Forum Discussion
Copy Groups between forests
Hi I am trying to copy the groups from an OU in one domain to another domain. It looks like it does like the name pipe. Is there a better way to do this? Also, would it be possible to copy the group members? It is also tricky because the full DNs are different.
$ADGroups = Get-ADGroup -filter * -SearchBase "OU=Groups,DC=DomainA,DC=local" |select Name
foreach($group in $ADGroups){
New-ADGroup -Name $group -Path "OU=Groups,DC=DomainB,DC=local" -Server "DomainControllerB.DomainB.local" -Credential $DomainBCred
}
It's not enough to just set the name. The group's scope and category should also be preserved.
You also do not need to store the groups from the first forest in a variable. This design doesn't scale well in larger environments.
Rather, you can pipe the results of the Get-ADGroup straight into the New-ADGroup commandlet which is targeting the destination forest. This approach allows .NET to reclaim system resources earlier - even during the execution of the command if your environment's large enough.
Get-ADObject -Filter * -SearchBase "OU=Groups,DC=DomainA,DC=local" | New-ADGroup -Path "OU=Groups,DC=DomainB,DC=local" -Server "DomainControllerB.DomainB.local" -Credential $DomainBCred;It's worth noting that this process will not copy across the group memberships.
Cheers,
Lain
4 Replies
It's not enough to just set the name. The group's scope and category should also be preserved.
You also do not need to store the groups from the first forest in a variable. This design doesn't scale well in larger environments.
Rather, you can pipe the results of the Get-ADGroup straight into the New-ADGroup commandlet which is targeting the destination forest. This approach allows .NET to reclaim system resources earlier - even during the execution of the command if your environment's large enough.
Get-ADObject -Filter * -SearchBase "OU=Groups,DC=DomainA,DC=local" | New-ADGroup -Path "OU=Groups,DC=DomainB,DC=local" -Server "DomainControllerB.DomainB.local" -Credential $DomainBCred;It's worth noting that this process will not copy across the group memberships.
Cheers,
Lain
- Thanks Lain! It looks like it is trying to pass the DN though:
InvalidArgument: (CN=somegroup,OU,DomainA,DC=local:PSObject) [New-ADGroup], ParameterBindingExceptionIt's complaining that it cannot bind a parameter, which is a PowerShell error, not a directory service error.
What is the precise command you are running? (Obviously, obscure the real domain names, etc. but the format is important)
Cheers,
Lain
