{"id":124,"date":"2005-05-31T18:20:00","date_gmt":"2005-05-31T18:20:00","guid":{"rendered":"http:\/\/markwilson.me.uk\/blog\/2005\/05\/how-to-migrate-users-between-active.htm"},"modified":"2008-04-08T20:51:57","modified_gmt":"2008-04-08T20:51:57","slug":"how-to-migrate-users-between-active","status":"publish","type":"post","link":"https:\/\/www.markwilson.co.uk\/blog\/2005\/05\/how-to-migrate-users-between-active.htm","title":{"rendered":"How to migrate users between Active Directory forests using ADMT when the source and target domain names are similar"},"content":{"rendered":"<p><!--111756369509291892-->One of my clients is undertaking a domain consolidation process, moving to a new Active Directory (AD) forest called <em>companyname<\/em>.com with two child domains &#8211; emea.<em>companyname<\/em>.com and americas.<em>companyname<\/em>.com. All of the user accounts from the various NT 4.0 and Windows 2000 domains around the organisation are being migrated into this structure using the <a href=\"http:\/\/www.microsoft.com\/windows2000\/downloads\/tools\/admt\/\">Active Directory migration tool<\/a> (ADMT) but access will be required to resources in the legacy domains (at least in the short term).<\/p>\n<p>This is all reasonably straightforward, or it was until my colleagues unearthed a a new domain in Belgium called <em>companyname<\/em>.be. Because ADMT is reliant on <a href=\"http:\/\/www.microsoft.com\/technet\/prodtechnol\/windowsserver2003\/library\/ServerHelp\/31915de7-ff58-4f26-a8ec-450ffca75912.mspx\">external (NT 4.0) trust relationships<\/a>, which are established using NetBIOS names (not DNS), and because emea.<em>companyname<\/em>.com already has a Kerberos trust with <em>companyname<\/em>.com, it will not allow an external trust to be created with <em>companyname<\/em>.be. We don&#8217;t want to have to recreate the users and so I had to find a way around the problem. It&#8217;s not that complex &#8211; just a two step migration, but we also needed to confirm that the sIDHistory attribute for each user would remain in place if the account was migrated more than once (in order to maintain access to resources in the original domain).<\/p>\n<p>To prove this, I created four virtual machines (which run very slowly when the host is a notebook PC with only 1Gb of RAM&#8230;) representing domain controllers as follows:<\/p>\n<ul>\n<li>dc1.<em>companyname<\/em>.com<\/li>\n<li>dc2.emea.<em>companyname<\/em>.com<\/li>\n<li>dc3.<em>companyname<\/em>.be<\/li>\n<li>dc4.transfer.local<\/li>\n<\/ul>\n<p>I created three users in <em>companyname<\/em>.be (imaginatively named user1, user2, and user3) and a share called userdata (with some test files), to which users 1 and 2 had access and user 3 was denied access. I also disabled user2 and created a group to which all three users were added as members. <\/p>\n<p>The intention was to transfer the user accounts from companyname.be to transfer.local, and then to perform a second migration from transfer.local to emea.<em>companyname<\/em>.com, maintaining the account status (enabled or disabled), group membership and passwords, and then using a connection to the files on the share as a test of migrated sIDHistory.<\/p>\n<p>Once I had DNS resolving names across the three forests, I installed ADMT on dc4.transfer.local and migrated the users. ADMT is fairly straightforward to set up and run, but it is necessary to read and fully understand the requirements in <a href=\"http:\/\/support.microsoft.com\/?kbid=326480\">Microsoft knowledge base article 326480<\/a>, with the main points for my client&#8217;s scenario being:<\/p>\n<ul>\n<li>The target domain needs to be running in Windows 2000 native mode or later (without this, the sIDHistory attribute does not exist).<\/li>\n<li>The computer running ADMT must be a member of either the source or the target domain.<\/li>\n<li>The source domain must trust the target domain (in order for user and group migration to take place). <\/li>\n<li>Administrator rights are required in both the source and target domains (e.g. by adding the target domain&#8217;s Administrator account to the source domain&#8217;s Administrators group and vice versa).<\/li>\n<\/ul>\n<p>There is also an (undocumented) requirement that a <a href=\"http:\/\/forums.techarena.in\/archive\/index.php\/t-21808.html\">non-blank password must be used for the account used to run ADMT<\/a> (because I was running on a dedicated test system I was originally using the Administrator accounts with blank passwords, which needed to be changed). There is also some troubleshooting information available in <a href=\"http:\/\/support.microsoft.com\/?kbid=322970\">Microsoft knowledge base article 322970<\/a>.<\/p>\n<p>Once the above are in place, ADMT will complete some of the other requirements for user and group migration, namely:<\/p>\n<ul>\n<li>Creating a new (empty) local group in the source domain named <em>sourcedomainname<\/em>$$$.<\/li>\n<li>Enabling auditing for the success and failure of Audit account management on both domains in the Default Domain Controllers policy. <\/li>\n<li>Configuring the source domain to allow RPC access to the SAM by setting HKEY_LOCAL_MACHINE\\System\\CurrentControlSet\\Control\\LSA\\TcpipClientSupport to 1 on the PDC Emulator for the source domain and restarting that server. <\/li>\n<\/ul>\n<p><a href=\"http:\/\/support.microsoft.com\/?kbid=326480\">Microsoft knowledge base article 326480<\/a> also describes the process for installing the password migration DLL in order to migrate user passwords.<\/p>\n<p>It should be noted that the configuration items above expose serious security weaknesses which must be secured once the migration is completed.<\/p>\n<p>Once the users (with passwords) and group (with membership) had been migrated once, I could install ADMT on dc2.emea.<em>companyname<\/em>.com and migrate them again, this time from transfer.local to emea.<em>companyname<\/em>.com.<\/p>\n<p>Finally, to test that the sIDHistory attribute was allowing access to resources in the original source domain (<em>companyname<\/em>.be), I logged on to dc2.emea.<em>companyname<\/em>.com and started a command prompt, from which I could issue the following commands:<\/p>\n<p><code>net use e: \\\\dc3\\userdata \/user:emea\\user1 <em>password<\/em><\/code><\/p>\n<p>(i.e. a connection to a resource in the original <em>companyname<\/em>.be domain, using an account in the emea.<em>companyname<\/em>.com domain, which as expected, allowed access to the share as well as browsing subject to file permissions on the original resources).<\/p>\n<p><code>net use e: \/del<br \/>\nnet use e: \\\\dc3\\userdata \/user:emea\\user2 <em>password<\/em><\/code><\/p>\n<p>(as expected, access was denied as the account was disabled).<\/p>\n<p><code>net use e: \/del<br \/>\nnet use e: \\\\dc3\\userdata \/user:emea\\user3 <em>password<\/em><\/code><\/p>\n<p>(as expected, a connection was made, but access was denied when an attempt was made to browse the share due to denying permissions to user3 on resources in the <em>companyname<\/em>.be domain).<\/p>\n<p><code>net use e: \/del<\/code><\/p>\n<p>All of this indicated a successful migration from <em>companyname<\/em>.be to emea.<em>companyname<\/em>.com and so I decided to look a bit closer at the sIDHistory attribute which allows all of this to work.<\/p>\n<p>One of my colleagues had alerted me to an article on <a href=\"http:\/\/www.windowsecurity.com\/articles\/security-concerns-migrations-upgrades-windows-active-directory.html\">security concerns for migrations and upgrades to Windows Active Directory<\/a>, which confirmed that a single user account might have numerous sIDHistory entries, depending on how many domains contained the user name before the migration and consolidation.<\/p>\n<p>After installing the ADSI Edit support tool from the Windows 2000 media I could see that the sIDHistory attribute had two values on the emea.<em>companyname<\/em>.com version of the object (shown in  the accompanying screenshot), a single value on the transfer.local version of the object and was not present on the original <em>companyname<\/em>.be version.<\/p>\n<p><img data-recalc-dims=\"1\" decoding=\"async\" class=\"inline\" alt=\"sIDHistory in ADSI Edit\" src=\"https:\/\/i0.wp.com\/www.markwilson.co.uk\/blog\/images\/sidhistory1.gif?w=700&#038;ssl=1\"\/><\/p>\n<p>Rather unhelpfully, the ADSI Edit representation of the sIDHistory is not in the usual form, but if the <code>ldp.exe<\/code> support tool is used, then by connecting to the server, binding as an administrator, and viewing the directory tree, the sIDHistory can be seen in its normal form along with the objectSID. As expected the objectSID for user1@<em>companyname<\/em>.be (S-15-78B99911-320A1743-74B49FF8-451) appeared as the sIDHistory attribute for user1@transfer.local and user1@emea.<em>companyname<\/em>.com had two values for sIDHistory &#8211; the original objectSID from user1@<em>companyname<\/em>.be (carried over in the sIDHistory from user1@transfer.local) and the objectSID from user1@transfer.local (S-15-11DA0ABB-64495118-320A1743-454).<\/p>\n<p><img data-recalc-dims=\"1\" decoding=\"async\" class=\"inline\" alt=\"sIDHistory in the LDAP editor\" src=\"https:\/\/i0.wp.com\/www.markwilson.co.uk\/blog\/images\/sidhistory2.gif?w=700&#038;ssl=1\"\/><\/p>\n<p>Incidentally, had this method not worked, my colleagues and I had identified two further potential methods of migrating the users and groups which I did not try:<\/p>\n<ol>\n<li>Install a second domain controller in <em>companyname<\/em>.be, let it replicate, take the original offline and seize the FSMO roles, then upgrade to Windows Server 2003 and rename the domain, allowing a one-step migration to to emea.<em>companyname<\/em>.com to be used. After this, the Windows Server 2003 domain controller could be taken offline and the original <em>companyname<\/em>.be Windows 2000 server brought back online (seen as a very complicated solution).<\/li>\n<li>Use the <a href=\"http:\/\/www.microsoft.com\/technet\/prodtechnol\/windowsserver2003\/library\/techref\/f3180dd9-6c0b-4e36-bf64-cd4bda88f8e1.mspx\">clone principal<\/a> utility to clone the original accounts in the new domain (workable, but requiring some scripting skills and potentially a lot of time).<\/li>\n<\/ol>\n<p>After many hours of waiting for virtual machines to catch up with my mouse\/keyboard, I don&#8217;t think I&#8217;ll be trying them just yet&#8230;<\/p>\n","protected":false},"excerpt":{"rendered":"<p>One of my clients is undertaking a domain consolidation process, moving to a new Active Directory (AD) forest called companyname.com with two child domains &#8211; emea.companyname.com and americas.companyname.com. All of the user accounts from the various NT 4.0 and Windows 2000 domains around the organisation are being migrated into this structure using the Active Directory &hellip; <a href=\"https:\/\/www.markwilson.co.uk\/blog\/2005\/05\/how-to-migrate-users-between-active.htm\" class=\"more-link\">Continue reading <span class=\"screen-reader-text\">How to migrate users between Active Directory forests using ADMT when the source and target domain names are similar<\/span><\/a><\/p>\n","protected":false},"author":2,"featured_media":0,"comment_status":"open","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"_exactmetrics_skip_tracking":false,"_exactmetrics_sitenote_active":false,"_exactmetrics_sitenote_note":"","_exactmetrics_sitenote_category":0,"_jetpack_memberships_contains_paid_content":false,"footnotes":""},"categories":[],"tags":[102],"class_list":["post-124","post","type-post","status-publish","format-standard","hentry","tag-active-directory"],"yoast_head":"<!-- This site is optimized with the Yoast SEO plugin v27.5 - https:\/\/yoast.com\/product\/yoast-seo-wordpress\/ -->\n<title>How to migrate users between Active Directory forests using ADMT when the source and target domain names are similar - markwilson.it<\/title>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/www.markwilson.co.uk\/blog\/2005\/05\/how-to-migrate-users-between-active.htm\" \/>\n<meta property=\"og:locale\" content=\"en_GB\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"How to migrate users between Active Directory forests using ADMT when the source and target domain names are similar - markwilson.it\" \/>\n<meta property=\"og:description\" content=\"One of my clients is undertaking a domain consolidation process, moving to a new Active Directory (AD) forest called companyname.com with two child domains &#8211; emea.companyname.com and americas.companyname.com. All of the user accounts from the various NT 4.0 and Windows 2000 domains around the organisation are being migrated into this structure using the Active Directory &hellip; Continue reading How to migrate users between Active Directory forests using ADMT when the source and target domain names are similar\" \/>\n<meta property=\"og:url\" content=\"https:\/\/www.markwilson.co.uk\/blog\/2005\/05\/how-to-migrate-users-between-active.htm\" \/>\n<meta property=\"og:site_name\" content=\"markwilson.it\" \/>\n<meta property=\"article:published_time\" content=\"2005-05-31T18:20:00+00:00\" \/>\n<meta property=\"article:modified_time\" content=\"2008-04-08T20:51:57+00:00\" \/>\n<meta property=\"og:image\" content=\"https:\/\/www.markwilson.co.uk\/blog\/images\/sidhistory1.gif\" \/>\n<meta name=\"author\" content=\"Mark Wilson\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:creator\" content=\"@markwilsonit\" \/>\n<meta name=\"twitter:site\" content=\"@markwilsonit\" \/>\n<meta name=\"twitter:label1\" content=\"Written by\" \/>\n\t<meta name=\"twitter:data1\" content=\"Mark Wilson\" \/>\n\t<meta name=\"twitter:label2\" content=\"Estimated reading time\" \/>\n\t<meta name=\"twitter:data2\" content=\"6 minutes\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\\\/\\\/schema.org\",\"@graph\":[{\"@type\":\"Article\",\"@id\":\"https:\\\/\\\/www.markwilson.co.uk\\\/blog\\\/2005\\\/05\\\/how-to-migrate-users-between-active.htm#article\",\"isPartOf\":{\"@id\":\"https:\\\/\\\/www.markwilson.co.uk\\\/blog\\\/2005\\\/05\\\/how-to-migrate-users-between-active.htm\"},\"author\":{\"name\":\"Mark Wilson\",\"@id\":\"https:\\\/\\\/www.markwilson.co.uk\\\/blog\\\/#\\\/schema\\\/person\\\/98f61365e7c39d6be942174b8c4de468\"},\"headline\":\"How to migrate users between Active Directory forests using ADMT when the source and target domain names are similar\",\"datePublished\":\"2005-05-31T18:20:00+00:00\",\"dateModified\":\"2008-04-08T20:51:57+00:00\",\"mainEntityOfPage\":{\"@id\":\"https:\\\/\\\/www.markwilson.co.uk\\\/blog\\\/2005\\\/05\\\/how-to-migrate-users-between-active.htm\"},\"wordCount\":1263,\"commentCount\":6,\"publisher\":{\"@id\":\"https:\\\/\\\/www.markwilson.co.uk\\\/blog\\\/#\\\/schema\\\/person\\\/98f61365e7c39d6be942174b8c4de468\"},\"image\":{\"@id\":\"https:\\\/\\\/www.markwilson.co.uk\\\/blog\\\/2005\\\/05\\\/how-to-migrate-users-between-active.htm#primaryimage\"},\"thumbnailUrl\":\"https:\\\/\\\/www.markwilson.co.uk\\\/blog\\\/images\\\/sidhistory1.gif\",\"keywords\":[\"Microsoft Active Directory\"],\"inLanguage\":\"en-GB\",\"potentialAction\":[{\"@type\":\"CommentAction\",\"name\":\"Comment\",\"target\":[\"https:\\\/\\\/www.markwilson.co.uk\\\/blog\\\/2005\\\/05\\\/how-to-migrate-users-between-active.htm#respond\"]}]},{\"@type\":\"WebPage\",\"@id\":\"https:\\\/\\\/www.markwilson.co.uk\\\/blog\\\/2005\\\/05\\\/how-to-migrate-users-between-active.htm\",\"url\":\"https:\\\/\\\/www.markwilson.co.uk\\\/blog\\\/2005\\\/05\\\/how-to-migrate-users-between-active.htm\",\"name\":\"How to migrate users between Active Directory forests using ADMT when the source and target domain names are similar - markwilson.it\",\"isPartOf\":{\"@id\":\"https:\\\/\\\/www.markwilson.co.uk\\\/blog\\\/#website\"},\"primaryImageOfPage\":{\"@id\":\"https:\\\/\\\/www.markwilson.co.uk\\\/blog\\\/2005\\\/05\\\/how-to-migrate-users-between-active.htm#primaryimage\"},\"image\":{\"@id\":\"https:\\\/\\\/www.markwilson.co.uk\\\/blog\\\/2005\\\/05\\\/how-to-migrate-users-between-active.htm#primaryimage\"},\"thumbnailUrl\":\"https:\\\/\\\/www.markwilson.co.uk\\\/blog\\\/images\\\/sidhistory1.gif\",\"datePublished\":\"2005-05-31T18:20:00+00:00\",\"dateModified\":\"2008-04-08T20:51:57+00:00\",\"breadcrumb\":{\"@id\":\"https:\\\/\\\/www.markwilson.co.uk\\\/blog\\\/2005\\\/05\\\/how-to-migrate-users-between-active.htm#breadcrumb\"},\"inLanguage\":\"en-GB\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\\\/\\\/www.markwilson.co.uk\\\/blog\\\/2005\\\/05\\\/how-to-migrate-users-between-active.htm\"]}]},{\"@type\":\"ImageObject\",\"inLanguage\":\"en-GB\",\"@id\":\"https:\\\/\\\/www.markwilson.co.uk\\\/blog\\\/2005\\\/05\\\/how-to-migrate-users-between-active.htm#primaryimage\",\"url\":\"https:\\\/\\\/www.markwilson.co.uk\\\/blog\\\/images\\\/sidhistory1.gif\",\"contentUrl\":\"https:\\\/\\\/www.markwilson.co.uk\\\/blog\\\/images\\\/sidhistory1.gif\"},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\\\/\\\/www.markwilson.co.uk\\\/blog\\\/2005\\\/05\\\/how-to-migrate-users-between-active.htm#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Home\",\"item\":\"https:\\\/\\\/www.markwilson.co.uk\\\/blog\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"How to migrate users between Active Directory forests using ADMT when the source and target domain names are similar\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\\\/\\\/www.markwilson.co.uk\\\/blog\\\/#website\",\"url\":\"https:\\\/\\\/www.markwilson.co.uk\\\/blog\\\/\",\"name\":\"markwilson.it\",\"description\":\"get-info -class technology | write-output &gt; \\\/dev\\\/web\",\"publisher\":{\"@id\":\"https:\\\/\\\/www.markwilson.co.uk\\\/blog\\\/#\\\/schema\\\/person\\\/98f61365e7c39d6be942174b8c4de468\"},\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\\\/\\\/www.markwilson.co.uk\\\/blog\\\/?s={search_term_string}\"},\"query-input\":{\"@type\":\"PropertyValueSpecification\",\"valueRequired\":true,\"valueName\":\"search_term_string\"}}],\"inLanguage\":\"en-GB\"},{\"@type\":[\"Person\",\"Organization\"],\"@id\":\"https:\\\/\\\/www.markwilson.co.uk\\\/blog\\\/#\\\/schema\\\/person\\\/98f61365e7c39d6be942174b8c4de468\",\"name\":\"Mark Wilson\",\"image\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-GB\",\"@id\":\"https:\\\/\\\/i0.wp.com\\\/www.markwilson.co.uk\\\/blog\\\/uploads\\\/image-4.png?fit=800%2C800&ssl=1\",\"url\":\"https:\\\/\\\/i0.wp.com\\\/www.markwilson.co.uk\\\/blog\\\/uploads\\\/image-4.png?fit=800%2C800&ssl=1\",\"contentUrl\":\"https:\\\/\\\/i0.wp.com\\\/www.markwilson.co.uk\\\/blog\\\/uploads\\\/image-4.png?fit=800%2C800&ssl=1\",\"width\":800,\"height\":800,\"caption\":\"Mark Wilson\"},\"logo\":{\"@id\":\"https:\\\/\\\/i0.wp.com\\\/www.markwilson.co.uk\\\/blog\\\/uploads\\\/image-4.png?fit=800%2C800&ssl=1\"},\"description\":\"A Chartered IT Professional, with recent experience in technology leadership, IT strategy and practice management roles, Mark Wilson is an Enterprise Architect in the Advisory and Management Group at risual. During a career spanning more than two decades, Mark has gained widespread recognition as an expert in his field including both industry and national press exposure. In addition to certifications from Microsoft, VMware, Red Hat, The Open Group and Axelos, Mark held a Microsoft Most Valuable Professional (MVP) award for three years and is now part of the MVP Reconnect programme. Mark is also well-known on social media and maintains an award-winning blog.\",\"sameAs\":[\"http:\\\/\\\/www.markwilson.co.uk\\\/\",\"https:\\\/\\\/www.instagram.com\\\/markwilsonuk\\\/\",\"https:\\\/\\\/www.linkedin.com\\\/in\\\/markawilson\\\/\",\"https:\\\/\\\/x.com\\\/markwilsonit\",\"https:\\\/\\\/www.youtube.com\\\/channel\\\/UCWHlZCoHRTocdvtrOJ2IL4A\"],\"url\":\"https:\\\/\\\/www.markwilson.co.uk\\\/blog\\\/author\\\/mark-wilson\"}]}<\/script>\n<!-- \/ Yoast SEO plugin. -->","yoast_head_json":{"title":"How to migrate users between Active Directory forests using ADMT when the source and target domain names are similar - markwilson.it","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/www.markwilson.co.uk\/blog\/2005\/05\/how-to-migrate-users-between-active.htm","og_locale":"en_GB","og_type":"article","og_title":"How to migrate users between Active Directory forests using ADMT when the source and target domain names are similar - markwilson.it","og_description":"One of my clients is undertaking a domain consolidation process, moving to a new Active Directory (AD) forest called companyname.com with two child domains &#8211; emea.companyname.com and americas.companyname.com. All of the user accounts from the various NT 4.0 and Windows 2000 domains around the organisation are being migrated into this structure using the Active Directory &hellip; Continue reading How to migrate users between Active Directory forests using ADMT when the source and target domain names are similar","og_url":"https:\/\/www.markwilson.co.uk\/blog\/2005\/05\/how-to-migrate-users-between-active.htm","og_site_name":"markwilson.it","article_published_time":"2005-05-31T18:20:00+00:00","article_modified_time":"2008-04-08T20:51:57+00:00","og_image":[{"url":"https:\/\/www.markwilson.co.uk\/blog\/images\/sidhistory1.gif","type":"","width":"","height":""}],"author":"Mark Wilson","twitter_card":"summary_large_image","twitter_creator":"@markwilsonit","twitter_site":"@markwilsonit","twitter_misc":{"Written by":"Mark Wilson","Estimated reading time":"6 minutes"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"Article","@id":"https:\/\/www.markwilson.co.uk\/blog\/2005\/05\/how-to-migrate-users-between-active.htm#article","isPartOf":{"@id":"https:\/\/www.markwilson.co.uk\/blog\/2005\/05\/how-to-migrate-users-between-active.htm"},"author":{"name":"Mark Wilson","@id":"https:\/\/www.markwilson.co.uk\/blog\/#\/schema\/person\/98f61365e7c39d6be942174b8c4de468"},"headline":"How to migrate users between Active Directory forests using ADMT when the source and target domain names are similar","datePublished":"2005-05-31T18:20:00+00:00","dateModified":"2008-04-08T20:51:57+00:00","mainEntityOfPage":{"@id":"https:\/\/www.markwilson.co.uk\/blog\/2005\/05\/how-to-migrate-users-between-active.htm"},"wordCount":1263,"commentCount":6,"publisher":{"@id":"https:\/\/www.markwilson.co.uk\/blog\/#\/schema\/person\/98f61365e7c39d6be942174b8c4de468"},"image":{"@id":"https:\/\/www.markwilson.co.uk\/blog\/2005\/05\/how-to-migrate-users-between-active.htm#primaryimage"},"thumbnailUrl":"https:\/\/www.markwilson.co.uk\/blog\/images\/sidhistory1.gif","keywords":["Microsoft Active Directory"],"inLanguage":"en-GB","potentialAction":[{"@type":"CommentAction","name":"Comment","target":["https:\/\/www.markwilson.co.uk\/blog\/2005\/05\/how-to-migrate-users-between-active.htm#respond"]}]},{"@type":"WebPage","@id":"https:\/\/www.markwilson.co.uk\/blog\/2005\/05\/how-to-migrate-users-between-active.htm","url":"https:\/\/www.markwilson.co.uk\/blog\/2005\/05\/how-to-migrate-users-between-active.htm","name":"How to migrate users between Active Directory forests using ADMT when the source and target domain names are similar - markwilson.it","isPartOf":{"@id":"https:\/\/www.markwilson.co.uk\/blog\/#website"},"primaryImageOfPage":{"@id":"https:\/\/www.markwilson.co.uk\/blog\/2005\/05\/how-to-migrate-users-between-active.htm#primaryimage"},"image":{"@id":"https:\/\/www.markwilson.co.uk\/blog\/2005\/05\/how-to-migrate-users-between-active.htm#primaryimage"},"thumbnailUrl":"https:\/\/www.markwilson.co.uk\/blog\/images\/sidhistory1.gif","datePublished":"2005-05-31T18:20:00+00:00","dateModified":"2008-04-08T20:51:57+00:00","breadcrumb":{"@id":"https:\/\/www.markwilson.co.uk\/blog\/2005\/05\/how-to-migrate-users-between-active.htm#breadcrumb"},"inLanguage":"en-GB","potentialAction":[{"@type":"ReadAction","target":["https:\/\/www.markwilson.co.uk\/blog\/2005\/05\/how-to-migrate-users-between-active.htm"]}]},{"@type":"ImageObject","inLanguage":"en-GB","@id":"https:\/\/www.markwilson.co.uk\/blog\/2005\/05\/how-to-migrate-users-between-active.htm#primaryimage","url":"https:\/\/www.markwilson.co.uk\/blog\/images\/sidhistory1.gif","contentUrl":"https:\/\/www.markwilson.co.uk\/blog\/images\/sidhistory1.gif"},{"@type":"BreadcrumbList","@id":"https:\/\/www.markwilson.co.uk\/blog\/2005\/05\/how-to-migrate-users-between-active.htm#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https:\/\/www.markwilson.co.uk\/blog"},{"@type":"ListItem","position":2,"name":"How to migrate users between Active Directory forests using ADMT when the source and target domain names are similar"}]},{"@type":"WebSite","@id":"https:\/\/www.markwilson.co.uk\/blog\/#website","url":"https:\/\/www.markwilson.co.uk\/blog\/","name":"markwilson.it","description":"get-info -class technology | write-output &gt; \/dev\/web","publisher":{"@id":"https:\/\/www.markwilson.co.uk\/blog\/#\/schema\/person\/98f61365e7c39d6be942174b8c4de468"},"potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/www.markwilson.co.uk\/blog\/?s={search_term_string}"},"query-input":{"@type":"PropertyValueSpecification","valueRequired":true,"valueName":"search_term_string"}}],"inLanguage":"en-GB"},{"@type":["Person","Organization"],"@id":"https:\/\/www.markwilson.co.uk\/blog\/#\/schema\/person\/98f61365e7c39d6be942174b8c4de468","name":"Mark Wilson","image":{"@type":"ImageObject","inLanguage":"en-GB","@id":"https:\/\/i0.wp.com\/www.markwilson.co.uk\/blog\/uploads\/image-4.png?fit=800%2C800&ssl=1","url":"https:\/\/i0.wp.com\/www.markwilson.co.uk\/blog\/uploads\/image-4.png?fit=800%2C800&ssl=1","contentUrl":"https:\/\/i0.wp.com\/www.markwilson.co.uk\/blog\/uploads\/image-4.png?fit=800%2C800&ssl=1","width":800,"height":800,"caption":"Mark Wilson"},"logo":{"@id":"https:\/\/i0.wp.com\/www.markwilson.co.uk\/blog\/uploads\/image-4.png?fit=800%2C800&ssl=1"},"description":"A Chartered IT Professional, with recent experience in technology leadership, IT strategy and practice management roles, Mark Wilson is an Enterprise Architect in the Advisory and Management Group at risual. During a career spanning more than two decades, Mark has gained widespread recognition as an expert in his field including both industry and national press exposure. In addition to certifications from Microsoft, VMware, Red Hat, The Open Group and Axelos, Mark held a Microsoft Most Valuable Professional (MVP) award for three years and is now part of the MVP Reconnect programme. Mark is also well-known on social media and maintains an award-winning blog.","sameAs":["http:\/\/www.markwilson.co.uk\/","https:\/\/www.instagram.com\/markwilsonuk\/","https:\/\/www.linkedin.com\/in\/markawilson\/","https:\/\/x.com\/markwilsonit","https:\/\/www.youtube.com\/channel\/UCWHlZCoHRTocdvtrOJ2IL4A"],"url":"https:\/\/www.markwilson.co.uk\/blog\/author\/mark-wilson"}]}},"jetpack_featured_media_url":"","jetpack-related-posts":[{"id":966,"url":"https:\/\/www.markwilson.co.uk\/blog\/2007\/12\/migrating-passwords-with-the-active-directory-migration-tool.htm","url_meta":{"origin":124,"position":0},"title":"Migrating passwords with the Active Directory Migration Tool","author":"Mark Wilson","date":"Friday 21 December 2007","format":false,"excerpt":"I've spent most of this month working with a customer who is consolidating various Active Directory forests into a single domain. We didn't use any third party tools - just the standard Microsoft utilities, i.e. Active Directory Migration Tool (ADMT) v3 and Exchange Migration Wizard (one of the Exchange Server\u2026","rel":"","context":"In \"Microsoft Active Directory\"","block_context":{"text":"Microsoft Active Directory","link":"https:\/\/www.markwilson.co.uk\/blog\/tag\/active-directory"},"img":{"alt_text":"","src":"","width":0,"height":0},"classes":[]},{"id":566,"url":"https:\/\/www.markwilson.co.uk\/blog\/2004\/04\/migrating-from-exchange-server-55-to.htm","url_meta":{"origin":124,"position":1},"title":"Migrating from Exchange Server 5.5 to Exchange Server 2003","author":"Mark Wilson","date":"Wednesday 7 April 2004","format":false,"excerpt":"With Microsoft Exchange Server 2003, Microsoft have made Exchange installation simpler - the Exchange Server deployment tools and documentation (ExDeploy) lead an administrator through the entire Exchange Server installation or upgrade process and it is recommended that Exchange Server 2003 Setup is run using ExDeploy. Specific tools and utilities can\u2026","rel":"","context":"In \"Microsoft Exchange\"","block_context":{"text":"Microsoft Exchange","link":"https:\/\/www.markwilson.co.uk\/blog\/tag\/exchange"},"img":{"alt_text":"","src":"","width":0,"height":0},"classes":[]},{"id":127,"url":"https:\/\/www.markwilson.co.uk\/blog\/2005\/07\/some-more-about-sidhistory.htm","url_meta":{"origin":124,"position":2},"title":"Some more about sIDHistory","author":"Mark Wilson","date":"Wednesday 6 July 2005","format":false,"excerpt":"A few weeks back I was looking at migrating users between forests using ADMT when the source and target domain names are similar. It worked in my virtual environment but when we went to put it into practice there were some issues caused by different people's perception of what the\u2026","rel":"","context":"In \"Microsoft Active Directory\"","block_context":{"text":"Microsoft Active Directory","link":"https:\/\/www.markwilson.co.uk\/blog\/tag\/active-directory"},"img":{"alt_text":"","src":"","width":0,"height":0},"classes":[]},{"id":1262,"url":"https:\/\/www.markwilson.co.uk\/blog\/2008\/11\/useful-links-november-2008.htm","url_meta":{"origin":124,"position":3},"title":"Useful Links: November 2008","author":"Mark Wilson","date":"Sunday 30 November 2008","format":false,"excerpt":"A list of items I've come across recently that I found potentially useful, interesting, or just plain funny: Microsoft Offline Virtual Machine Servicing Tool v2.0 - Updated with support for Hyper-V, System Center Virtual Machine Manager 2008 and Windows Server 2008 (as well as System Center Configuration Manager 2007 SP1\u2026","rel":"","context":"In \"Useful Websites\"","block_context":{"text":"Useful Websites","link":"https:\/\/www.markwilson.co.uk\/blog\/tag\/useful-websites"},"img":{"alt_text":"","src":"","width":0,"height":0},"classes":[]},{"id":1545,"url":"https:\/\/www.markwilson.co.uk\/blog\/2009\/12\/migrating-infrastructure-services-to-a-windows-server-2008-r2-computer.htm","url_meta":{"origin":124,"position":4},"title":"Migrating infrastructure services to a Windows Server 2008 R2 computer","author":"Mark Wilson","date":"Friday 11 December 2009","format":false,"excerpt":"Having built a low-power\u00c2\u00a0server to run my home infrastructure, I need to get moving on decommissioning the old virtual machines so I can turn off the Dell PowerEdge 840 that runs them. The first step was to migrate the Active Directory Domain Services from my existing Windows Server 2003 R2\u2026","rel":"","context":"In \"Microsoft Windows Server 2003 R2\"","block_context":{"text":"Microsoft Windows Server 2003 R2","link":"https:\/\/www.markwilson.co.uk\/blog\/tag\/windows-server-2003-r2"},"img":{"alt_text":"","src":"","width":0,"height":0},"classes":[]},{"id":1216,"url":"https:\/\/www.markwilson.co.uk\/blog\/2008\/09\/active-directory-design-considerations-part-6-domain-controller-placement.htm","url_meta":{"origin":124,"position":5},"title":"Active Directory design considerations: part 6 (domain controller placement and site design)","author":"Mark Wilson","date":"Tuesday 23 September 2008","format":false,"excerpt":"Continuing the series of posts about design considerations for Microsoft Active Directory (AD), based around the MCS Talks: Enterprise Architecture series of webcasts, this post discusses the design considerations for placement of Active Directory domain controllers and the associated site links. Domain controller (DC) placement can have a huge impact\u2026","rel":"","context":"In \"Microsoft Active Directory\"","block_context":{"text":"Microsoft Active Directory","link":"https:\/\/www.markwilson.co.uk\/blog\/tag\/active-directory"},"img":{"alt_text":"","src":"","width":0,"height":0},"classes":[]}],"jetpack_sharing_enabled":true,"_links":{"self":[{"href":"https:\/\/www.markwilson.co.uk\/blog\/wp-json\/wp\/v2\/posts\/124","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.markwilson.co.uk\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.markwilson.co.uk\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.markwilson.co.uk\/blog\/wp-json\/wp\/v2\/users\/2"}],"replies":[{"embeddable":true,"href":"https:\/\/www.markwilson.co.uk\/blog\/wp-json\/wp\/v2\/comments?post=124"}],"version-history":[{"count":0,"href":"https:\/\/www.markwilson.co.uk\/blog\/wp-json\/wp\/v2\/posts\/124\/revisions"}],"wp:attachment":[{"href":"https:\/\/www.markwilson.co.uk\/blog\/wp-json\/wp\/v2\/media?parent=124"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.markwilson.co.uk\/blog\/wp-json\/wp\/v2\/categories?post=124"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.markwilson.co.uk\/blog\/wp-json\/wp\/v2\/tags?post=124"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}