Share via

LDIFDE Import OU Structure Cross Domain

  • Article

LDIFDE is one of the powerful tool used to perform various tasks on Active directory management. One of the functionality is to export the OU structure from a Domain Controller and import the OU structure to another Domain in different forest. This article would only emphasize on exporting the OU structure and Importing the OU structure to different domain, this article would not explain the process of exporting User Accounts or Security group memberships.

Requirements:
**
**

 Forest  Domain  Domain Controller
 Forest 1  Red.com  SGPDC01.Red.com
 Forest 2  Blue.com  INDPDC01.Blue.com

Tools :

LDIFDE

Syntax to Export OU Structure on Red.com:

*ldifde -f ExportOU.ldf -s SGPDC01.Red.com -d "dc=red,dc=com" -p subtree -r "(objectcategory=organizationalUnit)" -l "cn,objectclass,ou"

*
The above command would extract complete OU structure configured under Red.com Domain. The next step would be to import the OU structure to Blue.com which is under different forest. You can rely on LDIFDE utlity to perform the import , but with modifications.

By default Administrators can use LDIFDE to perform import operation on the same domain on which they perform the import operation to export the OU. But cannot perform import operation on different domain within same forest or on different forest. But with small tweak in the .LDF file, administrators will have an option to import the LDF file to any Domain in any Forest
**
Tweak :** Below are the steps to tweak the .LDF file to perform successful import of OU structure.

Step1: Navigate to the .LDF File which was exported earlier

Step2: Open the .LDF file using Notepad editor

Step3: Delete the Domain controller OU from the .LDF -- LDFIDE cannot import Domain controller OU

Step4: replace the DN of the Domain to match the target domain. Eg: replace dc=red, dc=com with dc=blue,dc=com

Step5: run the Import command on the target domain ( blue.com )

Command : ***ldifde -i -f "<path>:\ExportOU.ldf" -s indpdc01

***Upon successful completion of the above command, all the source (red.com) OUs will be successfully placed under Blue.com.

Considerations
**
**There are some pain factors to  be considered while performing import of OU structure or the User accounts.

First: Ensure that you delete the standard OUs from the exported .LDF file , before importing them.

Second: During import if LDIFDE returns any error, you have to modify the .ldf file , do necessary corrections, and delete any OU's or accounts which has been created.

Third: The User accounts which gets imported will be disabled