Registered Office: 1 St Martin's-le-Grand, London, EC1A 4NP. A member of the Nomura group of companies. List info : http://www.activedir.org/List.aspx List FAQ : http://www.activedir.org/ListFAQ.aspx List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ List info : http://www.activedir.org/List.aspx List FAQ : http://www.activedir.org/ListFAQ.aspx List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ PLEASE READ: The information contained in this email is confidential and intended for the named recipient(s) only. If you are not an intended recipient of this email please notify the sender immediately and delete your copy from your system. You must not copy, distribute or take any further action in reliance on it. Email is not a secure method of communication and Nomura International plc ('NIplc') will not, to the extent permitted by law, accept responsibility or liability for (a) the accuracy or completeness of, or (b) the presence of any virus, worm or similar malicious or disabling code in, this message or any attachment(s) to it. If verification of this email is sought then please request a hard copy. Unless otherwise stated this email: (1) is not, and should not be treated or relied upon as, investment research; (2) contains views or opinions that are solely those of the author and do not necessarily represent those of NIplc; (3) is intended for informational purposes only and is not a recommendation, solicitation or offer to buy or sell securities or related financial instruments. NIplc does not provide investment services to private customers. Authorised and regulated by the Financial Services Authority. Registered in England no. 1550505 VAT No. 447 2492 35. Registered Office: 1 St Martin's-le-Grand, London, EC1A 4NP. A member of the Nomura group of companies. List info : http://www.activedir.org/List.aspx List FAQ : http://www.activedir.org/ListFAQ.aspx List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ List info : http://www.activedir.org/List.aspx List FAQ : http://www.activedir.org/ListFAQ.aspx List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/