This batch exports organizational units, user accounts, computer accounts, security groups and group memberschip, etc. to text files so that the can be used te recreate the same configuration on an other domain controller in e differenty domain. This can be used in a migration or disaster recovery scenario. Refer to system administration scripts for background.
The commands used in this script are available from Windows 2003 Server on. On Windows 2000 domain controllers, you will have to resort to ADSI scripts to do the same
REM Koen Noens REM june 2003 REM script to enumerate an active directory on Windows 2003 @echo OFF REM Create directory for output MD adconf REM list Organizational Units by distinguished name Dsquery ou > .\adconf\ou.txt REM list Computeraccounts dsquery computer | dsget computer -dn -SAMid -desc > .\adconf\computers.txt REM list Groups dsquery groups | dsget group -dn -SAMid -scope > .\adconf\groups.txt REM list Users dsquery user | dsget user -dn -SAMid > .\adconf\users.txt REM enumerate users and their group membership (WARNING : see comments) dsquery user | dsget user -dn -memberof > .\adconf\users_groups.txt
Enumerating users and their group membership may be more complicated than shown here. The statement used here works fine to create an input file if a user is member of 1 and only one group. This is something we tried to achieve in the Active Directory Design, but in case the business logic requires that we make users member of more than one group, we may have to approach this differently (re. getGroupMembership).