通过PowerSell在不同域之间迁移或复制OU和User

jhegw

最近有个需求，公司需要搭建一个预发布环境出来， 需要把生产中的AD用户导出至预发布环境中，刚开始准备用csvde导出导入，后来干脆使用PowerShell，下面是针对某一个OU下的用户进行复制到另外一个域中并启用账户统一设定密码，再次感谢朋友费Sir同我一起测试到深夜
先来说说大致的思路：要迁移某个OU下的用户，而且需要迁移OU，那么我们需要先迁移OU过去，然后迁移User，最后还有个需求，需要迁移用户的经理，那么也是需要迁移完用户后再统一设定用户的Manager了
下面以复制物流中心这个OU为例进行迁移
#导出物流中心OU

1 2	$oucsv = 'C:\Users\sys_robin\OUexportWuliu.csv' Get-ADOrganizationalUnit -SearchBase 'OU=物流中心,DC=corp,DC=viplab,DC=com' -Filter * -Properties * | select name,distinguishedName | export-csv $oucsv -Encoding UTF8 -NoTypeInformation

#导入物流中心OU

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26

import-module activedirectory $OldDom = 'DC=corp,DC=viplab,DC=com' $NewDom = 'DC=corp,DC=demo,DC=com' $oucsv = 'c:\OUexportWuliu.csv' $success = 0 $failed = 0 $oulist = Import-Csv $oucsv $oulist | foreach { $outemp = $_.Distinguishedname -replace $OldDom,$NewDom #need to split ouTemp and lose the first item $ousplit = $outemp -split ',',2 $outemp Try { $newOU = New-ADOrganizationalUnit -name $_.Name -path $ousplit[1] -EA stop Write-Host "Successfully created OU: $_.Name" $success++ } Catch { Write-host "ERROR creating OU: $outemp" #$error[0].exception.message" $failed++ } Finally { echo "" } } Write-host "Created $success OUs with $failed errors"

#导出物流中心下用户

1 2

$path= 'C:\Users\sys_robin\ADUsers_Wuliu.csv' Get-ADUser -SearchBase 'OU=物流中心,DC=corp,DC=viplab,DC=com' -Filter * -Properties * |select sAMAccountName,cn,name,objectCategory,description,displayName,userPrincipalName,distinguishedName,title,manager,department,employeenumber | Export-csv $path -NotypeInformation -Encoding:UTF8

#导入物流中心下用户

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30

Import-Module activedirectory $OldDom = 'DC=corp,DC=viplab,DC=com' $NewDom = 'DC=corp,DC=demo,DC=com' $oldUPN = 'corp.viplab.com' $NewUPN = 'corp.demo.com' $password = ConvertTo-SecureString 'abc.123' -asplaintext -force $Usercsv = 'c:\ADUsers_Wuliu.csv' $success = 0 $failed = 0 $Userlist = Import-Csv $Usercsv $Userlist | foreach { $Usertemp = $_.Distinguishedname -replace $OldDom,$NewDom $UserUPN  = $_.UserPrincipalName -replace $oldUPN,$NewUPN #need to split UserTemp and lose the first item $Usersplit = $Usertemp -split ',',2 $Usertemp Try { $newUser = New-ADUser -name $_.Name -SamAccountName $_.SamAccountName -Description $_.description -displayname $_.displayname -title $_.title -department $_.department  -UserPrincipalName  $UserUPN -EmployeeNumber $_.EmployeeNumber -AccountPassword $password -Enable $true -path $Usersplit[1]  -EA stop Write-Host "Successfully created User: $_.Name" $success++ } Catch { Write-Host "ERROR creating OU: $Usertemp" #$error[0].exception.message" $failed++ } Finally { echo "" } } Write-host "Created $success Users with $failed errors"

#设定物流中心用户的Manager

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24

Import-Module activedirectory $OldDom = 'DC=corp,DC=viplab,DC=com' $NewDom = 'DC=corp,DC=demo,DC=com' $Usercsv = 'c:\ADUsers_Wuliu.csv' $success = 0 $failed = 0 $Userlist = Import-Csv $Usercsv $Userlist | foreach { $UserManager = $_.Manager -replace $OldDom,$NewDom Try { $Usertemp = $_.Distinguishedname -replace $OldDom,$NewDom $SetManager = Set-ADUser -Identity $_.SamAccountName -Manager $UserManager  -EA stop Write-Host "Successfully Set Manager: $_.Name" $success++ } Catch { Write-Host "ERROR Set Manager: $Usertemp" #$error[0].exception.message" $failed++ } Finally { echo "" } } Write-host "Created $success Users with $failed errors"

使用如上脚本，可以顺利迁移AD域中的OU和用户到新的测试域中，如果有多个OU，可以使用相同 的方法进行迁移，也可以整理下脚本，一次迁移多个OU。