Virtual Geek

Tales from real IT system administrators world and non-production environment


August 22, 2016 09:50AM

Recently I was involved into new child domain creation in Active Directory, and another major task was migrating existing certain Users, Groups, Computers and other objects from Parent root domain to child domain for management delegation purpose. This Users and other AD objects were part of one of the new project and I wanted them to move to new child domain. Here I would like to discuss about ADMT version 3.2 (Active Directory Migration Tool), The Windows Server Active Directory Migration Tool (ADMT) V3.2 is a free utility that allows you to migrate objects (users, computers, groups, etc.) from one Windows Server Active Directory domain/forest to another. 


There are two types of AD migration can be performed as below (Source:

Interforest Active Directory domain restructure
You might perform an interforest restructure for business changes, such as mergers or acquisitions or divestitures, in which your organizations have to combine or divide resources. As part of the restructuring process, when you migrate objects between forests both the source and target domain environments exist simultaneously. This makes it possible for you to roll back to the source environment during the migration, if necessary.

inter forest Admt active directory migration tool version 3.2

Intraforest Active Directory domain restructure
When you restructure domains in a forest, you can consolidate your domain structure and reduce administrative complexity and overhead. Unlike the process for restructuring domains between forests, when you restructure domains in a forest, the migrated accounts no longer exist in the source domain. Therefore, rollback of the migration can only occur when you carry out the migration process again in reverse order from the previous target domain to the previous source domain.

intra forest Admt active directory migration tool version 3.2

The following table lists the differences between an interforest domain restructure and an intraforest domain restructure.

Migration consideration

Interforest restructure

Intraforest restructure

Object preservation

Objects are cloned rather than migrated. The original object remains in the source location to maintain access to resources for users.

User and group objects are migrated and no longer exist in the source location. Computer and managed service account objects copied and the original accounts remain enabled in the source domain.

Security identifier (SID) history maintenance

Maintaining SID history is optional.

SID history is required for user, group, and computer accounts, but not managed service accounts.

Password retention

Password retention is optional.

Passwords are always retained.

Local profile migration

You must use tools such as ADMT to migrate local profiles.

Local profiles are migrated automatically because the user’s globally unique identifier (GUID) is preserved.

Closed sets

You do not have to migrate accounts in closed sets. For more information, see Background Information for Restructuring Active Directory Domains Within a Forest (

You must migrate accounts in closed set

Before starting installation of ADMT I have installed SQL Server Express Edition version 2012 on my one of Windows Server 2012 R2 as this is one of the requirement, Same server can be used by other colleagues to run Active Directory migration tool (ADMT). While installation of SQL express I have kept all the defaults, My Named instance name is Default one SQLEXPRESS. On this sql instance I am going to configure ADMT database.

Sql Express 2012 installation Named instance creation

And other setting in SQL server installation is I have Specified SQL Server Administrators,I have created one Security Group in active directory and added it here. All my colleagues are added to this group now they can use ADMT tool centrally.

Sql Express 2012 installation add sql server administrators and mixed mode windows authetication

Once my SQL Express server is setup I am going to install ADMT v3.2 on the same server. (Donwload link for ADMT v3.2). Setup is very easy once it is launched on the welcome screen it shows supported SQL server version and editions and recommendation about backing up system and closing all open program. next screen is about EULA, click I Agree.

active directory migration tool installation wizard backu and EULA

Next is Customer Experience Improvement Program, I didn't changed anything on the page, next screen is crucial and need to mention database instance, As my SQL server is same I have mentioned .\SQLEXPRESS, which is by default there after installation of SQL Express installation, Click next it will start connecting to database.

Active directory Migration Tool selecting sql server database instance

If connection to SQL database is successful, it prompts if there I am using an old ADMT database, and If i need to import that existing database. In my case this is fresh installation so i have kept it to default, No, do not import data from an existing database (Default). if everything is successful I can see ADMT has successfully installed message with installation summary information.

Active directory migration tool admt import data from exisiting database or new database installation successfully installed

Now to verify I can search for ADMT and launch the tool. In next article I will be showing how to migrate objects between Domains.

Active Directory migration tool admt tool mmc migration report and console tool

Go Back