ADMT: Migration Order

I’ll have a more complete list later, but here is the order the network admins at work have figured out works best when using the Active Directory Migration tool to migrate from NT 4 to Server 2003 (be sure to check the rest of the blog for other scripts which are necessary when using ADMT):

1. User with SID (/Groups with SIDs)
2. Machine
3. Security Translation Wizard

We are currently bringing over groups, along with their SIDs, during the User migration. This allows us to filter out old groups that once had a purpose but no longer have members. Since ADMT does not migrate or translate the SID for built-in groups, we used sidhist.vbs, a file available in the Windows Server 2003 Support Tools.

cscript sidhist.vbs “/srcsam:Domain Users” “/dstsam:Domain Users” /srcdom:ourOldDomain /dstdom:ourNewDomain /srcdc:anOldDC /dstdc:aNewDC

When we ran it in the order Machine -> User -> Security Translation Wizard, the users’ profiles (Desktops, Outlook, etc) were not migrated. We thought we’d have to resort to using Windows User State Migration Tool (USMT) but thankfully, this was no longer necessary once the correct migration order was discovered. Thanks to Jerf & Neddles for sharing this info!

Chrissy is a Cloud and Datacenter Management & Data Platform MVP who has worked in IT for over 20 years. She is the creator of the popular SQL PowerShell module dbatools, and holds a number of certifications, including those relating to SQL Server, Linux, SharePoint and network security. You can follow her on Twitter at @cl.

Posted in Active Directory

Leave a Reply

Your email address will not be published. Required fields are marked *

*