Q: I need to copy Users and Groups from old server to new server

If you do not need passwords, you can export out to flat files using Workgroup Manager.  Simply select the users and choose Export... from the Server menu.  Repeat for your groups.  Do note, this will not preserve passwords. 

I find this type of export to be a bit too much information.  I generally will use dsexport and grab only the attributes that I want.  For example, since MCX is depreciated, I really don't want all the MCX values from the old server.  So I will use this command to grab just the key/value pairs that I want:

dsexport ~/Desktop/exportedUsers /LDAPv3/127.0.0.1 dsRecTypeStandard:Users -e "dsAttrTypeStandard:AuthenticationAuthority" -e "dsAttrTypeStandard:Expire" -e "dsAttrTypeStandard:Change" -e "dsAttrTypeStandard:Password" -e "dsAttrTypeStandard:AltSecurityIdentities" -e "dsAttrTypeStandard:JPEGPhoto"

The -e keys are the excluded keys.  If you do this, you will want to edit the file before importing because depending on the version of OS X that you run it from, you will likely also export the root, diradmin, and VPN Key user accounts.  These already exist in Mavericks so you will want to delete those entries from the file.  The dsexport method also does not preserve passwords.  You can add them into the import file before importing, but you will not get them from the old server.

Alternatively, if you want to try to migrate the Open Directory database (I would only try this if your old server is running 10.6.8, 10.7.4 or 10.8.4), use Server Admin's export OD feature and create a DMG of your old OD.  Move this to the new server and import it.  Remember the old saying, garbage in, garbage out.  If the old OD database is damaged, this cruft will follow to the new server.

Reid

Apple Consultants Network

Apple Professional Services

Author "Mavericks Server – Foundation Services" :: Exclusively available in Apple's iBooks Store