windows-nt/Source/XPSP1/NT/admin/admt/documents/help-ms/admtbestpractices.htm

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0//EN"
                      "http://www.w3.org/TR/REC-html40/strict.dtd">
<HTML DIR="LTR">
<HEAD>
<TITLE>Best practices</TITLE>
<LINK REL="stylesheet" MEDIA="screen" TYPE="text/css" HREF="coUA.css">
<LINK REL="stylesheet" MEDIA="print" TYPE="text/css" HREF="coUAprint.css">  
<SCRIPT LANGUAGE="JScript" SRC="shared.js"></SCRIPT>
<META HTTP-EQUIV="Content-Type" CONTENT="text-html;charset=Windows-1252">
<META HTTP-EQUIV="PICS-Label" CONTENT='(PICS-1.1 "<http://www.rsac.org/ratingsv01.html>" l comment "RSACi North America Server" by "inet@microsoft.com <mailto:inet@microsoft.com>" r (n 0 s 0 v 0 l 0))'>
<META NAME="MS.LOCALE" CONTENT="EN-US">
<META NAME="MS-IT-LOC" Content="Active Directory Migration Tool">
<META NAME="MS-HAID" CONTENT="a_ADMTBestPractices"> 
</HEAD>
<BODY>


<H1>Best practices</H1>
<UL>

<LI><B>Carefully review the following topics:</B>
<UL>
<LI><A HREF="admtsystemreq.htm">Migration requirements</A></LI>
<LI><A HREF="admtbeforeintermig.htm">Before performing an interforest migration</A></LI>
<LI><A HREF="admtbeforeintramig.htm">Before performing an intraforest migration</A></LI>
</UL></LI>

<LI><B>Follow the migration procedures detailed in the following topics:</B>
<UL>
<LI><A HREF="admtinterforestacctmig.htm">Perform an interforest account domain migration</A></LI>
<LI><A HREF="admtinterforestresmig.htm">Perform an interforest resource domain migration</A></LI>
<LI><A HREF="admtintraforestacctmig.htm">Perform an intraforest account domain migration</A></LI>
<LI><A HREF="admtintraforestresmig.htm">Perform an intraforest resource domain migration</A></LI>
</UL>
</LI>

<LI><B>Synchronize the time on all computers participating in the migration.</B>
<P>This will assist troubleshooting when using the event log.</P></LI>

<LI><B>Before migrating user profiles, empty the Recycle Bin on any computer that is used by a user whose profile will be migrated.</B>
<P>Failure to empty the Recycle Bin will result in a benign &quot;Recycle Bin corrupted&quot; error. To clear this error, click <B>Yes</B> when prompted to empty the Recycle Bin.</P></LI>

<LI><B>Allow the migration process to finish without interruption.</B>
<P>If you interrupt the migration process before it is finished, accounts may exist without correctly set properties.</P></LI>

<LI><B>When performing a lengthy migration, always run Active Directory Migration Tool from the same domain controller.</B>
<P>Active Directory Migration Tool stores information used during the migration process in a file on the computer on which the tool is run. If you must change domain controllers during the migration, you can move this information to the new domain controller by copying the Protar.mdb file to the Active Directory Migration Tool folder on the new domain controller.</P></LI>

<LI><B>When migrating user accounts between domains in the same forest, user passwords are migrated to the target domain. Verify that the passwords of the source domain user accounts will match the password policy of the target domain.</B>
<P>If the source user accounts have passwords that violate the password restrictions (such as minimum length) in the target, then the affected migrated accounts will be unable to log on until password has been set to a value that fits the target domain password policy and until the affected migrated accounts have been marked as enabled.</P></LI>

<LI><B>If you perform an intraforest migration of service accounts, ensure that all computers with the services on them are available when you perform the migration.</B>
<P>When you perform an intraforest migration of accounts, you are actually moving the account since the two accounts cannot exist in the same forest. If a computer that uses one of these service accounts is not available, the service on that computer may stop working until it gets the service account updates.</P></LI>

<LI><B>To read Active Directory Migration Tool event log entries, read the log from a computer on which Active Directory Migration Tool is installed.</B>
<P>The Active Directory Migration Tool <A ID="wPopup" HREF="HELP=ADMTGlos.hlp TOPIC=Agent">agent</A> may write event log entries to the computer on which it runs. Since the agent software is removed when the agent is finished, you can view the event log entries on a remote computer where the agent has run by running the Windows&nbsp;2000 Event Viewer from the computer on which Active Directory Migration Tool is installed.</P></LI>

<LI><B>Two or more users in the same domain should not run Active Directory Migration Tool at the same time.</B>
<P>Active Directory Migration Tool collects information about the objects to be migrated in a database. The tool then uses this information to perform the migration tasks. Two or more people trying to use Active Directory Migration Tool at the same time will cause a database access conflict.</P></LI>

<LI><B>Because agents are dispatched to remote computers, you should verify that replication is up to date across all domain controllers in the target domain before running the Computer Migration and Security Translation Wizards.</B>
<P>Remote computers might look to a domain controller other than the one on which Active Directory Migration Tool is running to get the account and group information on which the operation is dependent. If a particular change has not replicated to all of the domain controllers in the domain, then the agent may receive outdated information and the computer migration or security translation could fail.</P></LI>

<LI><B>Install the Windows&nbsp;2000 Support Tools and use Active Directory Administration Tool to help verify and troubleshoot correct object migration.</B>
<P>For more information about the Windows&nbsp;2000 Support Tools, see Windows&nbsp;2000 Server Help.</P></LI>

<LI><B>Use the Migration.log and Dispatch.log files to help troubleshoot the Computer Migration Wizard.</B>
<P>You can also use Event Viewer to view the Application and Security entries on both the source and target computers and on any computer to which an agent has been dispatched.</P></LI>
</UL>

</BODY>
</HTML>