Migrate workstations and member servers from the source domain to the target domain. When you migrate computers, the changes do not take effect until the computer is restarted. Restart the computers that you are migrating as soon as possible to complete the migration process.
Note
Restart member workstations and servers immediately after you join them to the target domain by selecting a low number for the RestartDelay parameter. Resources that are not restarted after migration are in an indeterminate state.
Firewalls, such as Windows Firewall in Windows XP Service Pack 2 (SP 2), can prevent the Active Directory Migration Tool (ADMT) computer account migration from completing. Thoroughly test your computer migration in a lab environment to uncover any potential issues before you perform the migration in the production environment. For more information about configuring Windows Firewall, see Some programs seem to stop working after you install
Windows XP Service Pack 2 (http://go.microsoft.com/fwlink/?LinkId=76705) and Service overview and network port requirements for the Windows Server system
(http://go.microsoft.com/fwlink/?LinkId=58432).
Computer accounts are treated differently than user and group accounts during a migration between domains in an Active Directory forest. Where user and group accounts in the source domain are deleted during an intraforest migration, computer accounts in the source domain are instead disabled, and a new computer account is created in the target domain.
This makes it possible for you to roll back the computer migration, if necessary. After the migration is complete and your testing verifies that the computer is functioning as expected, you can safely delete the computer account in the source domain.
You can migrate workstations and member servers by using the ADMT snap-in, the ADMT command-line option, or a script.
To migrate workstations and member servers by using the ADMT snap-in
1. On the computer in the target domain where ADMT is installed, log on by using a user account that is a member of the ADMT resource migration group.
2. Use the Computer Account Migration Wizard by performing the steps in the following table.
Wizard page Action
Domain Selection Under Source, in the Domain drop-down list, type or select the NetBIOS or Domain
Name System (DNS) name of the source domain. In the Domain controller drop-down list, type or select the name of the domain controller, or select Any domain controller.
When you perform an intraforest
migration, the domain controller that holds the relative ID (RID) operations master (also known as flexible single master operations or FSMO) role is always used as the source domain controller,
regardless of your selection.
Under Target, in the Domain drop-down list, type or select the NetBIOS or DNS name of the target domain. In the Domain controller drop-down list, type or select the name of the domain controller, or select Any domain controller, and then click Next.
Computer Selection Click Select computers from domain, and then click Next. On the Computer Selection page, click Add to select the computers in the source domain that you want to migrate, click OK, and then click Next.
Or
Click Read objects from an include file, and then click Next. Type the location of the include file, and then click Next.
Organizational Unit Selection Click Browse.
In the Browse for Container dialog box, click the organizational unit (OU) in the target domain to which the computers are migrating, and then click OK.
Translate Objects Select the Local groups check box.
Select the User rights check box.
Security Translation Options Click Replace.
When you perform an intraforest migration, ADMT migrates the security identifier (SID) history and deletes the
source object. Therefore, when you perform an intraforest migration, ADMT allows security translation only in replace mode.
Computer Options In the Minutes before computer restart after wizard completion box, accept the default value of 5 minutes or type a different value.
Object Property Exclusion To exclude certain object properties from the migration, select the Exclude specific object properties from migration check box, select the object properties that you want to exclude and move them to Excluded Properties, and then click Next.
Conflict Management Click Do not migrate source object if a conflict is detected in the target domain.
ADMT Agent Dialog Select Run pre-check and agent operation, and then click Start.
3. Review the results that are displayed on the screen for any errors. After the wizard completes, click View log to see the list of computers, completion status, and the path to the log file for each computer. If an error is reported for a computer, you will have to refer to the log file on that computer to review any problems with local groups. The log file for each computer is named MigrationTask#_ComputerName.log, and it is stored in the Windows\ADMT\Logs\Agents folder.
To migrate workstations and member servers by using the ADMT command-line option 1. On the computer in the target domain where ADMT is installed, log on by using a user
account that is a member of the ADMT resource migration group.
2. At the command line, type the ADMT Computer command with the appropriate parameters, and then press ENTER.
ADMT COMPUTER /N "<computer_name1>" "<computer_name2>" /IF:YES /SD:"
<source_domain>" /TD:" <target_domain>" /TO:" <target_OU>" /RDL:1
As an alternative, you can include parameters in an option file that is specified at the command line, as follows:
ADMT COMPUTER /N "<computer_name1>" "<computer_name2>" /O:" <option_file>.txt"
The following table lists the parameters that are required for workstation and member
server migration, the command-line parameters, and option file equivalents.
Parameters Command-line syntax Option file syntax
Intraforest /IF:YES IntraForest=YES
<Source domain> /SD:"source_domain" SourceDomain="source_domain"
<Target domain> /TD:"target_domain" TargetDomain="target_domain"
<Target OU>
location
/TO:"target_OU" TargetOU="target_OU"
Restart delay (minutes)
/RDL:5 RestartDelay=5
Conflict management
/CO:IGNORE (default) ConflictOptions=IGNORE
Security translation options
/TOT:ADD TranslationOption=YES
Translate user rights /TUR:YES TranslateUserRights=YES
Translate local groups
/TLG:YES TranslateLocalGroups=YES
3. Review the results that appear on the screen for any errors. The migration log lists computers, completion status, and the path to the log file for each computer. If an error is reported for a computer, you will have to refer to the log file for that computer to review any problems with local groups. The log file for each computer is named
MigrationTask#_ComputerName.log, and it is stored in the Windows\ADMT\Logs\Agents folder.
4. Open Active Directory Users and Computers, and then locate the target domain OU.
Verify that the workstations and member servers exist in the target domain OU.
To migrate workstations and member servers by using a script
Use the following listing to prepare a script that incorporates ADMT commands and options for migrating workstations and member servers within a forest. Copy the script to Notepad, and save the file with a .wsf file name extension in the same folder as the AdmtConstants.vbs file.
<Job id=" MigratingWorkstationsMemberServersWithinForest" >
<Script language="VBScript" src="AdmtConstants.vbs" />
<Script language="VBScript" >
Option Explicit
Dim objMigration
Dim objComputerMigration
'
'Create instance of ADMT migration objects.
'
Set objMigration = CreateObject("ADMT.Migration" )
Set objComputerMigration = objMigration.CreateComputerMigration
'
'Specify general migration options.
'
objMigration.IntraForest = True
objMigration.SourceDomain = "source domain"
objMigration.SourceOu = "Computers"
objMigration.TargetDomain = "target domain"
objMigration.TargetOu = "Computers"
'
'Specify computer migration specific options.
'
objComputerMigration.TranslationOption = admtTranslateAdd objComputerMigration.TranslateLocalGroups = True
objComputerMigration.TranslateUserRights = True objComputerMigration.RestartDelay = 1
'
'Migrate computer objects on specified computer objects.
'
objComputerMigration.Migrate admtData, _ Array("computer name1" ,"computer name2")
Set objComputerMigration = Nothing Set objMigration = Nothing
</Script>
</Job>