Recently I was involved into new child domain creation in Active Directory, and another major task was migrating existing certain Users, Groups, Computers and other objects from Parent root domain to child domain for management delegation purpose. This Users and other AD objects were part of one of the new project and I wanted them to move to new child domain. Here I would like to discuss about ADMT version 3.2 (Active Directory Migration Tool), The Windows Server Active Directory Migration Tool (ADMT) V3.2 is a free utility that allows you to migrate objects (users, computers, groups, etc.) from one Windows Server Active Directory domain/forest to another.
PART 1 : INSTALLING ADMT TOOL (ACTIVE DIRECTORY MIGRATION TOOL)
PART 2 : MIGRATE ACTIVE DIRECTORY USERS TO ANOTHER DOMAIN USING ADMT
PART 3 : (ADMT) ACTIVE DIRECTORY MIGRATION TOOL REPORTING
There are two types of AD migration can be performed as below (Source: https://technet.microsoft.com/en-us/library/cc974332(v=ws.10).aspx)
Interforest Active Directory domain restructure
You might perform an interforest restructure for business changes, such as mergers or acquisitions or divestitures, in which your organizations have to combine or divide resources. As part of the restructuring process, when you migrate objects between forests both the source and target domain environments exist simultaneously. This makes it possible for you to roll back to the source environment during the migration, if necessary.
Intraforest Active Directory domain restructure
When you restructure domains in a forest, you can consolidate your domain structure and reduce administrative complexity and overhead. Unlike the process for restructuring domains between forests, when you restructure domains in a forest, the migrated accounts no longer exist in the source domain. Therefore, rollback of the migration can only occur when you carry out the migration process again in reverse order from the previous target domain to the previous source domain.
The following table lists the differences between an interforest domain restructure and an intraforest domain restructure.
Migration consideration |
Interforest restructure |
Intraforest restructure |
Object preservation |
Objects are cloned rather than migrated. The original object remains in the source location to maintain access to resources for users. |
User and group objects are migrated and no longer exist in the source location. Computer and managed service account objects copied and the original accounts remain enabled in the source domain. |
Security identifier (SID) history maintenance |
Maintaining SID history is optional. |
SID history is required for user, group, and computer accounts, but not managed service accounts. |
Password retention |
Password retention is optional. |
Passwords are always retained. |
Local profile migration |
You must use tools such as ADMT to migrate local profiles. |
Local profiles are migrated automatically because the user’s globally unique identifier (GUID) is preserved. |
Closed sets |
You do not have to migrate accounts in closed sets. For more information, see Background Information for Restructuring Active Directory Domains Within a Forest (http://go.microsoft.com/fwlink/?LinkId=122123). |
You must migrate accounts in closed set |
And other setting in SQL server installation is I have Specified SQL Server Administrators,I have created one Security Group in active directory and added it here. All my colleagues are added to this group now they can use ADMT tool centrally.
Once my SQL Express server is setup I am going to install ADMT v3.2 on the same server. (Donwload link for ADMT v3.2). Setup is very easy once it is launched on the welcome screen it shows supported SQL server version and editions and recommendation about backing up system and closing all open program. next screen is about EULA, click I Agree.
Next is Customer Experience Improvement Program, I didn't changed anything on the page, next screen is crucial and need to mention database instance, As my SQL server is same I have mentioned .\SQLEXPRESS, which is by default there after installation of SQL Express installation, Click next it will start connecting to database.
If connection to SQL database is successful, it prompts if there I am using an old ADMT database, and If i need to import that existing database. In my case this is fresh installation so i have kept it to default, No, do not import data from an existing database (Default). if everything is successful I can see ADMT has successfully installed message with installation summary information.
Now to verify I can search for ADMT and launch the tool. In next article I will be showing how to migrate objects between Domains.