Many organisations use Hybrid environments to store their information. With the help of Azure AD Sync (also known as Azure AD Connect), they synchronize their user accounts, groups, and credentials from an on-premises Active Directory (AD) instance to Azure AD.
In current world, with the verge of mergers and acquisitions around the corner, it is vital to frame a mechanism to provision these on-premises Active Directory entities to the Target Environment.
Apps4.Pro Migration Manager which has been a key player in Migration of the Microsoft Workloads has figured a way to get the Key Active Directory entities(Users, Groups & Organizational units) provisioned via PowerShell scripts without the need of a TRUSTED NETWORK relationship.
In this BLOG we will find how to migrate the Active Directory Source Organizational Units from one on-premises environment to another in a jiffy with 2 simple steps.
Step 1 : Export the Active Directory Organizational Units from your Source Tenant
Step 2 : Import them to the Target Tenant
The Script exports the the below OU(Organizational unit) details
🠊 OU Name
🠊 Description
🠊 Display Name
🠊 Distinguished Name
🠊 Domain Name
🠊 OU Level
🠊 Managed By
🠊 Property : protectedFromAccidentalDeletion
🠊 Street Address
🠊 City
🠊 State
🠊 Country
🠊 Postal Code
Let’s get started !
Pre-requisites : Please install the Microsoft Graph PowerShell and the required modules before running this script.
All you need to do is :
- Execute the below scripts by feeding in
- Path to the CSV to import / export the Organizational Units
- Fully qualified Domain Name
- Sign-in as Domain Admin / Enterprise Admin
Script to Export Active Directory Organizational Units
You can download the PowerShell script from location : https://cdn.apps4.pro/scripts/export-active-directory-ou.ps1
function Export-OrganizationalUnits
{
param(
$csvPath
)
Import-Module ActiveDirectory
$DCName = (Get-ADDomain).Name
$domainDN = (Get-ADDomain).DistinguishedName
$ObjectList = @()
$sourceOU = Get-ADOrganizationalUnit -Filter * -Properties *
foreach($ou in $sourceOU)
{
$ouLevel = ($ou.DistinguishedName -split 'OU=').Count -1
$ouObjects = [PSCustomObject]@{
domainName = $domainDN
oulevel = $ouLevel
c = $ou.c
city = $ou.City
country = $ou.Country
description = $ou.Description
displayName = $ou.DisplayName
distinguishedName = $ou.DistinguishedName
managedBy = $ou.ManagedBy
name = $ou.Name
ou = $ou.ou
postalCode = $ou.PostalCode
protectedFromAccidentalDeletion = $ou.ProtectedFromAccidentalDeletion
state = $ou.State
streetAddress = $ou.StreetAddress
#Write-Host $ou
}
$ObjectList += $ouObjects
}
$ObjectList | Export-Csv -Path $csvPath -NoTypeInformation
}
Export-OrganizationalUnits -csvPath "Path of the CSV to Export OUs"
# For example
# Export-OrganizationalUnits -csvPath "C:\Users\admin\OUs_exported.csv"
Snippet of the exported data
Script to Import Active Directory Organizational Units
You can download the PowerShell script from location : https://cdn.apps4.pro/scripts/import-active-directory-ou.ps1
function Import-OrganizationalUnits
{
param(
$csvPath
)
Import-Module ActiveDirectory
$sourceOU = Import-Csv $csvPath
$targetDN = (Get-ADDomain).DistinguishedName
$allTargetOU = Get-ADOrganizationalUnit -Filter * -Properties *
#$sortedOUs = $sourceOU | Sort-Object {($_.DistinguishedName -split ",").Count}
$sortedOUs = $sourceOU | Sort-Object {$_.oulevel}
foreach($ou in $sortedOUs)
{
$targetDisName = $ou.DistinguishedName -replace $ou.domainName, $targetDN
$targetOU = $allTargetOU | Where-Object {$_.DistinguishedName -like $targetDisName}
if(!$targetOU)
{
Write-Host "Creating New OU" $ou.Name
$split = $ou.distinguishedName -split ','
$parentDN = (($split | Select-Object -Skip 1) -join ",") -replace $ou.domainName, $targetDN
$accDeletion = $null
if($ou.protectedFromAccidentalDeletion -eq "TRUE"){
$accDeletion = $true
}
else{
$accDeletion = $false
}
$ouParams = @{
Country = $ou.country
City = $ou.city
Description = $ou.description
DisplayName = $ou.displayName
#DistinguishedName = $ou.distinguishedName
#ManagedBy = $ou.managedBy
Name = $ou.name
#ou = $ou.ou
PostalCode = $ou.postalCode
ProtectedFromAccidentalDeletion = $accDeletion
State = $ou.state
streetAddress = $ou.streetAddress
}
New-ADOrganizationalUnit @ouParams -Path $parentDN
Set-ADOrganizationalUnit -Identity $targetDisName -Replace @{c=$ou.c} -ErrorAction SilentlyContinue
if($ou.ManagedBy)
{
Set-ADOrganizationalUnit -Identity $targetDisName -Add @{ManagedBy=$ou.managedBy} -ErrorAction SilentlyContinue
}
# New-ADOrganizationalUnit -City $ou.City -Country $ou.Country -Description $ou.Description -PostalCode $ou.PostalCode -Name $ou.Name -State $ou.State -StreetAddress $ou.StreetAddress -ProtectedFromAccidentalDeletion $accDeletion -Path $parentDN
}
else{
Write-Host $ou.Name "OU Already Exist"
}
}
}
Import-OrganizationalUnits -csvPath "Path of the exported CSV"
# For example
# Import-OrganizationalUnits -csvPath "C:\Users\admin\OUs_exported.csv
Please refer our other BLOGs for the handy scripts to migrate the Active Directory Users and Groups
https://blog.apps4.pro/migrate-your-active-directory-users-across-tenants
https://blog.apps4.pro/migrate-your-active-directory-groups-across-tenants
