SMART Active Directory Migrator 9.2
User Guide
SMART ACTIVE DIRECTORY MIGRATOR 9.2 USER GUIDE
2
Table of Contents
Section 1. Introduction ... 4
1.1 About SMART Active Directory Migrator ... 4
1.2 Audience for SMART Active Directory Migrator ... 5
1.3 Getting More Information ... 5
Section 2. Migration Project Management... 6
2.1 SMART Active Directory Migrator Architecture ... 6
2.2 Planning the Migration Project ... 6
2.3 Best Practices ... 7
Section 3. Configuring the Active Directory Migrator Profile ... 9
3.1 Launching SMART Directory Sync ... 9
3.2 Adding an AD Migration/Synchronization Profile ... 9
3.3 Active Directory Migrator Sync Report ... 32
Section 4. Using the SMART Active Directory Migrator Console ... 37
4.1 Launching the Active Directory Migrator Console ... 37
4.2 Refreshing Data... 37
4.3 Creating Mapping Files ... 37
4.4 Migration Groups ... 38
4.5 Using Blacklists ... 39
4.6 Grouping, Sorting, and Filtering Tables ... 40
4.7 Customizing Columns ... 41
4.8 Selecting Multiple Table Rows ... 42
4.9 Triggering a Sync ... 43
4.10 Exporting the Grid ... 44
Section 5. Migrating Users ... 45
Section 6. Migrating Rooms ... 48
Section 7. Migrating Contacts ... 50
Section 8. Migrating Groups ... 52
Section 9. Settings ... 54
9.1 Migration Options ... 54
9.2 Cutover Credentials ... 56
9.3 Network Profiles ... 56
9.4 Device ReACL Profiles ... 58
9.5 NAS ReACL Profiles ... 62
9.6 Menu Actions ... 66
9.7 Custom Menu Action Example ... 71
9.8 Global Variables ... 72
SMART ACTIVE DIRECTORY MIGRATOR 9.2 USER GUIDE
3
Section 11. Migrating NAS ... 83
Section 12. Reports ... 87
Section 13. Using the SMART Directory Sync Log Viewer ... 93
13.1 Searching Log Entries ... 93
13.2 Pausing a Log ... 93
13.3 Showing Log Entries for a Time Period ... 94
13.4 Filtering the Log ... 94
13.5 Grouping the Log by Column ... 95
13.6 Viewing Log Entry Details ... 95
13.7 Exporting Log Entries ... 95
13.8 Clearing Log Entries ... 96
Section 14. Troubleshooting ... 97
Appendix A. AD Source – AD Target Default Mapping ... 100
Appendix B. Customizing Overrides ... 114
Appendix C. Cutover Job Result Codes ... 120
Appendix D. SMART Active Directory Reporter ... 122
Appendix E. Advanced Network Requirements ... 132
Appendix F. SMART AD Migrator SQL Re-permission ... 134
Appendix G. Creating Linked Exchange Account ... 139
SMART ACTIVE DIRECTORY MIGRATOR 9.2 USER GUIDE
4
Section 1. Introduction
1.1 About SMART Active Directory Migrator
Whether your company is performing an Active Directory Migration as a result of an acquisition, merger, or divestiture, or simply as part of rebuilding an existing Active Directory restructure to meet technical or organizational needs, SMART Active Directory Migrator (SMART AD Migrator) dramatically reduces risks, complexity, time, and costs associated with migrating and synchronizing their Active Directory environment to an existing or new Active Directory environment.
SMART AD Migrator
o Is a comprehensive software solution that seamlessly migrates AD objects, settings and properties o Has a back-end migration and synchronization engine
o Has a front-end management console providing complete control of the migration o Ensures security and reliability of the product
o Provides complete migration of relevant objects and properties
o Migrates AD objects even if the source and target servers are not connected and are on isolated networks o Allows for migrations to occur during business hours with minimal effect on user productivity
o Allows administrators to perform all migration-related tasks during business hours, reducing the administrator’s workload
o Maintains transparent interoperability during the migration
o Provides users access to all network resources, regardless of the migration status
o Includes password and SID History synchronization capabilities that provide real-time data o Provides the ability to reverse the changes after key steps in the migration process o Can be used for any migration scenario, from consolidation to a restructuring of AD o Can be customized to meet unique requirements of any organization
o Is highly conducive for migration of workstations in a distributed workforce
Key Features
o Complete migration
o Minimal downtime or interruptions to users o Provides coexistence
o Synchronization of AD objects
o Safe with ability to recover original state o Flexible migration
o Highly customizable o Synchronizes SID history
SMART ACTIVE DIRECTORY MIGRATOR 9.2 USER GUIDE
5
o Ability to copy Passwords
o Highly conducive for migration of workstations in a distributed workforce Important! - Windows 10 is NOT SUPPORTED at this time.
1.2 Audience for SMART Active Directory Migrator
This document assumes the reader has some experience using Active Directory and some basic Administration skills. A fundamental understanding of SIDs (Security Identifiers) is also beneficial.
1.3 Getting More Information
SMART ACTIVE DIRECTORY MIGRATOR 9.2 USER GUIDE
6
Section 2. Migration Project Management
2.1 SMART Active Directory Migrator Architecture
The first step towards success on a project using SMART AD Migrator is to understand the product architecture and how this architecture will operate in your environment.
SMART Active Directory Migrator consists of the following components: o A directory synchronization engine
o A REST based web service o A management interface
o A lightweight agent for workstations and member servers o A database running on Microsoft SQL Server
The directory synchronization engine, the web service, and the management interface will all access the same SQL database. In most scenarios, these components will be installed on the same system. In larger or more complex network environments, the components can be distributed across multiple systems. If the directory synchronization engine, the web service or the management interface is installed on a separate system, it is important to ensure that all three components retain access to the same SQL database.
The directory synchronization engine is provided by Binary Tree’s SMART Directory Sync. SMART Directory Sync is included as part of SMART AD Migrator. SMART Directory Sync is responsible for synchronizing users and groups between source and target Active Directory domains. SMART Directory Sync also handles migrating key user properties such as SID History and user passwords.
User workstations and member servers are called devices in SMART AD Migrator. Devices communicate with the SMART Active Directory Migrator web service using the SMART AD Migrator Agent. The SMART AD Migrator Agent is a lightweight application that installs as a service on Windows devices. Upon installation, the agent has the ability to autodiscover the location of the SMART Active Directory Migrator web service.
To ensure that no firewall exceptions are required, the web service does not “call” the workstations or servers to be migrated. Instead, the SMART AD Migrator Agents contact the web service at defined polling intervals, using standard HTTPS or HTTP requests to recovers jobs. Jobs include key tasks such as system discovery, updating the operating system, file system and user profile permissions, and migrating the device to the new domain.
2.2 Planning the Migration Project
A typical migration project using SMART AD Migrator can be broken up into phases.
o Phase 1: Installing and Creating the Synchronization Profile within SMART Directory Sync o Phase 2: Register Devices (Concurrent with Phase 3)
o Phase 3: Identify Users, Rooms, Contacts, and Groups to Migrate (Concurrent with Phase 2) o Phase 4: ReACL Devices and NAS
o Phase 5: Cutover Devices o Phase 6: Cleanup
SMART ACTIVE DIRECTORY MIGRATOR 9.2 USER GUIDE
7
The Cleanup process typically occurs several months after the completion of the project.
2.3 Best Practices
Best practices for each phase of the migration project are presented below:
Phase 1: Installing and Creating the Synchronization Profile within SMART Directory Sync
o SMART Directory Sync is used to synchronize objects and must be installed before installing the SMART Active Directory Migrator Console and Web Service.
o The Active Directory Migrator synchronization profile should be set up to include every device. However, not every device needs to be migrated immediately. This process ensures they are in the database, ready to install the SMART AD Migrator agent and register themselves. Devices can be blacklisted if you do not want to immediately migrate them.
o Carefully consider the Group Collision option (Merge, Skip, Rename). It is recommended that this option is not changed once migrations have been started. Additionally, it is strongly recommended to not select the Skip option. The Merge and Rename options are better in most cases.
o Synchronizing SID History is recommended.
Phase 2: Register Devices (Concurrent with Phase 3)
o The Device Agent should be pushed out to devices via Group Policy (GPO) or third party tool and sufficient time should be allowed to address any issues with device registration with the server. Correcting registration issues can take more time than expected. A typical large company with a large number of devices may need a couple of weeks of off and on work to resolve registration issues with all devices.
Phase 3: Identify Users, Rooms, Contacts, and Groups to Migrate (Concurrent with Phase 2)
o Before migrating users and groups, do some planning and analysis to see what users, rooms, contacts, andgroups should be migrated, what groups need to be consolidated, how duplicates will be handled, etc.
o More than one synchronization profile can be used to control the target destinations of users, rooms, contacts, and groups.
o User Accounts should be disabled in the target.
o Identifying users, rooms, contacts, and groups to Migrate can be accomplished concurrently with resolving device registration issues in Phase 2.
Phase 4: ReACL Devices and NAS
o Run a ReACL on as many devices as possible early in the process. o Troubleshoot any devices that did not ReACL.
o ReACL again close to the actual cutover date. This will allow you to complete most of the ReACL process early and provide time to resolve any issues with things such as Anti-Virus software and Group Policies. ReACL is a non-destructive process that can be repeated as often as necessary.
SMART ACTIVE DIRECTORY MIGRATOR 9.2 USER GUIDE
8
Phase 5: Cutover Devices
o Create some test users, groups, and devices to verify a successful user and group migration and device cutover. o Typically, a final ReACL would occur the weekend before the cutover to ensure any new users and other changes
are processed.
o A workstation reboot is required after the target account is enabled, source account is disabled, and the workstation cutover is complete. This is usually completed in the evening when fewer users are affected. The affected users should be alerted that this reboot is necessary.
Phase 6: Cleanup
o The cleanup phase typically takes place about two months after all device cutover is complete. Cleanup includes removing all permissions from the source domain and removing the SMART AD Migrator Agent from the devices.
o Before executing the cleanup job, it is recommended to disable SID filtering/quarantine to verify there are no issues with application access before completing the cleanup process.
SMART ACTIVE DIRECTORY MIGRATOR 9.2 USER GUIDE
9
Section 3. Configuring the Active Directory
Migrator Profile
3.1 Launching SMART Directory Sync
To launch the SMART Directory Sync:
1. Double-click the SMART Directory Sync Console desktop shortcut.
OR
Select SMART Directory Sync Console in the Start menu.
2. The SMART Directory Sync Console screen appears briefly and the application opens.
3.2 Adding an AD Migration/Synchronization Profile
To add an AD Migration/Synchronization profile: 1. On the Profiles tab, click Add Profile.
SMART ACTIVE DIRECTORY MIGRATOR 9.2 USER GUIDE
10
2. In the Profile Type Selection window, select AD Migration/Synchronization and then click OK.
The following Profile Types are also available:
Exchange Migration – used in support of an Exchange migration utilizing Binary Tree’s E2E Complete product.
Active Directory to Domino Directory – used to synchronize objects from an Active Directory source to a Domino directory target.
Domino Directory to Active Directory – used to synchronize objects from a Domino directory source to an Active Directory target.
Window Server Migration – used in support of a Windows Server migration utilizing Binary Tree’s Windows Server Migration product.
SMART ACTIVE DIRECTORY MIGRATOR 9.2 USER GUIDE
11
3. A new pane appears at the bottom of the console which provides the ability to configure options for synchronization.
4. On the General tab, enter a name to identify the profile in the Name field. 5. Select the scope of the profile from the Scope drop-down list:
o Inter-Forest– (default) will synchronize domains in different forests.
o Intra-Forest – will synchronize domains within a forest. If selected, the Add x500 Proxy to Source and Resource Forest options must be set to No and msExch mappings are invalid. Before the profile can be saved with Intra-Forest chosen as the scope, the mappings for all of the msExch attributes will need to be removed.
6. Select the status of the profile from the Status drop-down list:
o Active– will synchronize manually or as scheduled as soon as the profile is saved o Suspended – Not active, will not synchronize
7. Select the logging level of the profile from the Logging drop-down list: o Low – only errors are logged
o Medium – errors and warnings are logged
o High – all messages (errors, warnings, information, etc.) are logged (should be used for troubleshooting purposes only)
8. Select an Audit Logging option from the drop-down list:
o Enabled – Records object and attribute changes in the Audit Log
SMART ACTIVE DIRECTORY MIGRATOR 9.2 USER GUIDE
12
9. For Schedule, select the schedule:
o By frequency – enter the appropriate frequency or the specific time for the synchronization process to run for your environment. Zero (0) is not a valid value for frequency. The minimum interval is 15 minutes. o At specific times(s) – enter one or more specific times or select times from the drop-down list of times.
A selected time can be deleted by selecting the time and clicking the Delete key. o Manual only – the synchronization process will not run until it is manually started.
If you choose the By frequency option, SMART Directory Sync will initiate a synchronization when an active profile is saved. Select the At specific time(s) option and select a time in the future or select the Manual only option if you want to save an active profile without it syncing right away. This would be helpful if you wanted to run a Sync Report or inspect items in SQL before pulling them into the target Active Directory.
10. Click the AD Source tab enter credentials that have read/write access to the source Active Directory. The required read access must extend to the Deleted Accounts container, which can require a privileged account.
11. In the User Name field, enter the Active Directory User Name.
SMART ACTIVE DIRECTORY MIGRATOR 9.2 USER GUIDE
13
12. In the Password field, enter the password assigned to the Active Directory user.
13. In the Global Catalog Server field, enter the IP Address or fully qualified domain name of the server (FQDN) for the Global Catalog Server or a Domain Controller that will be used for all read/write operations.
The entered credentials and Global Catalog Server/Domain Controller must have access to all Domains and subdomains that are required to synchronize.
If SID History will be synchronized, SMART Directory Sync will require access to the domain controller holding the PDC Emulator Active Directory FSMO role in all source and target domains.
14. Select an Attribute Change Detection option from the drop-down list:
o Enabled– Only attributes changed on the source object will be synchronized o Disabled– All attributes on the source object will be synchronized
15. Select an Automatically Mark Objects as Ready to Sync option from the drop-down list:
No – (default) Objects are not marked as Ready to Sync. No should be selected if you are using SMART AD Migrator to perform an AD migration. Objects can be marked as ready to sync in the SMART AD Migrator Console.
Yes – Objects are marked as Ready to Sync. Objects will be synced during the synchronization. Yes should be selected if you are performing an AD to AD directory synchronization and not a full AD migration.
16. Click Add OU(s) to display a list of OU(s) (organizational units) available to synchronize.
SMART ACTIVE DIRECTORY MIGRATOR 9.2 USER GUIDE
14
17. Select the appropriate source OU’s and click OK. The selected source OUs are displayed in the Source OUs table.
To deselect an OU from the source, select it and then click the Remove OU button and confirm or click the Delete key.
18. The following Source OU fields display at the bottom of the screen used in the above example. Source OU – Reflects the OU selected from the tree view.
Sub OUs – Select this option to synchronize Sub-OUs. The checkbox is selected by default. Clear this option if you do not want to synchronize sub-OUs.
Groups – The checkbox is selected by default. Clear this option to skip groups from being synchronized. Disabled Users– Select this option to synchronize Disabled Users. The checkbox is selected by default.
Clear this option to prevent Disabled Users from being synchronized.
Non-Mail Enabled – Select this option to synchronize Non-mail enabled objects. The checkbox is not selected by default. Clear this option to skip Non-mail enabled objects from being synchronized. User Filter– This is an LDAP filter and can be used to filter synchronization to specific object types or
those objects exhibiting specific attribute properties. See the Using the User, Group, and Device LDAP Filters topic in the SMART Directory Sync documentation for more information.
Group Filter – This is a LDAP filter and can be used to filter groups based on the entered criteria. See the Using the User, Group, and Device LDAP Filters topic in the SMART Directory Sync documentation for more information.
Device Filter – This is a LDAP filter and can be used to filter devices based on the entered criteria. See the Using the User, Group, and Device LDAP Filters topic in the SMART Directory Sync documentation for more information.
It is recommended that you test the LDAP filter syntax prior to saving your changes and running a synchronization.
SMART ACTIVE DIRECTORY MIGRATOR 9.2 USER GUIDE
15
20. Click Add DC(s) to open the Active Directory DC Selection window. Click Refresh DCs to find all available Domain Controllers. Available options include Ping Servers to test the availability of the selected Domain Controllers and Test Connections to test the connection to the LDAP server. Select one or more Domain Controller and click OK to add the Domain Controllers to the list of Source DCs.
If your Active Directory forest contains more than one domain it may be necessary to add at least one domain controller from each domain. When SMART Directory Sync attempts to resolve objects, such as group members or a user's manager, that are in another Domain (than the one specified on the Source tab), it will reference the domain controllers list to find a valid DC to use.
To ensure that group membership and manager/subordinate relationships are properly recreated, it is recommended to add the appropriate DC’s for alternate domains to the Source DC’s tab.
SMART ACTIVE DIRECTORY MIGRATOR 9.2 USER GUIDE
16
21. The Active Directory DC Selection window closes and the selected Domain Controllers appear in the Source DC’s list. The order the domain controllers are used for each Domain can be selected by entering a number value in the Priority column (lowest number = first). If the highest priority DC is unavailable, Directory Sync will use the next DC.
Domain Controllers with no priority set will be used after those with a priority.
If no priority is set for the servers in a Domain, they will be used in the order listed in the table.
A Domain Controller that is the Global Catalog Server selected on the AD Source tab is given top priority regardless of the value in the Priority field.
No two DC’s in a Domain can have the same priority. 22. Click the AD Target tab.
23. In the User Name field, enter the name of the Active Directory user that has the required rights to the Target directory.
The credential should be entered as a user principal name (for example, jsmith@acmecorp.com)
24. In the Password field, enter the password of the Active Directory user. These credentials should have write access to target OU, as well as any Domains or subdomains that may contain matched users.
SMART ACTIVE DIRECTORY MIGRATOR 9.2 USER GUIDE
17
25. In the Global Catalog Server field, enter the IP Address or fully qualified domain name of the server (FQDN) of the Global Catalog Server or Domain Controller that will be used for all write operations.
26. In the Target OU, Click Browse to select a target OU. Any newly created objects will be written to this OU. 27. Check the Do not create source OUs in target option if you do not want the source OU structure to be created
as objects are synchronized to the target. All objects will be created directly in the Target OU specified for that profile.
28. Select an option from the Synchronize Passwords drop-down list: o No – (default) Passwords will not be copied to the target o Yes – Passwords will be copied to the target.
The password policy on the source must meet or exceed the password policy strength on the target. An error will occur if the Administrator password contains double quotes (") when performing password synchronization. To work around this, ensure the administrator password does not contain double quotes.
29. Enter a default password for new users in the Default Password field. The default password cannot exceed 128 characters in length.
Even if Passwords are being copied, and default password value is still required as the initial account is created with the default password, and then the source password is copied over.
30. Select an option from the Preserve Objects in Target drop-down list to control what happens to target objects when the corresponding source objects are deleted:
No – (default) When objects are deleted in the source, the corresponding objects will be deleted from the target. This only applies to objects created in the target by SMART Directory Sync.
Yes – Objects that are deleted in the source will not be deleted in the target.
31. Select an option from the Preserve Deleted Objects in Target As Is drop-down list to control what happens to target objects if they are deleted:
No – (default) If an object previously synchronized is deleted on the target, it will be recreated. Yes – If an object previously synchronized is deleted on the target, it will not be recreated. 32. Click the AD Target Options tab.
SMART ACTIVE DIRECTORY MIGRATOR 9.2 USER GUIDE
18
33. Click the Users sub-tab.
34. Select an option from the Create Mail Enabled Users as drop-down list: For Inter-Forest:
As Is – (default)
Mail-Enabled Users in the source will be Mail-Enabled Users in the target
Mailbox-Enabled Users in the source will become Mail-Enabled Users in the target The Active Directory User Account Control property for enabled or disabled will be copied
as is. In other words, user accounts that are enabled in the source, will be enabled in the target.
Mail-Enabled Contacts in the source will be Mail-Enabled Contacts in the target Mail-Enabled, AD Enabled –
The Active Directory User Account Control property for enabled or disabled will always be set to Enabled. In other words, user accounts that are disabled in the source, will be enabled in the target
Mail-Enabled Users in the source will be Mail-Enabled Users in the target
Mailbox-Enabled Users in the source will become Mail-Enabled Users in the target Mail-Enabled Contacts in the source will be Mail-Enabled Contacts in the target Mail-Enabled, AD Disabled –
The Active Directory User Account Control property for enabled or disabled will always be set to Disabled. In other words, user accounts that are enabled in the source, will be disabled in the target.
SMART ACTIVE DIRECTORY MIGRATOR 9.2 USER GUIDE
19
Mailbox-Enabled Users in the source will become Mail-Enabled Users in the target Mail-Enabled Contacts in the source will be Mail-Enabled Contacts in the target Contact –
This option IS NOT RECOMMENDED for Active Directory Migrator projects as user accounts will NOT be created in the target
Contacts, Mailbox-Enabled Users, Mail-Enabled Users will be created as Mail Enabled Contacts in the target
This option does not have logon capabilities, but can be used for maintaining mail flow for existing users, contacts and distribution lists
For Intra-Forest:
Microsoft Exchange cannot have duplicate objects in the same organization. As a result, all mail-enabled objects will have Microsoft Exchange properties removed, effectively creating non-mail enabled objects regardless of the source object type.
As Is – (default)
Mail-Enabled Users in the source will be non-mail enabled users in the target
Mailbox-Enabled Users in the source will become non-mail enabled users in the target The Active Directory User Account Control property for enabled or disabled will be copied
as is. In other words, user accounts that are enabled in the source, will be enabled in the target
Mail-Enabled Contacts in the source will be Non-Mail Enabled Contacts in the target Mail-Disabled, AD Enabled –
The Active Directory User Account Control property for enabled or disabled will always be set to Enabled. In other words, user accounts that are disabled in the source, will be enabled in the target
Mail-Enabled Users in the source will be Non-Mail Enabled Users in the target
Mailbox-Enabled Users in the source will become Non-Mail Enabled Users in the target Mail-Enabled Contacts in the source will be Non-Mail Enabled Contacts in the target Mail-Disabled, AD Disabled –
The Active Directory User Account Control property for enabled or disabled will always be set to Disabled. In other words, user accounts that are enabled in the source, will be disabled in the target.
Mail-Enabled Users in the source will be Non-Mail Enabled User in the target
Mailbox-Enabled Users in the source will become Non-Mail Enabled Users in the target Mail Enabled Contacts in the source will be Non-Mail Enabled Contacts in the target
SMART ACTIVE DIRECTORY MIGRATOR 9.2 USER GUIDE
20
Contact –
This option IS NOT RECOMMENDED for Active Directory Migrator projects as user accounts will NOT be created in the target.
Contacts, Mailbox-Enabled Users, Mail-Enabled Users will be created as Non-Mail Enabled Contacts in the target.
This option does not have logon capabilities, but can be used for maintaining mail flow for existing users, contacts and distribution lists.
The Mail-Enabled, AD Enabled option creates Active Directory users with logon capabilities in the target domain and all properties from the source’s object, including mail addresses.
The Mail-Enabled, AD Enabled option can override the properties found in the Source AD environment. For example, a Disabled Enabled User found in the source will be enabled in the target if the Mail-Enabled, AD Enabled option is selected. Conversely, an enabled user found in the source will be disabled in the target if the Mail-Enabled, AD Disabled option is selected.
Directory Sync will not create Mailbox-Enabled Users in the target directory.
Due to a sAMAccountName size limit of 20 characters in Active Directory, user objects with calculated sAMAccountName names greater than 20 characters in length are truncated to 20 characters. Truncated sAMAccountNames will be appended with a random number from 1 to 9999 to ensure uniqueness. This does not apply to group objects.
36. Select an option from the Create Non-Mail Enabled Users as drop-down list:
o As Is – (default) The Active Directory User Account Control property for enabled or disabled will be copied as is.
o Enabled – The Active Directory User Account Control property for enabled or disabled will always be set to Enabled for Non-Mailed Enabled Contacts and Users. Non-Mailed Enabled contacts are always copied as is.
o Disabled – The Active Directory User Account Control property for enabled or disabled will always be set to Disabled for Non-Mailed Enabled Users. Non-Mailed Enabled contacts are always copied as is.
37. Select an option for handling user account collisions when two users of the same name are found from the Users Collisions drop-down list:
Update – (default) If a user with the same name is found in the target domain, the users will be updated in the target AD. User collisions are determined based on the options selected on the Matching tab of the profile.
Skip – The user will not be synchronized into the target AD and a warning entry will be entered into the log entry stating that the source user will not be synchronized to the target directory.
A user that was previously synchronized to the target will fail to sync if a manual /repushpull /resync is run. This occurs because a target object with a matching sAMAccountName will already exist. If this is not the desired behavior, before running the /repushpull and /resync commands, administrators should clear the target directory of any previously created objects.
SMART ACTIVE DIRECTORY MIGRATOR 9.2 USER GUIDE
21
Rename - This allows you to define a prefix or suffix to be added to the sAMAccountName of the user when it is written in the target directory. This option creates a new user using the existing name and the prefix or suffix to bypass the user collision when selected. Prefix is selected by default. To define a specific value for the prefix or suffix, select the Specific Value option and enter the value. To use a value from an internal field, select the Internal Field option and select a field from the drop-down list. If selecting an internal field, a Boolean (True/False) field or an empty field should not be selected. User accounts where the sAMAccountName exceeds 20 characters will not be created in the Target and an error will be logged.
37. Select an option from the Do not overwrite target Proxy Addresses drop-down list:
o Yes – Proxy Addresses will only be updated during initial sync if the target object has no proxy addresses. Proxy addresses will not be updated on subsequent syncs.
o No – (default) Proxy Addresses on the target are overwritten. 38. Select an option from the Sync Objects drop-down list:
o One-Time – objects are synced once after being marked as "Ready to Sync" in the SMART AD Migrator console. Additional syncs are not performed if there are changes in the source.
Groups are not continuously synced. However, group membership is continuously updated.
o Continuous – (default) objects are continually synced between the source and target after being marked as "Ready to Sync" in the SMART AD Migrator console.
39. Select an option from the Synchronize SID History drop-down list:
o Yes – SID history is synchronized. This option is not available for Intra-Forest profiles. Review the Requirements for more information on Synchronizing SID History Prerequisites. o No – (default) SID history is not migrated.
SMART ACTIVE DIRECTORY MIGRATOR 9.2 USER GUIDE
22
40. Click the Groups sub-tab.
41. Select an option from the Create Domain Local Groups as drop-down list:
Domain Local – (default) Domain Local Groups in the source will be Domain Local Groups in the target. Universal – Domain Local Groups in the source will be Universal Groups in the target.
Do Not Create – Domain Local Groups in the source will not be created in the target. 42. Select an option from the Create Global Groups as drop-down list:
Global – (default) Global Groups in the source will be Global Groups in the target. Universal – Global Groups in the source will be Universal Groups in the target. Do Not Create – Global Groups in the source will not be created in the target. 43. Select an option from the Create Universal Groups as drop-down list:
Universal – (default) Universal Groups in the source will be Universal Groups in the target. Domain Local – Universal Groups in the source will be Domain Local Groups in the target. Do Not Create – Universal Groups in the source will not be created in the target.
44. Select an option for handling group collisions when two groups of the same name are found from the Group Collisions drop-down list:
Merge – If a group with the same name is found in the target domain, the members of the source group will be added to the target group. Group collisions are determined based on Name first, then based on the options selected on the Matching tab of the profile.
Skip – The group will not be synchronized into the target AD and a warning entry will be entered into the log entry stating that the source group will not be synchronized to the target group.
SMART ACTIVE DIRECTORY MIGRATOR 9.2 USER GUIDE
23
A group that was previously synchronized to the target will fail to sync if a manual /repushpull /resync is run. This occurs because a target object with a matching sAMAccountName will already exist. If this is not the desired behavior, before running the /repushpull and /resync commands, administrators should clear the target directory of any previously created objects.
Rename - This allows you to define a prefix or suffix to be added to the name of the group when it is written in the target directory. This option creates a new group using the existing name and the prefix or suffix to bypass the group collision when selected. Prefix is selected by default. To define a specific value for the prefix or suffix, select the Specific Value option and enter the value. To use a value from an internal field, select the Internal Field option and select a field from the drop-down list.
If selecting an internal field, a Boolean (True/False) field or an empty field should not be selected.
No option is selected by default for the Group Collisions field and an error message will appear if attempting to save the profile without selecting an option.
Directory Sync will attempt to add a group member to the target if it can find the member in the source. If the member in the source is in a different Domain than the group, the member will only be added to the group in the target if it already exists in the target. If Directory Sync cannot find the member in the source, the member will not be added to the group in the target. The Sync Report will explain why a member could or could not be synchronized.
SMART ACTIVE DIRECTORY MIGRATOR 9.2 USER GUIDE
24
A separate Synchronization Profile must be used when synchronizing device objects, and the Automatically Mark Objects as Ready to Sync option on the AD Source tab should be left as the default No, so the device objects are not inadvertently created in the target.
46. Select an option from the Create Devices as drop-down list: As Is - (default)
Enabled devices in the source will be enabled devices in the target. Disabled devices in the source will be disabled devices in the target.
Enabled - Enabled and disabled devices in the source will be enabled devices in the target. Disabled - Enabled and disabled devices in the source will be disabled devices in the target.
47. Select an option for handling user account collisions when two devices of the same name are found from the Device Collisions drop-down list:
Update – (default) If a device with the same name is found in the target AD, the device will be updated in the target AD.
Skip – If a device with the same name is found in the target AD, the device will not be added to the target AD.
Rename – This allows you to define a prefix or suffix to be added to the name of the device when it is written in the target directory. This option creates a new device using the existing name and the prefix or suffix to bypass the device collision when selected. Prefix is selected by default. To define a specific value for the prefix or suffix, select the Specific Value option and enter the value. To use a value from an internal field, select the Internal Field option and select a field from the drop-down list.
If selecting an internal field, a Boolean (True/False) field or an empty field should not be selected. Devices where the sAMAccountName exceeds 20 characters will not be created in the Target and an error will be logged.
Child objects of an AD computer object will be migrated, specifically connectionPoint Object class items, during synchronization with the target. This is a one-time migration of these item objects.
SMART ACTIVE DIRECTORY MIGRATOR 9.2 USER GUIDE
25
48. Click the Exchange Target Options tab.
49. Select an option from the GAL Visibility drop-down list:
Visible – (default) Users and groups are visible in the GAL. Hidden – Users and groups are hidden in the GAL.
As Is – Users and groups that are hidden in the GAL in the source are hidden in the GAL in the target. Users and groups that are visible in the GAL in the source are visible in the GAL in the target.
When synchronizing objects into Exchange 2003 (only), the option to hide from the GAL will not function if the Recipient Update Service (RUS) is enabled.
If synchronizing to an Active Directory that does not have Exchange in the environment, select the Hidden option to avoid Active Directory constraint errors.
This option does not apply to Intra-Forest profiles.
If you select Yes for the Only Update Mailbox Enabled Objects option, only mailbox-enabled objects in the target directory will be updated with values from the source object based on the mapping table settings. If this is set to No (default), mailbox-enabled objects in the target directory will be skipped and noted in the sync report. If you intend to update both, you must use two separate profiles.
CAUTION: This is not a commonly occurring preference as the authoritative object is most often where the mailbox is located.
50. The Add x500 Proxy to Source option allows you to add the LegacyExchangeDN of any mail enabled object in the target as an additional X500 proxy address to the source mailboxes. If Yes is selected, an x500 proxy address is added to all corresponding objects in the AD Source forest. If selecting Yes, you must check the statement of understanding that appears below the option. No is selected by default.
SMART ACTIVE DIRECTORY MIGRATOR 9.2 USER GUIDE
26
This option must be set to No for Intra-Forest profiles.
51. The Resource Forest option allows you to define the AD Target as a Resource Forest. This is required if you plan to later migrate mailboxes to your Target forest. If Yes is selected, the Master Account SID will be set on the AD Target objects. No is selected by default.
This option must be set to No for Intra-Forest profiles.
52. The Allow Enable/Disable of Mailbox Enabled Source Objects option allows you to define if enabling or disabling Mailbox Enabled Source objects is allowed. If Yes is selected, the enabling or disabling of Mailbox Enabled Source objects is allowed. No is selected by default.
This option should be set to Yes if the ability to change the User Account Control (UAC) on the Source account is desired. If this is not changed, the Disable/Enable Source Actions in SMART AD Migrator will not work (for the Source account).
53. Select Email Address Policy options for Users, Contacts, and Groups:
Unselected – (default) Directory Sync will not enable the target object attribute to ‘Automatically update email addresses based on email address policy’ in Exchange.
Selected – Directory Sync will enable the target object attribute to ‘Automatically update email addresses based on email address policy’ in Exchange.
Directory Sync will only apply the attribute to ‘Automatically update email addresses based on email address policy’ to the target object. It cannot apply the email address policy.
This option does not apply to Intra-Forest profiles.
55. If selected the Email Address Policy option for User, Contacts, or Groups, a drop-down list appears with the following options:
Enable email policy for objects created by DirSync Enable email policy for objects updated by DirSync
Enable email policy for objects created or updated by DirSync Disable email policy for objects created by DirSync
Disable email policy for objects updated by DirSync
Disable email policy for objects created or updated by DirSync
56. Click the Target DCs tab to define the list of target Domain Controllers (DC’s) to use when Directory Sync is searching for matched objects.
SMART ACTIVE DIRECTORY MIGRATOR 9.2 USER GUIDE
27
57. Click Add DC(s) to open the Active Directory DC Selection window. Click Refresh DCs to find all available Domain Controllers. Available options include Ping Servers to test the availability of the selected Domain Controllers and Test Connections to test the connection to the LDAP server. Select one or more Domain Controller (use Ctrl+Click to select more than one) and click OK to add the Domain Controllers to the list of Target DCs.
SMART ACTIVE DIRECTORY MIGRATOR 9.2 USER GUIDE
28
If you selected Domain level matching in the Target tab, only select Domain Controllers for the target Domain. No other Domains will be searched.
If you have selected Forest level matching in the Target tab, you must add at least one Domain Controller for each Domain that should be searched for matched objects. If you do not select at least one Domain Controller for a Domain, that Domain will not be searched during synchronization.
Select more than one Domain Controller in a Domain for failover purposes.
Additionally, defined Domain Controllers are only searched for matches if the previous Domain Controller is unavailable.
58. The Active Directory DC Selection window closes and the selected Domain Controllers appear in the Target DC’s list. The order the domain controllers are used can be selected by entering a number value in the Priority column (lowest number = first). Available options include Ping Servers to test the availability of the selected Domain Controllers and Test Connections to test the connection to the LDAP server.
Domain Controllers with no priority set will be used after those with a priority.
If no priority is set for the servers in a Domain, they will be used in the order listed in the table.
A Domain Controller that is the Global Catalog Server selected on the AD Target tab is given top priority regardless of the value in the Priority field.
No two DC’s in a Domain can have the same priority. 59. Click the Matching tab.
SMART ACTIVE DIRECTORY MIGRATOR 9.2 USER GUIDE
29
AD attributes used for matching should be indexed. Follow the procedure at https://technet.microsoft.com/en-us/library/aa995762(v=exchg.65).aspx to index AD attributes.
60. Select an option from the Matching Level drop-down list:
Forest – (default) Matching is done against the target Forest Domain – Matching is done against the target Domain This option is set to Domain for Intra-Forest profiles.
61. Select an option from the Matching Action drop-down list:
o Create or Update – (default) Creates objects that do not have matching objects in the Target and updates objects that have matching objects in the Target.
o Create only – Creates objects that do not have matching objects in the Target. Objects that have matching objects in the Target are NOT updated, unless the object was created by Directory Sync. This means that even during an initial sync or a sync after a reset, objects previously created by Directory Sync will be updated.
o Update only – Updates objects that have matching objects in the Target. Objects that do not have matching objects in the Target are NOT created.
o Match only, No Update – Matching objects are updated in SQL, but no updates are done in the Target and no new objects are created in the Target.
62. Select the Match object types option to enable object type matching. Object types are Users, Contacts, Groups, and Devices. This option is enabled (checked) by default.
63. The default source to target attribute matching pairs are displayed. This defines what attributes Directory Sync will use to match objects in the Source to objects in the Target, as well as the order in which they will be used. The below table displays the default matching attribute pairs:
Source Target
sAMAccountName sAMAccountName
mail mail
cn cn
To customize the matching, select attributes from the drop-down lists under Source and/or Target or type in the names of attributes in the fields. The matching pairs are “either/or” statements (not “and” statements) with the first match attempted on the top row pair (Default: sAMAccountName -> sAMAccountName) and then proceeding in descending order to the next row pair and so on. At least one matching pair is required for the profile to be saved.
SMART ACTIVE DIRECTORY MIGRATOR 9.2 USER GUIDE
30
64. Select an option from the Re-Link drop-down list:
Enabled – (default) SMART Directory Sync will attempt to re-link objects in the target by first looking for an object that has the adminDisplayName stamped with the source object's unique identifier. If an object is found, then those two objects are linked and no other attempts at matching are performed. If an object is not found, then the process attempts to match to an object by searching based on the matching criteria. If a matching object is not found, then a new object is created.
Disabled – SMART Directory Sync will not attempt to re-link objects in the target and will always match based on the matching criteria.
Whenever SMART Directory Sync creates a new object in the target or matches to an existing object in the target, it stamps the adminDisplayName attribute (for Active Directory) or the $BTSourceDirectoryID property (for Domino) of the target object with the source object's unique identifier (objectGUID for AD objects and UNID for Domino objects). This effectively links these two objects together. This link is also maintained between the two objects in the SQL database and future updates are based on this SQL link. However, when a profile is reset, these SQL records are deleted.
When Re-Link is enabled, performance can be improved by indexing the adminDisplayName attribute. Follow the procedure at https://technet.microsoft.com/en-us/library/aa995762(v=exchg.65).aspx to index
AD attributes.
65. If the Re-Link option is enabled, select an option from the Restore Ready to Sync drop-down list: Yes – (default) The re-link process will set all re-linked objects to Ready To Sync.
No – The re-link process will not reset the Ready To Sync setting on re-linked objects. This would allow you to prevent changes to objects until they are prepared.
66. Click the Mapping tab to view the default mapping or to edit how attributes should be translated from the source to the target Active Directory. Review the table and make the appropriate changes for your environment. Double-click a cell in the mapping table select a different field or type from a drop-down list. Click above the first row to create a new entry. Double-click on a cell in the Comments column to enter a comment. Appendix A contains the default mapping.
To revert to the default mappings, use CTRL+A to select all mappings, delete the mappings (Delete key), and click Yes when prompted to remove all entries.
The default mapping for attributes will be applied unless deleted. When creating custom mapping for an attribute, the default mapping for the attribute should be deleted.
There are two Target Type columns in the table. This allows you to restrict the type of object in the target directory that can be updated. If you set both types to the same value, then this mapping will only apply to that object type. If you set one to person and the other to group, the mapping will apply to user and group objects only. If both are set to any, the mapping is unrestricted and will apply to all object types.
SMART ACTIVE DIRECTORY MIGRATOR 9.2 USER GUIDE
31
Values that can be used for either mapping or matching can be entered manually or imported from a CSV file in the Mapped Values dialog box.
Mapped values for device objects is not currently supported. This feature will be supported in a future release. 1. Click the Mapped Values button. The Mapped Values window appears.
2. Values can be entered manually by clicking on the first row.
3. Values can also be imported from a CSV file by clicking the Import button.
4. Select a CSV file that has Source fields and values, Target fields and values, and the application of the mapping or matching. The final value of each row can be “Match”, “Map”, or “MatchMap”. “MatchMap” applies both matching and mapping.
SMART ACTIVE DIRECTORY MIGRATOR 9.2 USER GUIDE
32
67. Click Save to verify all required fields are populated and save the profile. You can save an incomplete profile as long as it is suspended.
68. Click Overrides to open the table of mapping overrides. These represent default system mappings specifically for the internal SQL fields, and are used to transpose values during creation and synchronization. Overrides are customizable and apply to all profiles. See Appendix B for more information on editing Overrides.
Overrides for device objects is not currently supported. This feature will be supported in a future release. 69. Create additional synchronization profiles as needed. To copy an existing profile, right-click on a profile in the
table and select Copy. All profile settings will be copied into a new profile that can then be edited as necessary. New profiles created by copy are suspended by default. Select the profile in the table and click Activate Profile.
3.3 Active Directory Migrator Sync Report
Overview
The Sync Report has two primary functions. The first is as an analytical tool used prior to synchronizing any objects into a target directory, and the second is as a logging feature to view the details of each synchronization.
Prior to synchronizing any object into the target, the source directory(ies) must be analyzed to identify any objects that could be problematic. This is a critical step to a successful sync and should not be overlooked.
The Sync Report reads the source directory(ies) and writes the data into SQL. This is the same action taken if you were to initiate a Push command. The source data is analyzed to determine the result if you were to Pull the data into the target directory. The Sync report should be run prior to the first sync, as well as prior to running a sync after you have made a change to the profile, to confirm the intended results.
SMART ACTIVE DIRECTORY MIGRATOR 9.2 USER GUIDE
33
Common issues that must be corrected prior to synchronizing Active Directories.
SMTP
Addresses
Duplicate SMTP Addresses - These objects will be skipped with a warning that the SMTP
address is already in SQL. Any object you wish to sync must have a valid and unique SMTP
Address.
Unique
Match
Values
SMART Directory Sync allows you to define up to 4 field/attribute pairs to match objects in
the source to objects in the target. If the source value matches to more the one target
object value, SMART Directory Sync will skip the object. This must be corrected if you
intend for this object to synchronize to the target directory. The Sync Report allows you to
see the matched objects between the source and target. These should be reviewed to
ensure that your match criteria are valid for your environment.
Running a Sync Report
To run a Sync Report:1. Once you have created a profile, Click the Sync Report button. This opens the Sync Report window. The example in this section is a Domino to Active Directory profile.
2. Click Run Report and Yes to confirm. Click the Refresh button to populate the UI with the most recent data.
A sync report performs a Push into SQL, so it is important that you reset the profile prior to running a sync if
you have made any changes to the source data or the profile settings. If you do not clear the profile, the data
that is in SQL from the Sync Report will be pulled to the target directory.
SMART ACTIVE DIRECTORY MIGRATOR 9.2 USER GUIDE
34
Objects tab
This contains all of the objects in the source and the action that would have been taken had the profile been synched to the target. All of the columns can be sorted, filtered or reordered (drag and drop). Review any objects that were skipped (in the Operations column, as well as any warnings in the Status column. You can double click on any entry to open the details for that object. The Details windows displays all of the details for the object, including the attributes and values that would be written to Active Directory. The Internal Fields tab displays the values that are written to SQL. Once corrected, you can run another sync report to validate the changes.
Members tab
The Members tab displays details for group synchronization. Here you can see each member of all of the groups that would be synched to Active Directory. You can filter the Status column for warnings to easily view any issues that should be resolved.
SMART ACTIVE DIRECTORY MIGRATOR 9.2 USER GUIDE
35
Object Summary tab
The Object Summary tab display a summary of each object type, the operation performed, the status and the object count.
Members Summary tab
The Members Summary tab displays a summary of group membership synchronization. It displays the number of members added to groups, number of skipped members and the total number of errors or warnings.
SMART ACTIVE DIRECTORY MIGRATOR 9.2 USER GUIDE
36
Profile tab
The Profile tab lists all of the settings for the profile for which the sync was run. This can be easily exported for troubleshooting purposes.
Source DCs tab
The Source DCs tab displays the Domain Controllers listed in the Source AD tab of the profile.
Target DCs tab
The Target DCs tab will display all of the Domain Controllers configured in the Target DC's tab. It also shows the priority in which they will be used. The default will always be used unless it is unreachable.
SMART ACTIVE DIRECTORY MIGRATOR 9.2 USER GUIDE
37
Section 4. Using the SMART Active Directory
Migrator Console
4.1 Launching the Active Directory Migrator Console
To launch the Active Directory Migrator console:
1. Double-click the SMART AD Migrator Console desktop shortcut.
OR
Select SMART AD Migrator Console in the Start menu.
2. The SMART Active Directory Migrator screen appears briefly and the application opens.
The SMART AD Migrator Console will not launch until a license for AD Migration/Synchronization is applied in the SMART Directory Sync Console.
4.2 Refreshing Data
Use the Refresh button to refresh the data currently displayed in the table. The refreshed data will display all previous changes to the database and the currently available right click-options. All selected filter options will not be affected by refreshing.
To refresh the data displayed in the table:
1. Click the Refresh button .
4.3 Creating Mapping Files
Use the Create Mapping Files button to generate the User Mapping File (Map.usr) and Group Mapping File (Map.gg). These files are automatically created during the ReACL process so the only time they need to be created manually is when re-permissioning SQL databases. This process is otherwise not required.
SMART ACTIVE DIRECTORY MIGRATOR 9.2 USER GUIDE
38
To create the mapping files:
1. Click the Create Mapping Files button .
2. The Mapping Files window appears and displays the location of the created Map.usr and Map.gg files. Click OK.
Each time the Create Mapping Files process is run, the Map.usr and Map.gg files are overwritten. If the Active Directory environment is non-English, the values in the sAMAccountName column of the
BT_SystemGroup table in the SQL database will need to be changed after SMART Directory Sync is installed to have the appropriate non-English values.
4.4 Migration Groups
Objects in the table can be grouped into Migration Groups for migration process management. Migration Groups allow you to filter and sync smaller groups of objects. An item can be part of a single Migration Group only.
To set Migration Group for objects:
1. Click on table rows to select one or more objects in the list. (Use Ctrl-Click to select more than one row.) 2. Right-Click to view the options menu and select Set Migration Group.
3. Select a migration group from the drop-down list or click New to create a new Migration Group for the selected objects. To remove a previously select migration group, select <None> from the drop-down list.
4. If creating a new Migration Group, enter a Migration Group Name.
SMART ACTIVE DIRECTORY MIGRATOR 9.2 USER GUIDE
39
Import Migration Groups
The import Migration Groups feature allows you to import a CSV file with objects and their matching migration groups Duplicate objects in the CSV will not be stamped with a migration group.
Objects names can be the sAMAccountName (for Users, Rooms, Groups, and Devices) or the Distinguished Name (for Users, Rooms, Contacts, Groups, and Devices).
To import Migration Group values:
1. Click the Import Migration Groups button .
2. Select a CSV file containing the Migration Group names and click Open.
The CSV file should have two columns. The first column is Object Name and the second column is Migration Group Name. An example file is below:
jsmith,Windows 7 Group mjones,Windows 7 Group jtaylor,Windows 8 Group
An example file entry for Contacts is below:
CN=John Smith,DC=domain,DC=dom,Windows 7 Contacts
3. Click OK on the confirmation window. Click Export Results to export a file containing the matching results.
4.5 Using Blacklists
Objects can be added to the blacklist. Blacklisted objects will not be displayed unless the "Show Blacklisted" option is selected. Blacklisted objects cannot have actions performed on them, except Set Migration Group and Mark as Migrated.
To add objects to the blacklist:
1. Click on table rows to select one or more objects in the list. (Use Ctrl-Click to select more than one row.) 2. Right-Click to view the options menu and select Add to Blacklist. The selected objects are removed from the
displayed list.
3. Select the Show Blacklisted option to view the blacklisted objects. To remove objects from the blacklist:
1. Select the Show Blacklisted option to view the blacklisted objects.
2. Click on table rows to select one or more objects in the list. (Use Ctrl-Click to select more than one row.)
3. Right-Click to view the options menu and select Remove from Blacklist. The selected objects are removed from the displayed list.
SMART ACTIVE DIRECTORY MIGRATOR 9.2 USER GUIDE
40
4.6 Grouping, Sorting, and Filtering Tables
The data table can be grouped by column headers, sorted by column or filtered.
Grouping
To group the data table by column headers:
1. Click and drag a column header to the area above the column headers to group by that column header.
2. Click and drag additional column headers to create child groups.
3. To remove a grouping, rollover and click the "X" in the grouped by column heading.
Sorting
To sort the data table by column headers:
1. Click a column header to sort the table by the column in ascending order.
2. Click the column header again to sort the table by the column in descending order.
3. Click the column header a third time to remove the column sort and return to the default sort.
Filtering
To filter the data table with the column filters:
SMART ACTIVE DIRECTORY MIGRATOR 9.2 USER GUIDE
41
2. Select filter options and then click Filter. The table is updated as you select the options. The filter icon is darkened when applied.
3. To remove the column filter, click the filter icon and click Clear Filter.
4. To clear all column filters, click the Clear All Column Filters button or right-click on the header row and select Clear All Column Filters.
To filter the data table by DirSync Profile:
1. Select a profile from the DirSync Profiles drop-down list. The table is updated to display only objects associated with the selected DirSync profile. By default, objects from All Profiles are displayed.
To filter the data table by Migration Group:
1. Select a migration group from the Migration Group drop-down list. The table is updated to display only objects in the selected migration group. By default, objects from All batches are displayed.
4.7 Customizing Columns
The default data tables do not display every available column. However, the displayed columns can be customized. Also the column order can also be changed.
SMART ACTIVE DIRECTORY MIGRATOR 9.2 USER GUIDE
42
To choose displayed columns:
1. Click the Choose Columns button in the table header or right click on the header row and select Choose Columns. The Choose Columns window appears.
2. Select the columns to display in the table.
3. Click OK. The table is updated with the selected columns. To change the order of columns:
1. Click and drag the column header and drop it in a new location. The table is updated.
4.8 Selecting Multiple Table Rows
There are several ways to select multiple table rows. To select all table rows:
1. Click the Select All button in the table header or use Ctrl+A. The first 1000 rows are selected by default. By default, the first 1000 rows are selected. This setting can be changed in SQL in the ADM_Setting table field SelectAllLimit.
2. Perform a right-click action to the selected rows.
If attempting to select more than 1000 rows at time, perform the action on the first 1000, filter the list based on the action, and then select all again.
SMART ACTIVE DIRECTORY MIGRATOR 9.2 USER GUIDE
43
To select more than one table row:
o Use Ctrl+Click to select more than one row.
o Use Shift+Up/Down Arrow to select additional rows before or after the currently selected row. o Use Shift+Pg Up/Pg Dn to select all rows before or after the currently selected row.
The following key shortcuts do not work: Shift+Ctrl+End, Shift+Ctrl+Home, Shift+Ctrl+Page Down, Shift+Ctrl+Page Up, Shift+Left Click, Click+Shift+Left Click.
4.9 Triggering a Sync
Use the Sync button to sync the data currently displayed in the table. Select a different DirSync Profile before starting a sync to synchronize just that configured Source to Target. If All Profiles is selected, all of the DirSync AD Migrator profiles will be synchronized. If the DirSync AD Migrator profile has been set to synchronize on a schedule, manually starting a sync is not necessary.
Only objects marked as "Ready to Sync" will be synced to the target. To sync the data displayed in the table:
1. Click the Sync button .
2. After clicking the Sync button the following confirmation for the synchronization of the selected DirSync Profile will be displayed.
3. If All Profiles are selected the prompt will appear as follows:
SMART ACTIVE DIRECTORY MIGRATOR 9.2 USER GUIDE
44
4.10 Exporting the Grid
The view as it is currently sorted and filtered can be exported to a file. To export the grid:
1. Click the Export Grid button .
2. Click OK on the Export All? confirmation window. Select a location, enter a file name, select a type and then click
SMART ACTIVE DIRECTORY MIGRATOR 9.2 USER GUIDE
45
Section 5. Migrating Users
The Users screen allows you to sync users to the target as well as enable and disable users on the source and target before cutover occurs.
Sync Users
To sync users to the target:
1. Click on table rows to select one or more users in the list (Use Ctrl-Click to select more than one row). 2. Right-Click to view the options menu and select Ready to Sync. The Ready to Sync column for the selected
users becomes checked. The selected users are synced during the next sync cycle (scheduled in SMART Directory Sync or triggered manually with the Sync button in SMART AD Migrator).
If the Ready to Sync column doesn’t display all of the check marks expected, click on the Refresh button to refresh the data in the table.
3. To prevent the users from syncing, select the users and select Not Ready to Sync from the right-click menu.
Enable and Disable Users
To enable/disable users on the source or target.
1. Click on table rows to select one or more users in the list (Use Ctrl-Click to select more than one row). 2. Right-Click to view the options menu and select one of the following options:
o Enable on Target only
o Enable on Target/Disable on Source o Enable on Source only
o Enable on Source/Disable on Target
