How do I migrate user-accounts from OpenLDAP to Active-Directory?
Solution 1
Unlikely you'll be able to get the passwords out of OpenLDAP unless it operates in a manner different than the typical directory.
What some customers do in this scenario is stand up a middle layer for authentication that first checks the user's password against the source and then writes it to AD if it is valid prior to authenticating them. If you do this with a few key services, over a short period of time you'll capture most of the passwords.
Solution 2
For the import, if you can dump your data in CSV format, CSVDE works well for bulk-importing into AD. We recently migrated a couple of hundred users from eDirectory to AD with this, and it went very well. I can't answer your password question, as when we did it we just set the "must change password on next logon" bit and got the users to do it themselves.
Related videos on Youtube
ppuschmann
Updated on September 17, 2022Comments
-
ppuschmann over 1 year
We want to migrate our user-accounts from OpenLDAP to Active-Directory without changing the passwords and such. The users shouldn't notice the difference against which server they're authenticating then.
How-to-create-active-directory-user-account-with-powershell is a very interesting approach, but since the passwords are stored encrypted it is not working for us.
What are possible solutions / setup for our task?
OpenLDAP Version: 2.1 on SuSE, Windows Server 2008
-
ppuschmann over 14 yearsThanks for the hint with CSVDE. I'll have a look. "on next logon" will be a bit tricky, because Active-Directory will first replace the Authentication for IMAP, Apache2 and so on.
-
ppuschmann over 14 yearsThat's a very cool idea. Problem: create such a middle-layer. Perhaps I've just to created an internal phishing-site and ask each user to enter his credentials.