I had to migrate some users from my forest into a brand new forest and I was told to just create all the users on the new forest.
So I prepared the target forest for migration by setting up the trust relationship between my forest and the target forest, delegated the rights on the remote forest for my administrative user and installed ADTM 3.2 on both forests as I was going to experiment migration from both forests.
Now, before you install ADMT 3,2 remember you will have to install SQL Express server. In my case I had the ADMT installed on Domain Controller instead of a member server. If this is your case also then do NOT install SQL Express 2008, just install SQL Express 2005 SP1 because the ADMT 3.2 will not work with SQL Express 2008 installed on the DC.
So first install SQL Express 2005 SP1 then install the ADMT.
Now, if you also plan on migrating the passwords and SID history from one forest to the other you will also need to further prepare the target and source domain for the migration. Please see this Technet article regarding preparation of the domain, and here is the Technet article regarding password migration domain preparation.
You will probably find many more guides on the internet on how to prepare the domain and groups and other small things.
After you install ADMT and you want to migrate also the Passwords then you will have to install also “Password Export Server“.
After you install PES you will have to create a KEY for password encryption. The key needs to be created on the TARGET domain and imported on the SOURCE domain.
So you will need to run this command on the TARGET domain:
admt key /option:create /sourcedomain:/keyfile: /keypassword:{|*}
ADMTKEY Example:
admt key /option:create /sourcedomain:sourcedomain.local /keyfile:c: /keypassword:yourpassword
After you copy the key from the target domain to the source domain you will also have to IMPORT IT ! No article will tell you this. The PES key must be imported on the source domain by this command:
admt key /option:import /sourcedomain:sourcedomain.local /keyfile:key.pes
Only now START the “Password Export Server Service”.
After performing this activity you will able to migrate users with passwords.
No comments:
Post a Comment