Migrating user accounts is probably the most common
migration operation that you will ever have to perform in your
administrative career. This is because of one main reason. That is, in
certain enterprises, you may have hundreds of computers, dozens of
printers, and even hundreds of group policies, but you will almost
always have thousands and thousands of users. Without user migration,
you'd have to go through the process of manually entering every one into
the new version of Active Directory and, boy oh boy, would that be one
serious pain.
To alleviate this pain and
make the transition relatively simple, you access the User Account
Migration Wizard, as you will see in Exercise 1.
Prerequisites: To perform this
exercise, you must have at least two domains and two domain controllers
operating Windows Server 2008. These domains must be fully networked
and accessible to each other. You will also need a 2003 server to host
the ADMT.
Make sure you are logged in as either a domain or enterprise administrator. Open the Active Directory Migration Tool by selecting Start => Administrative Tools => Active Directory Migration Tool. Select the Action menu and then User Account Wizard. Click Next. You
will see the Domain Selection screen asking for the source and target
domain and the domain controller. In the Source area, type the domain
and the name of the domain controller from the source from which you
want to migrate user accounts. In the Target area, place the destination
for your user accounts with its domain and domain controller. In this
example, we're using domain.com as our source domain and domain2.com as
our new domain.
On
the next screen, pictured here, you will be asked how you want to
select users that you want to migrate. One option is to choose the users
from a particular domain, and the other is to choose them from an
include file. For this exercise, specify that you will choose them from a
domain by selecting that radio button, and click Next.
The
next screen you will see is the User Account Migration screen. Here,
you can choose accounts that you want to migrate from one domain to
another. Most likely, this screen will appear blank. If so, click the
Add button, type a known name into the Enter... box (you should be
familiar with this box from other applications), and select the name. In
this example, we have premade the mighty user "snuffleupagus," as shown
here. Once the user is validated, you can close the box. Click Next.
Note: Keep in
mind that you can alternatively click the Advanced button after you have
clicked Add and then click Find Now, where you can just select your
user. The
next screen will ask you for the target organizational unit (OU) where
the account will reside once it's migrated. Click the Browse button.
Next, you can select where your target OU may reside. If you don't have
any OUs set up, you can just select the Users folder. Afterward, the
Lightweight Directory Access Protocol (LDAP) distinguished name will
appear in your selection box. Click Next.
After
you've clicked Next, you'll be presented with some password options for
moving your accounts from one domain to another. For this exercise,
select the Generate Complex Passwords radio button, and then click the
Next button.
Leave the Target Same As Source radio button selected on the Account Transition Options screen. Click Next. Leave the default options blank on the User Options screen, and then click Next. On
the Object Property Exclusion screen shown here, you can decide to
exclude certain specified properties, such as account expiration. Click Next.
Keep the Do Not Migrate Source Object If a Conflict Is Detected in the Target Domain radio button selected, and then click Next. Click
Finish. You will then be presented with a Migration Progress button
that should come out error free if the migration proceeded correctly. If
not, you will be able to click the log and view a list of potential
errors.
Snuffleupagus is now in the domain.com domain!
|
