I need to copy some of our AD contents into a test domain. This has come up before so I wrote a collection of PowerShell scripts to handle the process.
For our current needs, we need OUs, users, groups and group memberships copied over. I worked this out over a couple days and developed a series of scripts that exports, renames and imports the objects into AD.
The scripts come in 8 parts - 4 export and 4 import. The import scripts must be executed in a particular order so that the necessary parts are available when needed. That order is OUs, Users, groups, group memberships.
The export scripts are interesting because they include a large number of AD attributes for the users yet filter things like the SIDs & passwords so they are save to use from a security perspective. Note too that the user accounts are disabled upon creation. This is easily remedied but left to the scripter.
The import scripts are a bit more complicated as they replace certain attributes with corresponding values from the new domain. Specifically, UPN, DN and mail are fixed up. Also, there's a neat trick played with split to drop off the cn=username portion of the DN so that the OU path for the new object is correct.
Last point. I didn't choose to deal with the Exchange install in my test domain so some of the Exchange=related groups error out during creation.
Find the scripts as the copyAD Suite in the TechNet Script Repository