Logo ToutWindows.com

Windows Server 2003 - ADMT
Active Directory Migration Tool

Version Française ici

  Sommaire  |  Blog   |    www.MToo.net   |     Météo    |    Photos   |    Prestations    |    A propos  

   Retour accueil  

Menu All about ...
 

- Windows Server
2003 SP1
-
Active Directory
FAQ
-
ADMT

- Virtual Server

- Profile
My Photos
-

 

 

Microsoft released ADMT (Active Directory Migration Too) same day than Windows Server 2003. This evolution of ADMT really improved and increase the functionalities of original tool, i.e. accounts migration.

ADMT is a perfect tool for schema migration so for migrating accounts from one forest to another one, which is it's original purpose, but now can be used from domain to domain or internally within a forest.

Available options are :

• User Account Migration Wizard
• Group Account Migration Wizard
• Computer Migration Wizard
• Security Translation Wizard
• Reporting Wizard
• Service Account Migration Wizard
• Exchange Directory Migration Wizard
• Undo Last Migration Wizard
• Retry Task Wizard
• Trust Migration Wizard
• Group Mapping and Merging Wizard

CHAPTERS :
Prérequisite
Migration of user accounts
Migration of computer accounts

 

ADMT can be setup over a Windows Server 2000 or 2003, you can download it from Microsoft website : : http://www.microsoft.com/downloads/details.aspx?FamilyID=788975b1-5849-4707-9817-8c9773c25c6c&DisplayLang=en (file is called admt2.exe).

Before using ADMT you must check if your target account is in native mode. Warning : switching you domain in native mode is a one way operation, you can't go back !!

For your migrations to works fine, you have to create a bidirectional trust relation between the target and source domains (using MMC Active Directory Domains and Trusts and User Manager with NT4) you also have to allow the used account to administer both target and source domains.

The next step consist in editing registry for adding TCP/IP support on the source PDC controler . Run REGEDIT, then reach the key HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa, and add a new DWORD value TcpipClientSupport , with a value of 1. You need to restart the Primary Domain controler after it.

After these steps I suggest you to do a few test and simulations with a few test accounts, computers, or groups.

  • User account's migration

Run ADMT then select User Account Migration Wizzard

The first time I suggest you to choose a test, then select Migrate now :

Select source domain (NT4 or Active Directory) and target domain :

Click on Add buton in order to select users account to be migrated :

Select then the target domain and OU (with the browse button) :

You then have to choose the password migration strategy. If you have created a secured link between domains you can even choose to migrate password. Warning : You have to be sure that source password are compliant with the target domain password strategy, else the passwords will be changed.

In case passwords are changed you have to consult file password.txt which contain the list of passwords.

Next step consist in choosing account migration options : target and / or source accounts can be blocked or stay in the same status. You can also expire source accounts after a certain umber of days.

Important option : if you migrate SIDs your new accounts will be considered similar to old accounts on the old domain (very useful it new accounts will still need resources from old domain).

Next screen allow you to select extra options :

_ roaming profiles conversion (updating of proprietary and rights)
_ update of user rights
_ migration of groups within the accounts are member of : if you choose the option Update previously migrated objects, accounts will be added in a group created in a previous instance of ADMT).
_ fix users group memberships will add users in target domain groups which have same name (but not necessary same SID)
_ you can eventually choose to rename accounts during migration.

Next screen manage user accounts conflicts.

The final screen display a summary of chosen options.

A progression screen display the status of migration.

When the operation is complete you can go to check and change created accounts. Created passwords are in  C:\Program Files\Active Directory Migration Tool\Logs\passwords.txt.

The good thing is that all previously selected parameters will be by default on the next instance of ADMT.

Next page >