Table of Contents

Overview....................................................................................................................................5
Overview
This is a procedure for exporting user accounts from the old domain and importing them into
the new domain.

1. Log on to an domain controller in the old domain with an user account with administrator
privileges.
2. Open Active Directory Users and Computer.
3. Recommendation: At the root of the old domain, create an Ou named “Export” and move all
user accounts into this OU.
4. Open command prompt and change path to C:\. Type ldifde -m -f Export.txt -d
"OU=Export,DC=xxx,DC=xxx" -r "(objectClass=User)" (where
DC=xxx,DC=xxx is the name of the domain, for example DC=bt,DC=wan) to export all user
accounts from the “Export” OU to the file C:\Export.txt.
5. A succesfull export should say this:

Connecting to "ads0xcj001.xxxxxx"

Logging in as current user using SSPI

Exporting directory to file Export.txt

Searching for entries...

Writing out entries..

X entries exported

The command has completed successfully

6. Edit Export.txt file to replace DC=xxxxxxx,DC=xxxxxx (the name of the old domain)
with DC=bt,DC=wan (the name of the new domain)
7. In the file Export.txt verify the Distinguished Names of all the exported users so that an user
with the same Distinguished Name does not exist in the destination domain (xxxxxx). You can
find the names searching for distinguishedName:. If you find a duplicate name, search for all
occurances of it and rename it.
8. Change in Export.txt the following line userAccountControl: 512 to
userAccountControl: 514 to disable the accounts after importing them.
9. Copy the file Export.txt to a safe location.
10. Create the Export OU at the root of the xxxxxx domain.
11. On the domain controller for the new domain (xxxxxx) copy the file Export.txt to C:\. Open
command prompt and change path to C:\, then type ldifde -i -f ExportI.txt.
12. A succesfull import should say this:

Connecting to "ads0xcj001.xxxxxx"

Logging in as current user using SSPI

Importing directory from file "ExportI.txt"

Loading entries...

X entries modified successfully.

The command has completed successfully

13. All user accounts are now imported. Please note that due to restrictions at the security level,
all imported user accounts are now disabled. Type a password that meets security requirements
for each account and then enable them.
14. Move all the accounts from xxxxxx’s Export OU to their location (the OU of the Branch).

For the Centrala site, you can use ldifde to add new users without exporting them first.

In the next procedure, you use LDIFDE to add a new user named ‘Someone New’ to the Export
organizational unit.

1. Start Notepad, and create a new file called Newuser.ldf. (Save the file as with an .ldf
extension.)
2. Edit the LDIF file Newuser.ldf, and add the following text:

dn: CN=Someone New,OU=Export,DC=bt,DC=wan

changetype: add

cn: Someone New

objectClass: user

samAccountName: Someone.New

givenName: Someone

sn: New

Save the LDIF file.

3. Run LDIFDE to import the new user into active directory. Click Start, type Run, CMD, then
type the following command, and then press Enter.

ldifde –i -f newuser.ldf

4. To confirm that the new user has been created, check your active directory users and
computers snap-in.
5. The user account is now imported. Please note that due to restrictions at the security level, the
imported user account is now disabled. Type a password that meets security requirements for
the account and then enable it.
6. Move all the accounts from xxxxxx’s Export OU to their location (the OU of the Branch).
7. Please note that you can use Excel to create the file to use for imports and to create multiple
user accounts. The syntax is the same as detailed above.