Guide to Copy OU Structure from One Domain to Another

Whenever an organization undergoes structural changes due to mergers, acquisitions, etc. They must also copy the OU structure from one domain to another. This is an essential task that is to be prioritized by the admin in charge of the migration. To assist them we have prepared this write-up that contains the complete guidance necessary for the task.

Furthermore, we also explain the ways in which the automated tool overcomes challenges posed by the PowerShell method. Before we can learn the OU cloning technique, let’s look at the design parameters of an Organizational Unit.

Exactly is an Organizational Unit in an Active Directory & When to Copy it

OU can be understood as a container that resides inside the Microsoft Windows Active Directory (AD) domain. It is a subdivision designed to hold users, groups, computers, and even other organizational units. It is the smallest unit that can be assigned its own unique policy settings and permissions. Within an OU objects with similar properties are put together which makes it easier to manage and access them. Now that we have a basic understanding of OU let’s look at real-life scenarios to replicate its structure.

During the testing of a new product companies often assign a new OU. To save time and avoid mistakes during an OU creation it is better to copy an existing structure and start working on it directly.

When a merger or acquisition takes place, the new employee data can be directly moved to the parent company’s database. So admins can make a replica of the Host’s OU shift the employee data in it and then sync the OU with the database.

Times when OU data becomes corrupted admins can clone the structure and look for any issues present in it. After the issue resolution, the data can be restored on the new OU from a backup.

Now we begin with a technical method for copying the OU structure.

Using PowerShell to Copy OU Structure From One Domain to Another

PowerShell does not directly give us the intended result. Here we have to manipulate the end result to replicate the original OU structure in the target domain. To ensure all the requirements match the targets users need to first generate a CopyOfOUstructure.ldif file as an output. Our aim here is to move the OUs and then tweak the outputs so that no trace of the original domain remains. In other words, delete the domain name itself. 

Also Read: A Step-By-Step Approach for How to Migrate SharePoint List to Another Site Easily

Follow the script below as a template and make changes according to your requirements

$Domain = get-addomain
ldifde -f OUStructure.ldif -d $($domain.Distinguishedname) -c `"$($domain.Distinguishedname)`" `"DC=X`" --% -r "(objectclass=organizationalUnit)" -l "ou,description,objectclass,displayName,displayNamePrintable,msCOM-UserPartitionSetLink,x121Address,uPNSuffixes,co,telexNumber,teletexTerminalIdentifier,telephoneNumber,street,st,seeAlso,searchGuide,registeredAddress,preferredDeliveryMethod,postalCode,postalAddress,postOfficeBox,physicalDeliveryOfficeName,managedBy,thumbnailLogo,l,internationalISDNNumber,facsimileTelephoneNumber,destinationIndicator,desktopProfile,defaultGroup,countryCode,c,businessCategory"

Add or replace the variables according to your own organization’s constraints. Ensure that these match the original OU structure otherwise, your may get corrupted.  

get-content OUStructure.ldif | %{$_ -replace 'Source','Target'} | Out-file Oustructure-reOrg.ldif

Then copy the ldif file to the target server and execute the following commands to load the OU structure.

$Domain = get-addomain
ldifde -i -v -k -f OUStructure.ldif  -c `"DC=X`" `"$($domain.Distinguished-name)`"

Limitations of the PowerShell Mechanism

Confusing: PowerShell commands are broad in scope, so getting an organizational-specific template can be tricky. As each business operates differently, this confusion on which command to use causes delays and reduces workplace efficiency.

Highly Technical: Requires in-depth knowledge of PowerShell commands and their functionalities. Lack of knowledge can result in data corruption and data loss.

Absence of Support: Admins only have their knowledge base to rely on. Moreover, if anything goes wrong, their is no support to guide and resolve the error.

Also Read: Best Active Directory Migration Checklist to Overcome Migration Challenges

Hit and Trial Process: The command line is not a direct way to get the result users have to spend a lot of time to try and tweak the results. Only when 

No Tracking or Reporting Feature: When users want to copy OU structure from one domain to another, they often need to track the progress. However, no such feature is present to directly view the progress in real time within PowerShell. Moreover, the absence of a report makes it difficult to track if the operation was successful or not.

Copy OU Structure from One Domain to Another in an Automated Manner

The only tool that you need for the task is Systools AD Migration Software. With a long legacy in assisting admins in all AD migration scenarios, the tool is more than sufficient for the simple task of OU structure replication. With an easy-to-follow UI and a set of advanced algorithms, the tool can deliver the required results in no time.

 Download Now  Purchase Now

Follow the list of instructions and get your problem sorted.

Step 1. Download the utility and log in with the default credentials (administrator).

Step 2. Register both the source and target domain controllers, one after the other.

Step 3. Now click on the source domain, and in the “Info” section, put in the actual admin credentials for verification.

Step 4. After that, take the cursor to the Active Directory section and fetch the objects.

Step 5. Repeat steps 3, and 4 for the target domain controller.

Step 6. In the Migration section, click on “create migration scenario,” then provide the name and pick the endpoints.

Step 7. Within the “Task” tab, hit the “Create Task” option. Mark all the options you wish to see on the destination domain.

Step 8. After selecting the objects, click on the create option to copy the OU structure from one domain to another.

Step 9. Once all the objects are visible and mapped, click on the start task. When the window pops up, hit Start and let the tool handle the rest.

Features of the Utility that Assist in OU Structure Cloning

• Direct mapping using CSV files is an option right within the tool.
• Replicate the structure of users, computers, and shared folders between domains.
• Maintain the coexistence of the source and its copy simultaneously.
• Clone the SID history of the domain without any issues.
• Copy multiple jobs in multiple OUs across the Active directory.
• Supports all Windows server versions from 2019 to 2012 R2.

Conclusion

In this write-up, we showed the way to copy the OU structure from one domain to another using a variety of methods. The PowerShell method, although available, is not recommended due to the complexity of the operation. On the other hand, the tool mentioned earlier simplified the entire process. So it’s better to save both time and effort by utilizing the tool.

FAQs

Q. I am not well versed in PowerShell commands; is there an alternative for the same?

Ans. Yes, the automated utility provided in the above section is more than enough to copy and replicate the OU structure between domains.

Q. What is the meaning of exporting and importing an OU structure using LDIFDE.exe?

Ans. ldifde.exe is an executable file in a text file that admins need to run on their Domain controller. It can then replicate the OU structure.

Q. Is the OU hierarchy maintained during the cloning?

Ans. Yes, the tool makes sure no unwanted changes take place within the OU itself. Only a clone of the structure gets generated at the destination domain.