PowerShell Script – Active Directory Export And Import Tip - C

Home » Active Directory Structure Export » PowerShell Script – Active Directory Export And Import Tip - C

Maybe your like

Hello World,

As you have noticed, I’m not posting as regularly as I would lately. Sorry about that but I’m really busy with some difficult projects lately. So, I do not have much time for me. But, today, hey….I’ve managed to get some free time and I will use this time to quickly post a some tip about PowerShell script and Active Directory. We will briefly show how you can export AD information in a smarter way in order to be able to reuse your exported data in an easy way while performing an import action. Let’s see what does that means !

Background

Time to time some customers ask me to perform an export of the Active Directory infrastructure. Using Powershell Script and the Active Directory module, we can export the OU Structure, the Groups, the group membership and the user information from the Active Directory.

Why would you import-export your OU structure ?

A first reason would be for documentation purposes. Another reason might be for Disaster Recovery purposes (I think more of the Group membership information). If you do not have the AD Recycle Bin enabled in your Active Directory and you need to re-animate an object, you will only get the basic information. Group membership information are lost. Such export import operation can help you retrieving the group membership information. Another option would be that you need to replicate the OU structure to another Active Directory domain for test and validation purposes. You need to validate a change in your Active Directory but you do not want to do that in your production infrastructure. You can replicate the AD infrastructure using PowerShell scripting. If you have multiple Active Directory Forests/domain, you might want to standardize the OU structure and the GPO associated to it.

Whatever your reasons are, we will show how we can perform this operation.

How to Export the AD OU Structure

In this post, we will focus mainly on exporting the OU structure but you can apply the technique while exporting Groups or users objects. If you google a bit, you will see that in order to export the OU Active Directory structure using PowerShell, you can issue the following command :

If you are using Windows 2008 R2, you will issue the following

Import-module ActiveDirectory

Get-ADOrganizationalUnit -filter {name -like “*”} | Select Name, DistinguishedName | export-csv AD_OU_Tree.csv -NoTypeInformation

If you are running Windows 2012 or later, you do not need to import the Active Directory module and you can simply issue the following command

Get-ADOrganizationalUnit -filter {name -like “*”} | Select Name, DistinguishedName | export-csv AD_OU_Tree.csv -NoTypeInformation

So far, nothing really complex. You have achieved your target i.e. epxorting your OU structure.

Importing your Active Directory OU structure

Now, you will need to perform an import operation (let say that you need to replicate the OU structure in new Active Directory Forest), you will need to issue again a PowerShell command and you will use the export file as the input source for the operation. To import the OU structure, we will basically need to create new OU in your target forest. To recreate the OU structure, you will need to use the New-ADOrganizationalUnit. You will issue something like this

New-ADOrganizationalUnit –Name <%Name%> -Path <%OU Path %>

Now, given the structure of the exported file, you will have a small issue to perform the import operation. Indeed, in our export file, we do not have the information about the OU Path (at least not out of the box). We have the distinguishedName and the Name information but no OU Path information.

We have 2 ways to fix this issue.

Solution 1 – Create an Import function to obtain the OU Path

In this solution, we perform a standard export operation (as described above) but we need to write additional code in our import operation in order to obtain the OU Path information. The script could be something like this below

Note : This code has not been tested. It’s just to give you an idea of what could be done….

import_ad_1

Click on picture for Better Resolution

Solution 2 – Change the way you perform the Export operation (smarter way)

The other option is to modify the code that we use during the export operation. By modifying the export code, we want to store in the input file the information about the OU Parent Path. This export operation can be performed in a one-line command which might be simpler to do that creating a custom import function.

To dump the OU Parent Path information during the export operation, you will issue the following command,

$StrOU=Get-ADOrganizationalUnit -Filter {Name -like ‘*’} | select name,DistinguishedName,@{n=’OUPath’;e={$_.distinguishedName -replace ‘^.+?,(CN|OU.+)’,’$1′}}

$strOU | export-csv OUTree.csv -NoTypeInformation

Because you have the OU Path information already in your input file, your import function will look like the code below (not tested but should be working)

import_ad_2a

Click on Picture for Better Resolution

Final Notes

As you can see, performing export/import active directory operations are becoming easier with PowerShell scripting capabilities. In this post, we have shown how you could perform a smarter export operation in order to get the needed information to be provided while performing the import operation. Either way, you will achieve your goal. So, you can choose your way but for me the second option seems simply more efficient and it’s easier to implement.

Now, you should be ready to customize your own scripts and perform good Import export AD operation.

Till Next Time

See ya

Tag » Active Directory Structure Export