able/windows-nt
1
0
Fork 0
Code Issues Pull requests Projects Releases Wiki Activity
windows-nt/Source/XPSP1/NT/admin/admt/documents/help/conceptdommigrequirements.htm
CryptoAlgo Inc b3cac27891 Add source files
2020-09-26 16:20:57 +08:00

110 lines
5.4 KiB
HTML
Raw Permalink Blame History

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN">
<HTML>
<HEAD>
<TITLE>Active Directory Migration Tool Requirements</TITLE>
<link rel=stylesheet type=text/css href=MCS-Help.css>
<META NAME="MS-HAID" CONTENT="a_ConceptDomMigRequirements">
<SCRIPT LANGUAGE="JScript" SRC="MCSshared.js"></SCRIPT>
</HEAD>
<BODY>
<H1>Active Directory Migration Tool Requirements</H1>
<P>
The Active Directory Migration Tool has several requirements to ensure it can perform the required tasks:
</P>
<UL>
<LI>
The Active Directory Migration Tool runs only on Windows 2000 computers. The target domain must be running Windows 2000 RC2 or later in native mode. The PDC in the source domain must be running Windows NT 4.0 Service Pack 4 or later. If the source domain is running Windows 2000, it can run in native mode or mixed mode. If the Windows 2000 source domain has two or more domain controllers, and the source and target domains are in the same forest, you must run this tool on the domain controller with the RID pool allocator role.
<LI>
Memory requirements depend on the number of user accounts, groups, and computer accounts you migrate at one time. If you migrate a large number of accounts at one time, such as 30,000 accounts, you should run the Active Directory Migration Tool on a computer with at least 128MB of RAM (256MB recommended).
<LI>
Auditing for account management (success and failure events) must be enabled in the source and target domains. In Windows NT, account management is referred to as user and group management.
<LI>
If you have more than 10,000 user accounts, groups, or computers, you need to increase the Maximum size of Active Directory Searches group policy in the target domain. By default, this value is set to 10,000.
<LI>
If you want to translate Exchange security for Exchange mailboxes, distribution lists, custom recipients, organizations, sites, and containers, the account credentials you specify during the translation process must be a Permissions Admin in the Exchange site of the specified Exchange server.
<LI>
If you want to translate Exchange security, you must install Microsoft Exchange Administrator on the computer where you run the Active Directory Migration Tool.
<LI>
To use the Active Directory Migration Tool, the user account you log on with when you run the Active Directory Migration Tool must have the following permissions:
<UL class=Level2>
<LI>Administrator rights in the source domain (member of Domain Admins)
<LI>Administrator rights in the target domain
<LI>Administrator rights on each computer you migrate
<LI>Administrator rights on each computer on which you translate security
<LI>
Administrator rights on any computer where the Active Directory Migration Tool must install an agent to perform the migration. These agents allow the Active Directory Migration Tool to resolve the security-related issues and to gather information for impact analysis.
</UL>
<LI>
The source domain must trust the target domain. In addition, the target domain must trust all domains that are trusted by the source domain and that contain accounts that are members of local groups you will migrate in the source domain. The Trust Migration wizard allows you to compare the source and target domain trusts. You can also migrate the source domain trusts to the target domain.
<LI>
To update the SID History of migrated accounts in the target domain, the Active Directory Migration Tool has several additional requirements:
<UL class=Level2>
<LI>
You must run the tool on a domain controller in the target domain.
<LI>
The <KBD><I>domain</I>$$$</KBD> local group must exist
in the source domain. The tool creates this group.
<LI>
The tool must be able to connect to all domains related to the information in the SID History property of each migrated account. In addition, the user account you log on with when you run the tool must have administrator rights in each domain from which SID information is used.
<P CLASS=Indent>
For example, if you migrate accounts from Domain A to Domain B, then migrate accounts from Domain B to Domain C, your account must have administrator rights in Domain A to copy the SID History information related to that domain. If Domain A is no longer available, the tool cannot copy the SID History information related to Domain A.
</P>
<LI>
The following registry key must exist on the PDC in the source domain
as a DWORD with the value set to 1. If you create this registry key,
you must restart the domain controller to activate this value. The
tool creates this registry key if it does not exist and restarts the
domain controller.
<PRE>
HKEY_LOCAL_MACHINE\System\CurrentControlSet\
Control\Lsa\TcpipClientSupport</PRE>
</UL>
</UL>
<TABLE CELLPADDING=0 CELLSPACING=0 BORDER=0>
<TR>
<TD VALIGN=TOP><IMG SRC="NOTE.GIF" WIDTH=10 HEIGHT=10 ALT="" BORDER="0"></TD>
<TD VALIGN=TOP WIDTH=5></TD>
<TD VALIGN=TOP>
<B>Notes:</B>
<UL>
<LI>
To read the entries the Active Directory Migration Tool writes in the Application event log, you should read the log from a computer where the Active Directory Migration Tool is installed.
<LI>
The Active Directory Migration Tool uses an Access database to collect information. The tool then uses this information to perform the migration tasks. Two users should not run this tool at the same time using the same database.
</UL>
</TD>
</TR>
</TABLE>
</BODY>
</HTML>
Reference in a new issue View git blame Copy permalink