ADMT Series – 9. Merging Users with a Different sAMAccountName

Is the last post we looked at a vanilla user account migration, assuming a clean target domain.

There may be a situation where the users have already been created in the target domain with a different sAMAccountName. For example, the user Branch Warren might have the sAMAccountName of bwarren in the source domain but branch.warren in the target.



To get around this you can use an include file to map these different sAMAccountNames together when migrating. The include file is in the following format, and if we use the example above would look like this:


Creating the Include File

To generate this list you can use CSVDE to pull out the required information from the two forests. The final include file will require a bit of manual preparation to get into the correct format.

From the source domain:

csvde -d "OU=source,DC=source,DC=local" -f sourceinclude.csv -l "sAMAccountName"

From the target domain:

csvde -d "OU=target,DC=target,DC=local" -f targetinclude.csv -l "sAMAccountName, userPrincipalName"

Create the include CSV file in the same format as the example above, I’ve created three users which I need to migrate and merge with an include file.


Once you have this in place, the migration process is very similar to the method outlined in the last blog post. When you are asked to select users, choose Read objects from an include file, specify the Include file you created above.

Clear all check boxes.

When you get to the conflict management screen, choose Migrate and merge conflicting, leave both tick boxes empty.

Click finish, and view log. Here you can see the account being merged, passwords being migrated and sIDHistory completed.

If you open up one of the users, you can see the attributes have been carried across from the source domain user.

Migrating Only the siDHistory

When you migrate users, all attributes are carried across unless otherwise specified. There may be a scenario where the user objects in the target domain need to be kept untouched but siDHistory brought across. You can achieve this with the object property exclusion options. Run through the user migration and tick Exclude specific object properties from migration, select object type User and move all attributes into the excluded properties box.

Run through and finish the rest of the wizard. You can confirm that only the siDHistory has been brought across by running ldifde and comparing the two files.

Run before:

ldifde -f user_before.ldf -d "CN=lee.priest,OU=target,DC=target,DC=local

Run after:

ldifde -f user_after.ldf -d "CN=lee.priest,OU=target,DC=target,DC=local

Winmerge is a pretty handy tool to compare two files, here they are side-by-side:


Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Google+ photo

You are commenting using your Google+ account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )


Connecting to %s