Windows Server 2003 - ADMT |
|
Sommaire | Blog | www.MToo.net | Météo | Photos | Prestations | A propos |
|
Microsoft released ADMT (Active Directory Migration Too) same day than Windows Server 2003. This evolution of ADMT really improved and increase the functionalities of original tool, i.e. accounts migration. ADMT is a perfect tool for schema migration so for migrating accounts from one forest to another one, which is it's original purpose, but now can be used from domain to domain or internally within a forest. Available options are : • User Account Migration Wizard
ADMT can be setup over a Windows Server 2000 or 2003, you can download it from Microsoft website : : http://www.microsoft.com/downloads/details.aspx?FamilyID=788975b1-5849-4707-9817-8c9773c25c6c&DisplayLang=en (file is called admt2.exe). Before using ADMT you must check if your target account is in native mode. Warning : switching you domain in native mode is a one way operation, you can't go back !! For your migrations to works fine, you have to create a bidirectional trust relation between the target and source domains (using MMC Active Directory Domains and Trusts and User Manager with NT4) you also have to allow the used account to administer both target and source domains. The next step consist in editing registry for adding TCP/IP support on the source PDC controler . Run REGEDIT, then reach the key HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa, and add a new DWORD value TcpipClientSupport , with a value of 1. You need to restart the Primary Domain controler after it. After these steps I suggest you to do a few test and simulations with a few test accounts, computers, or groups.
Run ADMT then select User Account Migration Wizzard
The first time I suggest you to choose a test, then select Migrate now :
Select source domain (NT4 or Active Directory) and target domain :
Click on Add buton in order to select users account to be migrated :
Select then the target domain and OU (with the browse button) :
You then have to choose the password migration strategy. If you have created a secured link between domains you can even choose to migrate password. Warning : You have to be sure that source password are compliant with the target domain password strategy, else the passwords will be changed. In case passwords are changed you have to consult file password.txt which contain the list of passwords.
Next step consist in choosing account migration options : target and / or source accounts can be blocked or stay in the same status. You can also expire source accounts after a certain umber of days. Important option : if you migrate SIDs your new accounts will be considered similar to old accounts on the old domain (very useful it new accounts will still need resources from old domain).
Next screen allow you to select extra options : _ roaming profiles
conversion (updating of proprietary and rights)
Next screen manage user accounts conflicts.
The final screen display a summary of chosen options.
A progression screen display the status of migration.
When the operation is complete you can go to check and change created accounts. Created passwords are in C:\Program Files\Active Directory Migration Tool\Logs\passwords.txt. The good thing is that all previously selected parameters will be by default on the next instance of ADMT. |