a) Can I export all users irrespective of there group memberships to a CSV File, for e.g. users.csv ?
b) Can I also export all OUs to a CSV, so I can later re-import them into a New DC on a New Domain ?
c) Can I export all Groups to a CSV, so I can re-import them into the New DC / New Domain ?
Basically, we have a lot of users, groups, OUs, we are just testing to see if we had to manually re-create all users, groups, ous, via CSV files ?
is this possible ? Will be grateful if someone could provide a script / command to get there.
Thank you all for your suggestions, I think I may have not explained my Question better. Basically, I am not doing or wish to do this for Backup purposes.
I just want to see how this works, for e.g. : If I manually create a CSV file with a list of say 20 or 30 users, what would that csv file should be like ? I mean attributes or fields so that it can be imported into AD with one command or script?
So, I thought if one would export first they would know which attributes would be necessary to create accounts into AD.
Now, the question is 🙂 :
a) How to create that CSV File, what fields are required?
b) Can we set a Default password too for those new accounts?
c) Can we also specify which OU to create that users in or I can move them later?
I hope I have asked clearly this time, it's not meant to be a backup of any kind, just a way to create multiple users or move multiple users around with ease.
Thanks again for your input.
Best Answer
If you're looking at ways to backup Active Directory, the best and most reliable way to do that without creating domain controllers in some remote network is to use the VSS Writer for Active Directory with a VSS-aware backup utility. There is one that comes with Server 2008, and most off-the-shelf backup frameworks for Windows can handle that (possibly with a fee). This kind of backup will get everything, including all user, group, and computer objects with passwords.
To get Group Policy, and anything in them like login-scripts, backed up you need to use the VSS FRS writer.
With both of these you can get a full backup of an AD domain. They can also do atomic restores (single objects) to handle oops-deletes.
If you really just want a bunch of CSV files, take a look into the
dsqueryutility (link). It'll be able to search AD, and when used in conjunction withdsgetit'll grab most of the object information for most objects.A note, though. The above pair of utilities are not a backup method for AD. It won't grab password information. It is useful for documenting object location and group-membership information. To my knowledge, both do not have any visibility on group-policy objects.