I have been tasked with migrating 100 users from a open LDAP domain to a new MS ADS server. the problem is i need to migrate the Passwords and all setting in AD along with when the user logs into thier pc it should not trigger a new profile on desktop. I know i can export all the info with get-qadobject to CSV. But how do i import all that info into a new domain.

 

Thank you for any suggestions.

Don't forget that for most every get-q* cmdlet there's a set and a new. That may not be your best option though. I'd wait to see what kind of magic that BSonPosh suggests. AD seems to be his specialty. :)

My question here would be how do you get the password. Generally speaking Passwords you shouldn't never be able to extract the passwords from the database. Perhaps in your case you can, but I would be curious about that.

As for the profiles, you could probably tweak the registry and make this work, but I would expect a lot of troubles with this.

Outside of those... it is pretty simple.

as a side note... you could try ADMTv3... support wise it shouldnt work, but I can't think of a technical reason why it wouldnt.

wow... got to love the double negative " shouldn't never " that will teach me to write on the bus.

You should NOT be able to extract the password.

I agree with your concerns for the passwords. But the customer is a small business and would like if at all possible to retain there passwords without end user input. If it cant happen its OK just preferred. I am unsure of the syntax for using quest to import fields from a CSV any suggestions there?
Also i did look into admt v3 but as you said they dont list it as supported. I will build a lab to try admt v3.

Steven Saehrig

I wouldnt rule out the passwords just yet, but I would set the expectations that is probably not going to happen. You should explain why it can't happen (although the customer probably wont get what your saying they will feel more secure in your knowledge.)

So... back to your question. You could use import-csv and foreach(){} to create the users for you. The CSV file needs headers.

I think in your case the best option would be to dynamically create the hash table that contains all the properties, but I would have to test this... im thinking something like this. THIS IS NOT WORKING CODE! Just a suggestion on direction.

thank you for the direction. do you think an export of all object will give me the information i need to build that hash table. the most i have done with creating new users

It should have all the information you need... my concern with that is making sure there are no schema extensions on the openLDAP side (extra properties that are used, but AD will not have.)

Ok... here is what I think will work, assuming that all the properties in your CSV are valid AD properties. ( IMO you should be very picky what you pull from the OpenLDAP server.)