24 December, 2010

Migrating User Accounts {ADMT 3.0}

The Wizard

(Make sure you run this wizard on the destination domain controller logged in as the administrator of the source domain)

Built-in accounts (such as Administrators, Users, and Power Users) cannot be Active Directory Migration Tool (ADMT) migration objects.

Because built-in account security identifiers (SIDs) are identical in every domain, migrating these accounts to a target domain results in duplicate SIDs in a single domain.

Every SID in a domain must be unique.

Well-known accounts (such as Domain Admins and Domain Users) also cannot be ADMT migration objects

The ADMT user account migration process includes the following steps:

1.ADMT reads the attributes of the source user objects.
2.ADMT creates a new user object in the target domain and a new primary SID for the new user account.
3.ADMT adds the original SID of the user account to the SID history attribute of the new user account.
4.ADMT migrates the password for the user account.
5.If ADMT identifies global groups in the target domain that the migrated users belonged to in the source domain, the tool adds the users to the appropriate global groups in the target domain.

Select the Source and the Destination Domain and the Domain Controller

Select the User that you want to Migrate

Select an OU in the Destination Domain where you want to store this User after Migration

Password Options: Do not update passwords for existing users / Generate complex passwords

Account Transition Options: Disable target accounts / Days until source accounts expire / Migrate user SIDs to target domains

User Options: Translate roaming profiles / Fix users’ group memberships

Conflict Management: Do not migrate source object if a conflict is detected in the target domain