How to migrate OU structure from one domain to another

Sometimes you may face an “issue” when you are migrating domain, using ADMT or another tool which does not support OU migration, to the new domain within the same forest or to completely new one.

Do you need then to rebuild everything manually or resign from existing OU scheme? No, you can very simply extract OU structure from one domain and import it to another. To achieve that you need to only use LDIFDE command which is available on any Domain Controller.

In this example, I will show you how to export OUs from one domain to flat text file, modify appropriate part of that file and import it to the new domain.

As you can see below on a screen, in my test environment some Organizational Units already exist. I would like to keep them in my new forest but I do not want to recreate whole structure manually. LDIFDE will help me to get everything to text file in really short time.

OUs structure in the old domain

There are many Organizational Units which I want to create in the new domain in another forest. To export all necessary information about OU objects, I need to run below syntax

ldifde -f c:\OUs.ldf -r “(objectClass=organizationalUnit)” -l objectClass,description

Exporting OU structure

on C-Drive in OUs.ldf file I will have all exported structure almost ready to import in another domain. There were 39 OUs exported which I can simply view in notepad

LDIFDE exported data

Now, I need to make some simple changes in LDF file to be able to import it in another domain. The most important part to change is distinguished name of the old domain. The old domain name is testenv.local and the new one is testcorp.local

So, I need to replace all dc=testenv,dc=local entries with the new domain’s DN dc=testcorp,dc=local

Old DN of domain

To do that, LDF file needs to be opened in notepad. When file is opened, CTRL+H key combination for text pattern replacement can be used

Old DN replacing by the new one

and LDF file is preapred with distinguished name of the new domain

New domain DN in LDF file

The last step before LDF file can be imported in the new domain, is “Domain Controllers” OU deletion from input file. As this OU exists by default in each domain, there is no need to create it. Just search Domain Controllers OU in LDF file and delete its entries as they are not required

Deleting Domain Controllers OU from LDF file

Now, file is ready to be copied to the new domain for import. On a Domain Controller from the new domain in command-line this syntax should be executed to import OU structure

ldifde -i -f c:\OUs.ldf

OU structer import in the new domain

You can see that 39 entries were exported and 38 were imported (minus one as Domain Controllers OU was deleted from input file). So, whole operation has been finished successfully. I have all OUs in the new domain now.

OU structure in the new domain after OUs import

and that’s all! OU structure is the same in the new domain!


Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Google+ photo

You are commenting using your Google+ account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )


Connecting to %s

%d bloggers like this: