The Salty Economist

Things I Should Have Learned in High School
posts - 56, comments - 0, trackbacks - 0

Copy User Accounts Between Servers, Server 2008 R2

Well, I wrote this before I realized that the Microsoft Migration tools do NOT allow for the export/import of user PASSWORDS, just the account names themselves.

That sucks.  So don't bother reading this post if you want to migrate user names with passwords.

Here's how to do it:

(1)  On both the Sourrce and Destination server, install the Microsoft Migration Tools.

First, Open a PowerShell Instance as Administror

Open a Windows PowerShell session with elevated user rights. To do this, click Start, click All Programs, click Accessories, click Windows PowerShell, right-click the Windows PowerShell shortcut, and then click Run as administrator.

Load the Server Manager module into your Windows PowerShell session. To load the Server Manager module,

type the following, and then press Enter.
Import-Module ServerManager

Type the following, and then press Enter.
Add-WindowsFeature Migration

Do this on both Servers

(2)  Export the User Accounts from the Source Server:

First, note that you now have a Migration Toos menu item under Administrative Tools:

Click on migration tools;  this opens a command line window:

Ender the Command:

Export-SmigServerSetting -User <Enabled | Disabled | All> -Group -Path <MigrationStorePath> -Verbose

Here's mine:

Export-SmigServerSetting -User All -Group -Path C:\ExportedUsers -Verbose

Note:  You don't specify a specifc file name (there is one created by default); just enter the folder name for the MigrationStorePath parameter

You will be prompted for to enter a Password; you will need this Password to Import the accounts on the Destination Server..

Enter it.

Now, be patient because this takes awhile.  I had about 350 users and it took about 25 minutes to build the export file.

The export file name is svrmig.mig

(3)  Import the User Accounts to the Destination Server:

Now copy the user accounts file from the source server to the destination server.  The easiest hing is just to copy it to a new folder at the root of the C:\ drice, like c:\ExportedUsers\

On the Destination server, open Migration Tools just like you did on the Source server.

Now, enter the command:

Import-SmigServerSetting -User  <Enabled | Disabled | All> -Group -Path <MigrationStorePath> –Verbose

Here's mine:

Import-SmigServerSetting -User  All -Group -Path c:\ExportedUsers –Verbose

Again, note the  <MigrationStorePath>  is the folder, not the full file path,

You will be prompted for the Password that you entered when creating the export file.  Enter it.

Again this takes time as it grinds away.

But Voila, it eventually finishes.

That's preety cool to copy 350 accounts.   Imagine trying to set them up manually.  Especially without making typos in names and passwords.

 But, like everythin Microsoft, the good always comes with the bad.

Two bad things:

(1)  All the user accounts are marked as Disabled; and

(2)  All the user accounts are marked as having to change their password on next login.

Like this:

 

What a pain!

But all is not lost.

 There is this blog post:

https://robiulislam.wordpress.com/2011/07/08/local-users-migration-from-windows-2003-to-windows-2008-r2-server/

That has two scripts that be run to enable the accounts and to change the passwords to never expire.

The Scrips are VBScript.  I never knew you could run VBScript on a server.

in PowerShell, the command to run a VBScript  is:

c:\windows\system32\cscript.exe <File Name>

Mine is:

C:\windows\system32\cscript.exe c:\Scripts\script0.vbs

Script 1:

     '==========================================================================

     'Script to set all user accounts to have their passwords never expire

     '==========================================================================

     ' create network object for the local computer
     Set objNetwork = CreateObject("Wscript.Network")

     ' get the name of the local computer
     strComputer = objNetwork.ComputerName

     Set objComputer = GetObject("WinNT://" & strComputer)

     objComputer.Filter = Array("user")

     For Each objUser In objComputer

          lngUserFlags = objUser.userFlags

          lngUserFlags = lngUserFlags Or ADS_UF_DONT_EXPIRE_PASSWD

          objUser.userFlags = lngUserFlags

          objUser.SetInfo

     Next
     '==========================================================================

 

 Script 2:

     '==========================================================================

     'Script to enable all user accounts

     'Execute following  VB script to enable all disable users except guest but still need to set password for imported users.

     '==========================================================================

     '*************************************************
     ' Lists local accounts and enables all except Guest
     '**************************************************

     Set objShell = CreateObject("Wscript.Shell")

     Set objNetwork = CreateObject("Wscript.Network")

     strComputer = objNetwork.ComputerName

     Set colAccounts = GetObject("WinNT://" & strComputer & "")

     colAccounts.Filter = Array("user")

     Message = Message & "Local User accounts:" & vbCrLf & vbCrLf

     For Each objUser In colAccounts   

          If objUser.Name <> "Guest" Then

               Message = Message & objUser.Name

               If objUser.AccountDisabled = True then

                    Message = Message & " has been enabled" & vbCrLf

                    objUser.AccountDisabled = False

                    objUser.SetInfo

               Else

                    Message = Message & " is already enabled" & vbCrLf

               End if

          End If

     Next

     ' Initialize title text.

     Title = "Local User Accounts By Robiul"

     objShell.Popup Message, , Title, vbInformation + vbOKOnly

So run these scrips, and all is good!

 

 

 

Print | posted on Saturday, October 20, 2018 7:19 PM |

Powered by:
Powered By Subtext Powered By ASP.NET