Copy OU Structure between domains (June 6 2014)

In the process of building a new domain to run in parallel to our existing one for a re-branding project we needed copy parts of our OU structure. In our scenario the site is broken into buildings, rooms and occasionally smaller units. Accounting for hundreds of nested OUs. That would be a pain to build by hand.

I needed to mirror this structure in the new domain, with slight changes. In my scenario the domains not only didn’t have a trust but the new domain was on a completely isolated network.

The structure looked something like this: Computers Old Name >Building 100 >>Room 110 >Building 200 >>Room 210

And needed to become: Computers New Name >Building 100 >>Room 110 >>Room 120 >Building 200 >>Room 210

First I gathered the needed info about the old domain and the new domain.

Old Domain: Domain Name: foo.contoso.com Domain Controller: DC01.foo.contoso.com Path to the OU I wanted to mirror: “OU=Computers Contoso”

New Domain: Domain Name: bar.fabrikam.org Domain Controller: DC01.bar.fabrikam.org Path to the OU I wanted to create: “OU=Computers Fabrikam”

Now I wanted to export the information from Contoso using ldifde (I ran this on one of the Contoso domain controllers)

The command I used looked like this:

ldifde -f ExportOU.ldf -s DC01.foo.contoso.com -d "OU=Computers Contoso,DC=foo,DC=contoso,DC=com" -p subtree -r "(objectcategory=organizationalUnit)" -l "cn,objectclass,ou"

This generates a nice file named “ExportOU.ldf”. Now using any text editor we open that file and do a find and replace on all.

To change the domain: Find: DC=foo,DC=contoso,DC=com Replace with: DC=bar,DC=fabrikam,DC=org

To change the OU information: Find: OU=Computers Contoso Replace with: OU=Computers Fabrikam

Copy the file to the domain controller on the Fabrikam domain and import it. Which is really easy with this command:

ldifde -i -f ExportOU.ldf -s DC01.bar.fabrikam.org

Thats it structure is built but one word of warning. If you wanted to remake the entire OU structure not just a portion you need do little more work.Check here for the details: http://social.technet.microsoft.com/wiki/contents/articles/11386.ldifde-import-ou-structure-cross-domain.aspx

Here be dragons, or a footer. Both work.