windows-nt/Source/XPSP1/NT/admin/admt/documents/help-ms/admtintraforestacctmig.htm

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0//EN"
                      "http://www.w3.org/TR/REC-html40/strict.dtd">
<HTML DIR="LTR">					  
<HEAD>
<TITLE>Perform an intraforest account domain migration</TITLE>
<LINK REL="stylesheet" MEDIA="screen" TYPE="text/css" HREF="coUA.css">
<LINK REL="stylesheet" MEDIA="print" TYPE="text/css" HREF="coUAprint.css">  
<SCRIPT LANGUAGE="JScript" SRC="shared.js"></SCRIPT>
<META HTTP-EQUIV="Content-Type" CONTENT="text-html;charset=Windows-1252">
<META HTTP-EQUIV="PICS-Label" CONTENT='(PICS-1.1 "<http://www.rsac.org/ratingsv01.html>" l comment "RSACi North America Server" by "inet@microsoft.com <mailto:inet@microsoft.com>" r (n 0 s 0 v 0 l 0))'>
<META NAME="MS.LOCALE" CONTENT="EN-US">
<META NAME="MS-IT-LOC" Content="Active Directory Migration Tool">
<META NAME="MS-HAID" CONTENT="a_ADMTIntraforestAcctMig"> 
</HEAD>
<BODY>


<P CLASS="procLabel">To perform an intraforest account domain migration</P>
<OL>
<LI>Migrate domain global groups using the Group Migration Wizard.</LI>
	<P><A ID="expand" HREF="#" CLASS="expandToggle">More information</A></P>
	<DIV CLASS="expand">	
	<UL>
	<LI>In an <A ID="wPopup" HREF="HELP=ADMTGlos.hlp TOPIC=IntraforestMigration"> intraforest migration</A>, when global groups are migrated from a <A ID="wPopup" HREF="HELP=ADMTGlos.hlp TOPIC=NativeMode"> native mode</A> <A ID="wPopup" HREF="HELP=ADMTGlos.hlp TOPIC=SourceDomain">source domain</A>, the groups are migrated over correctly, but are created as universal groups in the <A ID="wPopup" HREF="HELP=ADMTGlos.hlp TOPIC=TargetDomain"> target domain</A> so that they can contain members from the source domain that have not been migrated yet.</LI>

	<LI>If you are migrating a distribution group (these only exist in Windows&nbsp;2000) from the source domain to the target domain and the group exists in the target domain as a security group, the target group will remain a security group even if the <B>Replace</B> option is selected.</LI>

	
	</UL></DIV>

<LI>Migrate users and roaming profiles using the User Migration Wizard.</LI>
	<P><A ID="expand" HREF="#" CLASS="expandToggle">More information</A></P>
	<DIV CLASS="expand">	
	<UL>
	<LI>On the <B>User Options</B> wizard page, select the <B>Translate roaming profiles</B> and <B>Update user rights</B> check boxes.</LI>

	<LI>Active Directory Migration Tool only migrates user rights in additive mode. That is, the user rights of existing users and groups in the target domain will not be removed during a migration operation.</LI>

<LI>If there is a large number of user accounts in the domain, when the User Migration Wizard builds the list of user accounts in a domain, retrieving this information can take a significant amount of time and may cause a significant impact on your network traffic.</LI>

	<LI>The user principal name suffix attribute of migrated user accounts is left empty by default but an implicit user principal name suffix of the current domain exists by default for each domain. For example, if the target domain is microsoft.com, the implicit user principal name for users migrated to that domain is <I>UserName</I>@microsoft.com.</LI>

	<LI>As part of the migration process, Active Directory Migration Tool determines to which global groups the user account in the source domain belongs. The tool then checks its migrated objects table to see if any of those global groups have previously been migrated. If a match is found, that means that the group was previously migrated from the source domain, and the user is added to this group.</LI>
	</UL></DIV>

<LI>Migrate local profiles on workstations using the Security Translation Wizard.</LI>
	<P><A ID="expand" HREF="#" CLASS="expandToggle">More information</A></P>
	<DIV CLASS="expand">	
	<UL>

	<LI>On the <B>Translate Objects</B> wizard page, select the <B>User Profiles</B> check box.</LI>
	
	<LI>On the <B>Security Translation Options</B> wizard page, select the <B>Add</B> check box.</LI>
	</UL></DIV>

<LI>Manually migrate a domain controller from the account domain and decommission the domain.</LI>
	<P><A ID="expand" HREF="#" CLASS="expandToggle">More information</A></P>
	<DIV CLASS="expand">	
	<UL>
	<LI>Use the Active Directory Installation Wizard to demote the domain controllers in the <A ID="wPopup" HREF="HELP=ADMTGlos.hlp TOPIC=ResourceDomain">resource domain</A>. For more information about the Active Directory Installation Wizard, see Windows&nbsp;2000 Server Help.</LI>

	<LI>When demoting the last domain controller in the source domain, select the <B>This server is the last domain controller in the domain</B> check box on the <B>Remove Active Directory</B> wizard page of the Active Directory Installation Wizard.</LI>

	<LI>Once a domain controller has been demoted, it can join the target domain or be promoted to domain controller in the target domain.</LI>
	</UL></DIV>
</OL>
<P class="important">Important</P>
	<UL>
<LI>When performing an <A ID="wPopup" HREF="HELP=ADMTGlos.hlp TOPIC=IntraforestMigration"> intraforest migration</A>, first migrate <A ID="wPopup" HREF="HELP=ADMTGlos.hlp TOPIC=ResourceDomain">resource domains</A>, and then migrate <A ID="wPopup" HREF="HELP=ADMTGlos.hlp TOPIC=AccountDomain">account domains</A>.</LI>
<LI>Run the wizards in the order listed for best results.</LI> 
</UL>

<P CLASS="note">Notes</P>
<UL>
<LI>When running the User Migration Wizard, Group Migration Wizard, or Security Migration Wizard, you must be logged on to the <I>target domain</I> as an administrator or member of the Administrators group.</LI>

<LI>When migrating a user, group, or computer account that exists in both the source and target domains, if the account in the target domain already has a value for a particular property and the account in the source domain does not have a value for that property, the value of the property in the target domain will be preserved. It will not be overwritten by the null-value of the property in the source domain.</LI>
<LI>When migrating users and groups between domains in the same forest, Active Directory Migration Tool must communicate with the Relative ID (RID) pool master in the target domain. To improve performance when migrating a large number of users or groups, you should install Active Directory Migration Tool on the RID pool master in the target domain. By default, this is the first domain controller installed in the domain. Use Active Directory Users and Computers or Ntdsutil.exe to locate the domain controller that holds the RID pool master role.</LI>

<LI>During the migration process, this tool truncates user account names that are more than 20 characters long.</LI>
</UL>
<P><A ID="relTopics" HREF="CHM=DomainMig.chm  META=a_admtchkbeforeusing; a_ADMTBestPractices; a_ADMTRunWizard; a_ADMTIntraforestResMig; a_admtbeforeintramig; a_admtunderstandtrust; a_TasksRetry; a_TasksUndoLast; a_ADMTOverview; a_ADMTUnderstandMigration; a_ADMTIntraforestMig; a_ConceptDomMigSecurityIssues; a_conceptmigratingusersgroup; a_ADMTUnderstandTrust; a_ADMTSystemReq; a_ADMTBeforeIntraMig">Related Topics</A></P>

</BODY>
</HTML>
Add source files 2020-09-26 03:20:57 -05:00			`<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0//EN"`
			`"http://www.w3.org/TR/REC-html40/strict.dtd">`
			`<HTML DIR="LTR">`
			`<HEAD>`
			`<TITLE>Perform an intraforest account domain migration</TITLE>`
			`<LINK REL="stylesheet" MEDIA="screen" TYPE="text/css" HREF="coUA.css">`
			`<LINK REL="stylesheet" MEDIA="print" TYPE="text/css" HREF="coUAprint.css">`
			`<SCRIPT LANGUAGE="JScript" SRC="shared.js"></SCRIPT>`
			`<META HTTP-EQUIV="Content-Type" CONTENT="text-html;charset=Windows-1252">`
			`<META HTTP-EQUIV="PICS-Label" CONTENT='(PICS-1.1 "<http://www.rsac.org/ratingsv01.html>" l comment "RSACi North America Server" by "inet@microsoft.com <mailto:inet@microsoft.com>" r (n 0 s 0 v 0 l 0))'>`
			`<META NAME="MS.LOCALE" CONTENT="EN-US">`
			`<META NAME="MS-IT-LOC" Content="Active Directory Migration Tool">`
			`<META NAME="MS-HAID" CONTENT="a_ADMTIntraforestAcctMig">`
			`</HEAD>`
			`<BODY>`



			`<P CLASS="procLabel">To perform an intraforest account domain migration</P>`
			`<OL>`
			`<LI>Migrate domain global groups using the Group Migration Wizard.</LI>`
			`<P><A ID="expand" HREF="#" CLASS="expandToggle">More information</A></P>`
			`<DIV CLASS="expand">`
			`<UL>`
			<LI>In an <A ID="wPopup" HREF="HELP=ADMTGlos.hlp TOPIC=IntraforestMigration"> intraforest migration</A>, when global groups are migrated from a <A ID="wPopup" HREF="HELP=ADMTGlos.hlp TOPIC=NativeMode"> native mode</A> <A ID="wPopup" HREF="HELP=ADMTGlos.hlp TOPIC=SourceDomain">source domain</A>, the groups are migrated over correctly, but are created as universal groups in the <A ID="wPopup" HREF="HELP=ADMTGlos.hlp TOPIC=TargetDomain"> target domain</A> so that they can contain members from the source domain that have not been migrated yet.</LI>

			`<LI>If you are migrating a distribution group (these only exist in Windows 2000) from the source domain to the target domain and the group exists in the target domain as a security group, the target group will remain a security group even if the <B>Replace</B> option is selected.</LI>`


			`</UL></DIV>`

			`<LI>Migrate users and roaming profiles using the User Migration Wizard.</LI>`
			`<P><A ID="expand" HREF="#" CLASS="expandToggle">More information</A></P>`
			`<DIV CLASS="expand">`
			`<UL>`
			`<LI>On the <B>User Options</B> wizard page, select the <B>Translate roaming profiles</B> and <B>Update user rights</B> check boxes.</LI>`

			`<LI>Active Directory Migration Tool only migrates user rights in additive mode. That is, the user rights of existing users and groups in the target domain will not be removed during a migration operation.</LI>`

			`<LI>If there is a large number of user accounts in the domain, when the User Migration Wizard builds the list of user accounts in a domain, retrieving this information can take a significant amount of time and may cause a significant impact on your network traffic.</LI>`

			`<LI>The user principal name suffix attribute of migrated user accounts is left empty by default but an implicit user principal name suffix of the current domain exists by default for each domain. For example, if the target domain is microsoft.com, the implicit user principal name for users migrated to that domain is <I>UserName</I>@microsoft.com.</LI>`

			`<LI>As part of the migration process, Active Directory Migration Tool determines to which global groups the user account in the source domain belongs. The tool then checks its migrated objects table to see if any of those global groups have previously been migrated. If a match is found, that means that the group was previously migrated from the source domain, and the user is added to this group.</LI>`
			`</UL></DIV>`

			`<LI>Migrate local profiles on workstations using the Security Translation Wizard.</LI>`
			`<P><A ID="expand" HREF="#" CLASS="expandToggle">More information</A></P>`
			`<DIV CLASS="expand">`
			`<UL>`

			`<LI>On the <B>Translate Objects</B> wizard page, select the <B>User Profiles</B> check box.</LI>`

			`<LI>On the <B>Security Translation Options</B> wizard page, select the <B>Add</B> check box.</LI>`
			`</UL></DIV>`

			`<LI>Manually migrate a domain controller from the account domain and decommission the domain.</LI>`
			`<P><A ID="expand" HREF="#" CLASS="expandToggle">More information</A></P>`
			`<DIV CLASS="expand">`
			`<UL>`
			`<LI>Use the Active Directory Installation Wizard to demote the domain controllers in the <A ID="wPopup" HREF="HELP=ADMTGlos.hlp TOPIC=ResourceDomain">resource domain</A>. For more information about the Active Directory Installation Wizard, see Windows 2000 Server Help.</LI>`

			`<LI>When demoting the last domain controller in the source domain, select the <B>This server is the last domain controller in the domain</B> check box on the <B>Remove Active Directory</B> wizard page of the Active Directory Installation Wizard.</LI>`

			`<LI>Once a domain controller has been demoted, it can join the target domain or be promoted to domain controller in the target domain.</LI>`
			`</UL></DIV>`
			`</OL>`
			`<P class="important">Important</P>`
			`<UL>`
			`<LI>When performing an <A ID="wPopup" HREF="HELP=ADMTGlos.hlp TOPIC=IntraforestMigration"> intraforest migration</A>, first migrate <A ID="wPopup" HREF="HELP=ADMTGlos.hlp TOPIC=ResourceDomain">resource domains</A>, and then migrate <A ID="wPopup" HREF="HELP=ADMTGlos.hlp TOPIC=AccountDomain">account domains</A>.</LI>`
			`<LI>Run the wizards in the order listed for best results.</LI>`
			`</UL>`

			`<P CLASS="note">Notes</P>`
			`<UL>`
			`<LI>When running the User Migration Wizard, Group Migration Wizard, or Security Migration Wizard, you must be logged on to the <I>target domain</I> as an administrator or member of the Administrators group.</LI>`

			`<LI>When migrating a user, group, or computer account that exists in both the source and target domains, if the account in the target domain already has a value for a particular property and the account in the source domain does not have a value for that property, the value of the property in the target domain will be preserved. It will not be overwritten by the null-value of the property in the source domain.</LI>`
			<LI>When migrating users and groups between domains in the same forest, Active Directory Migration Tool must communicate with the Relative ID (RID) pool master in the target domain. To improve performance when migrating a large number of users or groups, you should install Active Directory Migration Tool on the RID pool master in the target domain. By default, this is the first domain controller installed in the domain. Use Active Directory Users and Computers or Ntdsutil.exe to locate the domain controller that holds the RID pool master role.</LI>

			`<LI>During the migration process, this tool truncates user account names that are more than 20 characters long.</LI>`
			`</UL>`
			`<P><A ID="relTopics" HREF="CHM=DomainMig.chm META=a_admtchkbeforeusing; a_ADMTBestPractices; a_ADMTRunWizard; a_ADMTIntraforestResMig; a_admtbeforeintramig; a_admtunderstandtrust; a_TasksRetry; a_TasksUndoLast; a_ADMTOverview; a_ADMTUnderstandMigration; a_ADMTIntraforestMig; a_ConceptDomMigSecurityIssues; a_conceptmigratingusersgroup; a_ADMTUnderstandTrust; a_ADMTSystemReq; a_ADMTBeforeIntraMig">Related Topics</A></P>`

			`</BODY>`
			`</HTML>`