Active Directory Migration that's easier than retyping a couple hundred names?

[burritoincognito]

I'm in a situation where we have to migrate a few organizational units off of the current AD, to a brand new one, and it has to be done today.

Short story: we told them this project would take 4 weeks from approval to implementation so we could get the hardware in, software licenses (Not For Profit takes longer, it seems), everything built up, and get people migrated over. We got approval late last week, the servers arrived on Tuesday, and we were told around noon on Wednesday that we had until Friday to complete it, there would be no further pushing back of dates. We've set up the ESXi servers, sans licensing, and a few 2008 R2 VMs for AD and Exchange, and app servers.

The old domain is on a 2003 SP2 server. The new domain is on a 2008 R2 server. They see each other, but it doesn't list the new domain in My Network Places, and the Active Directory Migration Tool put out by Microsoft doesn't seem to work (3.2 doesn't work on the new server, as it's incompatible with SQL2012, and there are issues with SQL2008, and 3.0 doesn't see the other domain on the old server).

I do have access to an off-site 2008 R2 AD server as well, should that help.

Is there some easy way to migrate the users from one to the other, without me simply sitting there typing out all of the names?

 

[k1pp3r]

Do you have a domain trust in place? You need that for AD migration tool i believe, ast least that is how i do it.

 

[lizardking009]

VBS to extract the names? VBS to import the names?

 

[Mackintire]

Not free but I m sure hyena can do that: http://www.systemtools.com/hyena/

 

[cyr0n_k0r]

you're mixing up your words.

Migration implies you are moving the entire account complete with SID from one domain to another. Like k1pp3r mentioned, you need your 2 domains to trust each other to do that.

However your post mentioned typing each name individually which implies you don't want to migrate the accounts, you just want to simply recreate them on a new domain with a new SID.
If that is the case it is very easy. VBS, Powershell, AutoIT, and many other scripting languages can help you with it.

 

[lassiterb]

Not free, but the tools at http://www.dovestones.com/ have proved useful to me for bulk AD user work in the past.

 

[burritoincognito]

I ended up doing it all by hand....twice. Not sure why, but it lost all the users I created, although it kept the distribution groups (but emptied them).

Oh well. It turned out that there were a ton of old accounts that were no longer valid, so in the end, it was closer to 70 accounts, which is less than half of what I expected.

 

[timberdoodle]

Wow. Sorry I didn't see this earlier. Csvde is a command line tool built into windows domain controllers designed to both import and export to a CSV file. It would have made your job a lot easier.

 

[burritoincognito]

Oh well. It wasn't so bad until I had to do it the second time. Usually the companies we have to do that for are 20 people or so, and setting them up from scratch isn't as big a deal. I just know that I'm not the only sysadmin out there, and there has to be a tool I'm missing.

 

[timberdoodle]

http://technet.microsoft.com/en-us/library/cc732101(v=ws.10).aspx