The Sysadmins

Tips and tricks from the Sysadmins

ADMT Series – 8. User Account Migration Wizard

In this post we’ll run through the User Account Migration Wizard to migrate users from the source to target domain. This guide will cover migrating users that do not exist in the target domain, if they do, please wait for the next article which will cover merging user accounts with an include file and/or migrating only the siDHistory attribute (with no other attributes).

I have created 9 test users in the source domain, which are members of the global security group we migrated in the last series post.

Migrating Users

From the ADMT machine, run ADMT and select User Account Security Wizard.

Select the source and target domain, you can also select which specific domain controller to use.

Select users from the domain or use an include file (the include file will be explained in the next ADMT Series post).

I’ve chosen 9 test user accounts.

Select the target OU.

Select Migrate Passwords, and choose the source DC (the DC which the Password Export Service is install on). If you receive the error: Unable to establish a session with the password export server. The Password Export Services is not running on the source server. Go to the source DC and start the Password Export Server Service.

Tick Migrate Users SIDs to target domain if you require siDHistory.

Enter source domain credentials to add SID history.

You can exclude particular attributes of the user here. By default it will pull across all attributes, such as home address, telephone numbers, descriptions etc… If you want to exclude any of these from being migrated across, tick Exclude specific object properties from migration and select User in the object type box. Move any user properties you want to exclude into the excluded properties box.

Conflict management, if you are unsure if a group with the same name exists in the target domain leave the default setting in place.

Click Finish

If you click view log you can see that the user object and password has been migrated. As we previously migrated the global group, the user has also been added to that.

You can now see the users in the target domain.

Group membership updated.

SID history carried across.

ADMT Series – 1. Preparing Active Directory
ADMT Series – 2. Preparing the ADMT Machine
ADMT Series – 3. SID History
ADMT Series – 4. Password Export Server
ADMT Series – 5. Machine Preparation
ADMT Series – 6. Service Account Migration Wizard
ADMT Series – 7. Group Account Migration Wizard
ADMT Series – 8. User Account Migration Wizard
ADMT Series – 9. Merging Users with a Different sAMAccountName
ADMT Series – 10. Security Translation Wizard – Local Profiles
ADMT Series – 11. Computer Migration Wizard

3 Comments

  1. You are missing one screen shot from this process. It is User Options section of this process.

    where you check:
    Translate roaming profiles
    Update user rights
    Migrate associated user groups
    -Update previously migrated objects
    Fix users’ group memberships

  2. One crucial step you didnt mention is before the migration, login as ADMTUser.
    If ADMT is not run as ADMTUser, you will get a permission error when trying to migrate them passwords.

    Cheers.

Leave a Reply

Your email address will not be published.

*

This site uses Akismet to reduce spam. Learn how your comment data is processed.