Migrating Groups
In most cases, the first
objects to be migrated into a new domain should be groups. If users are
migrated first, their group membership will not transfer over. However,
if the groups exist before the users are migrated, they will
automatically find their place in the group structure. To migrate groups
using ADMT v3.1, use the Group Account Migration Wizard, as follows:
1. | Open the
ADMT MMC snap-in (Start, Administrative Tools, Active Directory
Migration Tool).
|
2. | Right-click
Active Directory Migration Tool in the left pane, and choose Group
Account Migration Wizard.
|
3. | Click Next to continue.
|
4. | Type the source and destination domains, select the
source and destination domain controllers, and click Next to continue.
|
5. | Choose the Select Groups from Domain option, and click
Next.
|
6. | On the
subsequent page, you can select the group accounts from the source
domain. Select all the groups required by using the Add button and
selecting the objects. After you select the groups, click Next to
continue.
|
7. | Enter the
destination OU for the accounts from the source domain by clicking
Browse and selecting the OU created in the steps outlined previously.
Click Next to continue.
|
8. | On the following page, there are several options to
choose from that determine the nature of the migrated groups. Clicking
the Help button details the nature of each setting. In the sample
migration, choose the settings shown in Figure 2. After choosing
the appropriate settings, click Next to continue.
|
9. | Enter
a user account with proper administrative rights on the source domain
on the following page. Then click Next to continue.
|
10. | The subsequent page allows for the exclusion of
specific directory-level attributes from migration. If you need to
exclude any attributes, they can be set here. In this example, no
exclusions are set. Click Next to continue.
|
11. | Naming conflicts often arise during domain migrations.
In addition, different naming conventions might apply in the new
environment. Objects will not be migrated if conflicts occur. Click
Next.
|
12. | The
verification page is the last wizard page you see before any changes are
made. Once again, make sure that the procedure has been tested before
running it because ADMT will henceforth write changes to the target
Windows Server 2008 R2 Active Directory environment. Click Finish when
you’re ready to begin group migration.
|
13. | The group migration process then commences. The window
shows the migration progress. Click Close when it completes.
|
The group(s) is (are) now migrated to the new domain.
Migrating User Accounts
User accounts are the
“bread and butter” of domain objects and are among the most important
components. The biggest shortcoming of older versions of ADMT was their
inability to migrate passwords of user objects, which effectively
limited its use. However, ADMT v3.1 does an excellent job of migrating
users, their passwords, and the security associated with them. To
migrate users, follow these steps:
1. | Open the
ADMT MMC snap-in (Start, Administrative Tools, Active Directory
Migration Tool).
|
2. | Right-click
the Active Directory Migration Tool, and choose User Account Migration
Wizard.
|
3. | Click Next
on the Welcome page.
|
4. | Select the source and target domains on the
subsequent page, and click Next to continue.
|
5. | Choose the Select Users from Domain option, and click
Next.
|
6. | The
following page allows you to choose user accounts for migration. Just
click the Add button and select the user accounts to be migrated. After
you select all the user accounts, click Next to continue.
|
7. | The next page allows you to choose a target OU for all
created users. Choose the OU by clicking the Browse button. After you
select it, click Next to continue.
|
8. | Select Migrate Passwords and then select the server in
the source domain in which the Password Export Server (PES) service was
installed. Click Next to continue.
|
9. | On the Account Transition Options page, leave the
default transition options, and click Next.
|
10. | Enter the account to use when adding SID History, which
has to have administrative rights on the source domain. Then click
Next.
|
11. | The
subsequent page deals with User Options settings. Click Help for an
overview of each option. Select Translate Roaming Profiles. Then click
Next to continue.
|
12. | The next
page is for setting exclusions. Specify any property of the user object
that should not be migrated here. In this example, no exclusions are
set. Click Next to continue.
|
13. | Naming conflicts for user accounts are common. Designate
a procedure for dealing with duplicate accounts in advance and enter
such information on the next wizard page. Select the appropriate options
for duplicate accounts and click Next to continue.
|
14. | The following verification page presents a summary of
the procedure that will take place. This is the last page before changes
are written to the target domain. Verify the settings and click Finish
to continue.
|
15. | The
Migration Progress status box displays the migration process as it
occurs, indicating the number of successful and unsuccessful accounts
created. When the process is complete, review the log by clicking View
Log and verify the integrity of the procedure. Click Close when you are
finished.
|
Note
Depending on if other
wizards have already been run, there might be additional steps at this
point that happen one time only to set up proper Registry settings,
reboot DCs, and create special groups.