Article ID: 326480 - View products that this article applies to.
This article was previously published under Q326480
This article describes how to set up the Active Directory Migration Tool (ADMT) to migrate from a Microsoft Windows 2000-based domain to a Microsoft Windows Server 2003-based domain.
You can use ADMT to migrate users, groups, and computers from one domain to another, and analyze the migration affect before and after the actual migration process.
Note This article assumes that the source domain is a Windows 2000-based domain, and that the target domain is a Windows Server 2003-based domain in Windows 2000 Native mode or later.
How to set up ADMT for a Windows 2000 to Windows Server 2003 migrationYou can install the Active Directory Migration Tool version 2 on any computer that is running Windows 2000 or later, including:
Intraforest migrationIntraforest migration does not require any special domain configuration. The account you use to run ADMT must have enough permissions to perform the actions that are requested by ADMT. For example, the account must have the right to delete accounts in the source domain, and to create accounts in the target domain.
Intraforest migration is a move operation instead of a copy operation. These migrations are said to be destructive because after the move, the migrated objects no longer exist in the source domain. Because the object is moved instead of copied, some actions that are optional in interforest migrations occur automatically. Specifically, the sIDHistory and password are automatically migrated during all intraforest migrations.
Interforest migrationADMT requires the following permissions to run properly:
The account you use to run ADMT must have enough permissions to complete the required tasks. The account must have permission to create computer accounts in the target domain and organizational unit, and must be a member of the local Administrators group on each computer to be migrated.
User and group migrationYou must configure the source domain to trust the target domain. Optionally, the target may be configured to trust the source domain. While this may ease configuration, it is not required to finish the ADMT migration.
Requirements for optional migration tasksYou can complete the following tasks automatically by running the User Migration Wizard in Test mode and selecting the migrate sIDHistory option. The user account you use to run ADMT must be an Administrator in both the source and the target domains for the automatic configuration to succeed.
Important This section, method, or task contains steps that tell you how to modify the registry. However, serious problems might occur if you modify the registry incorrectly. Therefore, make sure that you follow these steps carefully. For added protection, back up the registry before you modify it. Then, you can restore the registry if a problem occurs. For more information about how to back up and restore the registry, click the following article number to view the article in the Microsoft Knowledge Base:
(https://support.microsoft.com/kb/322756/ )How to back up and restore the registry in Windows
You can turn on interforest password migration by installing a DLL that runs in the context of LSA. By running in this protected context, passwords are shielded from being viewed in cleartext, even by the operating system. The installation of the DLL is protected by a secret key that is created by ADMT, and must be installed by an administrator.
To install the password migration DLL:
http://www.microsoft.com/downloads/details.aspx?familyid=788975B1-5849-4707-9817-8C9773C25C6C&displaylang=enFor more information about how to use ADMT to perform a migration, see ADMT Help. Start the Active Directory Migration Tool, click Help Topics on the Help menu, click the Contents tab, and then click Active Directory Migration Tool.
For more information about ADMT, visit the following Microsoft Web site:
http://www.microsoft.com/downloads/details.aspx?familyid=788975B1-5849-4707-9817-8C9773C25C6C&displaylang=enThe Active Directory Migration Tool version 2 is included in the I386\Admt folder on the Windows Server 2003 CD.
Article ID: 326480 - Last Review: March 27, 2007 - Revision: 8.7