This browser is no longer supported.
Upgrade to Microsoft Edge to take advantage of the latest features, security updates, and technical support.
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(246.4, 78%, 33%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EBR%3C/text%3E%3C/svg%3E)
Hello I have two air-gaped networks, one Server 2012 R2 and one Server 2019, my customer asked if users from the 2012 R2 can exported to moved to the Server 2019 domain. These are two physically different networks with different OU naming structures, is this a simple process? Thanks Bruce
Just an export/import of the AD user accounts with their properties/values?
Or do you need to export/import the related AD groups and memberships as well?
(If the reply was helpful please don't forget to upvote and/or accept as answer, thank you)
Regards
Andreas Baumgarten
If you resolved it using our solution, please click "Accept Answer" to help other community members find the helpful reply quickly.
If you resolve it using your own solution, please share your experience and solution here. It will be very beneficial for other community members who have similar questions.
If it's just export/import users these two links might help:
https://networkproguide.com/powershell-export-active-directory-users-to-csv/
https://sid-500.com/2020/11/03/powershell-import-active-directory-users-from-csv/
(If the reply was helpful please don't forget to upvote and/or accept as answer, thank you)
Regards
Andreas Baumgarten
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(256, 74%, 34%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3ERM%3C/text%3E%3C/svg%3E)
You can create new users in the other domain. Those users are going to have different SIDs, different userPrincipalNames, different distinguishedNames, etc. The groups in which they are members won't have them as members in the new domain so forget about maintaining the memberOf property value of the users.
Because the two domains can't communicate with each other the different SIDs won't matter (and there's always the old sidHistory property to help if there is communications -- but whether that'll work without a trust I can't say). Group membership will be a problem, especially if you have nested groups.
If you do create new users (not difficult) you can count on things not working properly for a while. And count on possibly creating new groups and adding those new users to them).
