Active Directory Export/Import - Users, Group, OU's
I have a 2012 R2 domain controller and need to migrate all users, groups and OU's to a new domain controller. This new DC is in a completely different domain. I've exported the users, groups and OU's to ldf files using various LDIFDE commands.
Looking at the ldf files I noticed that all AD OU's and Groups are exported including ones my team created and default ones, ex: Domain Controllers OU, Users OU, Domain Admins group, Enterprise Admins group, etc.
Here's my question/concern when it comes time to perform the import on the new DC:
- Since a lot of the these groups and OU's are default with domain controllers will the import fail because the OU's/groups already exist, will duplicates be created, or will the import LDIFDE command ignore the duplicates and move onto to the next bit of data in the file?
I understand that before I can perform the import I need to update the dn records to point to the new domain. I'm more concerned with breaking the domain controller where the import will be performed. I was following the instructions laid out here - https://social.technet.microsoft.com/Forums/office/en-US/1b24edf2-9af5-447c-9f15-631e88eefe8c/exporting-users-groups-and-their-members-from-a-currently-installed-and-importing-them-to-a-new?forum=winserverDS.
Solution 1:
-k
Ignores errors during an import operation and continues processing. This parameter ignores all of the following errors:
-
The object is already a member of the group
-
The operation has an object class violation
This violation means that the specified object class does not exist, if the object being imported has no other attributes.
-
The object already exists
-
The operation has a constraint violation
-
The attribute or value already exists
-
The operation found no such object
https://docs.microsoft.com/en-us/previous-versions/windows/it-pro/windows-server-2012-r2-and-2012/cc731033(v=ws.11)