Export the source Groups and Users from AD to CSV using export-ADData.ps1. At this time, system users and groups are unnecessary, except for the most special cases, so be sure to use the -ExcludeSystemObject (-nosys) option.
Similarly, export from the import target AD using -ExcludeSystemObject. Even if your intended import target is a branch OU, always specify the base domain in -DNPath during export.
All CSV and TXT files should use UTF-8 encoding. Do not use local encodings such as ShiftJIS or CP932.
Check for collisions between the SamAccountName of Groups and Users on both sides. If any are found, decide on a policy for renaming or deletion.
๐ Describing mostly for Users as an example, but applies to both Groups and Users.
Users_domain_local-nosys.csv (Groups_domain_local-nosys.csv)
The original data exported from export-ADData.ps1 with system objects excluded.
Remove unnecessary columns for import
Although having extra columns in the CSV does not break import-ADData.ps1, removing columns that are not used for import will make later editing, checking, and troubleshooting much easier.
Minimal column sets
For Groups:
MemberOf,CN,Description,DisplayName,DistinguishedName,GroupCategory,GroupScope,groupType,HomePage,isCriticalSystemObject,ManagedBy,Name,ObjectCategory,ObjectClass,SamAccountName
๐ Note: Some columns such as DisplayName, HomePage, ObjectCategory, CN are not currently used by import-ADData.ps1. However, they can still be useful for reference during your work, or for future extensions.
For Users:
MemberOf,Manager,CanonicalName,City,CN,codePage,Company,Country,countryCode,Department,Description,DisplayName,DistinguishedName,Division,EmailAddress,EmployeeID,EmployeeNumber,Enabled,Fax,GivenName,HomeDirectory,HomeDrive,HomePage,HomePhone,Initials,isCriticalSystemObject,MobilePhone,Name,ObjectCategory,ObjectClass,Office,OfficePhone,Organization,OtherName,PasswordNeverExpires,POBox,PostalCode,PrimaryGroup,ProfilePath,SamAccountName,sAMAccountType,ScriptPath,State,StreetAddress,Surname,Title,userAccountControl,UserPrincipalName
๐ Note:
Some columns such as CanonicalName, CN, codePage, HomePage, Initials, Organization, PrimaryGroup, sAMAccountType are not currently used by import-ADData.ps1. But it is recommended to keep them for reference or future utilization.
If you want to assign passwords to selected users, add a "Password" column. (See the repository README and import-ADData.ps1 help for details.) This column is safe to add: if a rowโs Password field is empty, import-ADData.ps1 simply ignores it.
You may also add a "ChangePasswordAtLogon" column to control whether users must change their password at next logon. Acceptable values are TRUE, YES, or 1 to enable, and FALSE, NO, or 0 to disable. This column takes precedence over the userAccountControl property for this setting. To activate this feature, you may need to use the "Password" column together with "ChangePasswordAtLogon". For more details, see the README and import-ADData.ps1 help.
You can remove columns in either of the following ways:
Manual method (Excel)
Load the CSV into Excel (e.g., save as Users_domain_local-nosys.xlsx or Groups_domain_local-nosys.xlsx), then manually delete columns that you do not need for import.
Automatic method (filter-csv-columns.ps1)
You can use the helper script utils/filter-csv-columns/filter-csv-columns.ps1 to trim your CSVs automatically, as described below:
Save the minimal column sets strings above (including commas) in files (UTF-8, CRLF):
column_list-Groups.csvcolumn_list-Users.csvThen run the following in a PowerShell console:
.\filter-csv-columns.ps1 -InFile .\Groups_domain_local-nosys.csv -OutFile .\Groups_domain_local-slim.csv -ColumnFile .\column_list-Groups.csv
.\filter-csv-columns.ps1 -InFile .\Users_domain_local-nosys.csv -OutFile .\Users_domain_local-slim.csv -ColumnFile .\column_list-Users.csv
Thatโs all. Just review the output files briefly to confirm the columns look as expected.
For more details, see the help and comments of filter-csv-columns.ps1.
Users_domain_local-slim.xlsx (Groups_domain_local-slim.xlsx)
Save this file after removing unnecessary columns.
If you used filter-csv-columns.ps1 in step 2 to generate *-slim.csv, you may skip this additional Excel step unless you need Excel specifically for manual editing or review.
Users_domain_local-slim.csv (Groups_domain_local-slim.csv)
Save the previous Excel file as CSV (UTF-8).
If you used filter-csv-columns.ps1 in step 2, this *-slim.csv file has already been created, so no further conversion is required here.
exclude-users-regex.txt) containing patterns to match SamAccountName, Name, or CN for exclusion. (If you only have a few entries to remove, manual deletion is fine. However, this method will also save you when you need to re-export the original data later to start over.):
,*alpha*,
,*foxtrot*,
Then run (if you are using Linux):
grep -v -f exclude-users-regex.txt Users_domain_local-slim.csv > Users_domain_local-slim-mod.csv
This produces a โmodโ CSV with the specified entries excluded.
For Users, this file is the final form for use in import.
Users_domain_local-slim-mod.xlsx (Groups_domain_local-slim-mod.xlsx)
Save as Excel.
For groups, to minimize race conditions due to dependencies among groups during import, sort the file in Excel and save. (Recommended sort condition: primary:SamAccountName secondary:DistinguishedName)