September 2003
Intermediate to advanced
624 pages
15h 49m
English
Content preview from Active Directory CookbookBecome an O’Reilly member and get unlimited access to this title plus top books and audiobooks from O’Reilly and nearly 200 top publishers, thousands of courses curated by job role, 150+ live events each month,
Start your free trial
4.18. Moving an Object to a Different Domain
Problem
You want to move an object to a different domain.
Solution
Using a command-line interface
> movetree /start /sSourceDC/dTargetDC/sdnSourceDN/ddnTargetDN
In the following example, the cn=jsmith object in
the amer.rallencorp.com domain
will be moved to the emea.rallencorp.com domain.
> movetree /start /s dc-amer1 /d dc-emea1[RETURN] /ddn cn=jsmith,cn=users,dc=amer,dc=rallencorp,dc=com[RETURN] /sdn cn=jsmith,cn=users,dc=emea,dc=rallencorp,dc=com[RETURN]
Using VBScript
set objObject = GetObject("LDAP://TargetDC/TargetParentDN")
objObject.MoveHere "LDAP://SourceDC/SourceDN", vbNullStringIn the following
example, the cn=jsmith object in the amer.rallencorp.com domain will be moved to
the emea.rallencorp.com domain.
set objObject = GetObject( _ "LDAP://dc-amer1/cn=users,dc=amer,dc=rallencorp,dc=com") objObject.MoveHere _ "LDAP://dc-emea1/cn=jsmith,cn=users,dc=emea,dc=rallencorp,dc=com", _ vbNullString
Discussion
You can move objects between domains assuming you follow a few guidelines:
The user requesting the move must have permission to modify objects in the parent container of both domains.
You need to explicitly specify the target DC (serverless binds usually do not work). This is necessary because the “Cross Domain Move” LDAP control is being used behind the scenes. For more information on controls, see Recipe 4.3.
The move operation must be performed against the RID master for both domains.
Both domains must be in native mode.
When you ...