One of my main focuses at work has been AD migrations. The overall project is going frustratingly slow but at the same time is abnormally complicated. Thus my entire day, every day (plus .5-4 hours of overtime) is spent on it. And to make anything else get done I have to volunteer extra of my time.

To keep my sanity between wanting to do fun things, dealing with a massive project, and correcting lots of human error, I decided to spend a few late nights automating as much as I could for this migration project with PowerShell. Through the process I believe I significantly leveled up my scripting skills, and turned many mundane tasks into an automated process. Here’s an overview of what the script does:

  1. Read a manually generated list of users/computers/groups that are migrating together as a “migration wave”
  2. Identify if/where/what those objects are in both the source and target domains
  3. Search a database for additional computers that a listed user may be logging into and add it to the migration wave. The database is populated via a login script GPO utilizing the BGinfo sysinternals tool
  4. Filter out objects that are conflicts, have typos, or appear to be already migrated
  5. (Optionally) move everything that wasn’t filtered out to a staging area in the source domain and set a couple ADSI attributes
  6. Generate separate Group/User/Computer import files compatible with Quest migration tools
  7. Provide an email report of the status of each item in the migration wave

The great thing about this script is it pretty much eliminates the need to manually search for conflicts, you never have to re-type things or click through the clunky Quest AD user interfaces, and it provides a clear report for everyone on the project of what’s going on. An added bonus for anyone familiar with PowerShell is that the migration wave list is output as a custom PS object, meaning it can be saved as a variable, piped to another command, or otherwise manipulated. If I were a little more familiar with the Quest PowerShell plugins I wonder if it could actually perform the migrations for us entirely…

At some point I’ll go back through the script, do a final cleaning to remove company-specific info and post it for anyone who needs it. Please let me know if this sounds helpful – things always get done sooner with some friendly motivation.

  1. This is the kind of stuff I love to do, but haven’t found any way to do it at work lately, so I’m massively jealous right now. Good work!

Leave a Comment

NOTE - You can use these HTML tags and attributes:
<a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <s> <strike> <strong>