从特定的OU导出AD结构,然后在新域中重新创建结构
[英]Export AD structure from specific OU, then re-create structure in new domain
问题描述
I've researched and found the way to export our active directory information for our application is like this: 
我进行了研究,发现为应用程序导出活动目录信息的方式如下:
csvde -d OU=MyAppsOU,DC=dot,DC=testdmz,DC=lan
-f C:\temp\addump_ou.csv -r (objectClass=organizationalUnit)
Now, I've read that to do an import from that file, you just have to add the -i option to the line like this: 现在,我已经读过要从该文件导入,您只需要在行中添加-i选项,如下所示:
csvde -i -d OU=MyAppsOU-New,DC=dot,DC=newdmz,DC=lan
-f C:\temp\addump_ou.csv -r (objectClass=organizationalUnit)
Obviously, I'm very scared to try this as I don't want to blow away anything. 显然,我很害怕尝试此操作,因为我不想炸掉任何东西。 My questions are: 我的问题是:
Does specifying the
OU=MyAppsOU-Newcreate the new OU structure with that specific name?指定OU=MyAppsOU-New是否使用该特定名称创建新的OU结构? (I'm just trying to be 100% positive)(我只是想成为100%积极的人) Does specifying the different domain name (newdmz) just update all of the data in the file to contain the new domains name?
指定不同的域名(newdmz)是否只是更新文件中的所有数据以包含新的域名? or
要么 Do I need to modify the exported csv file to change the domain name (testdmz) to what the new domain name will be (newdmz)?
我是否需要修改导出的csv文件以将域名(testdmz)更改为新域名(newdmz)? Is there a different way I should be doing this?
我应该采取其他方法吗?
I just want to re-create the OU structure without groups, roles (which are groups) and users. 我只想重新创建没有组,角色(即组)和用户的OU结构。 I will probably do those in a different process because we have different usernames for test and production. 我可能会在不同的过程中进行操作,因为我们用于测试和生产的用户名不同。
1 个解决方案
解决方案1
1 已采纳 2012-06-28 04:06:40
Wow ! 哇 ! lost of question here, but according to me not enougth. 在这里失去了疑问,但据我所知。
Begining by the end. 从头开始。 CSVE.EXE is really not the exact tool I would use. CSVE.EXE确实不是我要使用的确切工具。 As a Directorie developper I prefer LDIFDE.EXE , because it generates LDIF (LDAP data Interchange Format) which is more standard and more readable. 作为Directorie开发人员,我更喜欢LDIFDE.EXE ,因为它会生成更标准和更易读的LDIF(LDAP数据交换格式)。 You can also have a look to tools like ADAMSync.EXE that allow to synchronize two directories in AD world (but it's a big hammer for whant you want to do here) 您还可以查看ADAMSync.EXE之类的工具,该工具可以同步AD世界中的两个目录(但这对于想要在此处进行操作的人来说是一个巨大的锤子)
Now choosing LDIFDE.EXE you will see that LDIF format is almost importable as is, but you nned to remove operational attributes (system attributes) from the file. 现在选择LDIFDE.EXE您将看到LDIF格式几乎可以直接导入,但是您已从文件中删除了操作属性(系统属性)。 The best way is to take them during the rxport. 最好的方法是在rxport期间使用它们。 So you will use -L to only export the attributes you need or -O option to omit operational attributes. 因此,您将使用-L仅导出所需的属性,或使用-O选项忽略操作属性。
To import in another domain, you will use -C option to change original domain part (DC=dot,DC=testdmz,DC=lan) by the new domain part. 要导入另一个域,您将使用-C选项通过新的域部分更改原始域部分(DC = dot,DC = testdmz,DC = lan)。
Try it before in a virtual machine. 在虚拟机中尝试之前。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.