Migration multiples AD
How to migrate multiple AD when you can not upgrade? That is when there is a mounted of several versions (for example: 2008 to 2016).
Here is my approach to the subject:
1. Create new ADs (in mixed mode (**)) in the same subnet as the old ADs
2. Create a trust relationship between each pair [old AD - new AD]
3. Capture old AD users + old AD objects (script Powershell ADCapture.ps1)
4. Create old AD users + objects on new AD (script Powershell ADCreate.ps1)
5. Link new AD users on old AD DFS (script Powershell oldDSFjonction.ps1)
5bis. The new desktops will automatically be attached to the new AD and the non-migrated desktops will remain on old AD (*)
6. Copy full of old DFS on new DFS (script Powershell copyDFS.ps1)
7. Once all the desktops have been migrated:
7.1. A Saturday: DFS Migration Operation: Copy of the Old DFS Delta on New DFS (*) (script Powershell DeltaDFS.ps1)
7.2. Link new AD users on new DFS (script Powershell LinkNewDFS.ps1)
8. Bind desktops + new AD users with new AD objects (script Powershell LinkNewObjects.ps1)
9. Close the relationship of approval of the pair [old AD - new AD]
10. MCO: Keep old AD time to be sure everything is running on new AD and save it then delete it after 3 months.
(*): Provides continuity of service for old and new positions during the transitional period
(**): Allows you to install servers in a lower version (lower license cost)
So 10 scripts:
ADCapture.ps1 (from a Windows 10 Station)
ADCreate.ps1
oldDSFjonction.ps1
CreateAndCopyDFS.ps1
DeltaDFS.ps1
LinkNewDFS.ps1
LinkNewObjects.ps1
Install-AD.ps1
BackUp_GPOs.ps1 (https://gallery.technet.microsoft.com/scriptcenter/Comprehensive-Group-Policy-5f9d3ea6/file/100083/10/BackUp_GPOs.ps1)
Import_GPOs.ps1 https://gallery.technet.microsoft.com/scriptcenter/Comprehensive-Group-Policy-212562cb/file/100084/7/Import_GPOs.ps1
Install-AD.ps1: # Install Group Policy Module If ((Get-CimInstance Win32_OperatingSystem).Caption -like "*Windows 10*") { If (Get-HotFix -Id KB2693643 -ErrorAction SilentlyContinue) { Write-Verbose '---RSAT for Windows 10 is already installed' } Else { Write-Verbose '---Downloading RSAT for Windows 10' If ((Get-CimInstance Win32_ComputerSystem).SystemType -like "x64*") { Write-Verbose "---$(Get-Date)" Write-Verbose '---Installing RSAT for Windows 10' # wusa.exe returns immediately. Loop until install complete. # The latest versions of the RSAT automatically enable all RSAT features Write-Verbose '---RSAT AD PowerShell already enabled' } Else { Write-Verbose '---Enabling RSAT AD PowerShell' } Write-Verbose '---Downloading help for AD PowerShell' Write-Verbose '---ActiveDirectory PowerShell module install complete.' # Verify Install-ADModule -Verbose |
ADCapture.ps1: param {Dom} # Get GPOs Extract
#Get the permission level for Users on the GPOs # Get Groups List # Get OU List #Get OU ACLs
|
To Capture AD settings and users and groups
--> Run Install-AD.ps1 and then run ADCapture.ps1 <--
# Example Command run script: .\ADCreate.ps1 -Domain <Your new AD domain Netbios Name> -CSVUsers "C:\Users.csv" -CSVGRPs "C:\GRPs.csv" -CSVGrpMbrs "C:\GrpMbrs.csv" -CSVOUs "C:\OUs.csv" -CSVGRPGPOAcl "C:\GRPGPOAcl.csv" -CSVGRPAcl "C:\GRPAcl.csv" -CSVOUAcl "C:\OUAcl.csv" -CSVUsersGPOAcl "C:\UsersGPOAcl.csv"
# Import active directory module for running AD cmdlets ########################## #Store the data from ADUsers.csv in the $ADUsers variable #Loop through each row containing user details in the CSV file
#Import CSV
$GrpMbrscsv = Import-Csv -Path C:\GrpMbrs.csv $AdGrpMbr = split(line," ::: ")[1] $User = Get-ADUser -Identity $AdGrpMbr
$OUscsv = Import-Csv -Path C:\OUs.csv ###############################
$GRPAcl = Import-Csv -Path $CSVGRPAcl
$OUAcl = Import-Csv -Path $CSVOUAcl
$GRPsGPOAcl = Import-Csv -path $CSVGRPGPOAcl
|
CreateAndCopyDFS.ps1: # Command: .\CreateAndCopyDFS.ps1 -Dom <your old Domain name> -NewDom <your new Domain name> param ($Dom,$NewDom) Foreach ($DfsNamespace in $DfsNamespaces) $NewDFSFolder = @{ New-DfsnFolder @NewDFSFolder #Copy old Dfs to new Dfs |
Enjoy
Commenter cet article