ADMT: Migration Order

I’ll have a more complete list later, but here is the order the network admins at work have figured out works best when using the Active Directory Migration tool to migrate from NT 4 to Server 2003 (be sure to check the rest of the blog for other scripts which are necessary when using ADMT):

1. User with SID (/Groups with SIDs)
2. Machine
3. Security Translation Wizard

We are currently bringing over groups, along with their SIDs, during the User migration. This allows us to filter out old groups that once had a purpose but no longer have members. Since ADMT does not migrate or translate the SID for built-in groups, we used sidhist.vbs, a file available in the Windows Server 2003 Support Tools.

cscript sidhist.vbs “/srcsam:Domain Users” “/dstsam:Domain Users” /srcdom:ourOldDomain /dstdom:ourNewDomain /srcdc:anOldDC /dstdc:aNewDC

When we ran it in the order Machine -> User -> Security Translation Wizard, the users’ profiles (Desktops, Outlook, etc) were not migrated. We thought we’d have to resort to using Windows User State Migration Tool (USMT) but thankfully, this was no longer necessary once the correct migration order was discovered. Thanks to Jerf & Neddles for sharing this info!

Chrissy is a PowerShell MVP who has worked in IT for nearly 20 years, and currently serves as a Sr. Database Engineer in Belgium. Always an avid scripter, she attended the Monad session at Microsoft’s Professional Developers Conference in Los Angeles back in 2005 and has worked and played with PowerShell ever since. Chrissy is currently pursuing an MS in Systems Engineering at Regis University and helps maintain in her spare time. She holds a number of certifications, including those relating to SQL Server, SuSE Linux, SharePoint and network security. She recently became co-lead of the SQL PASS PowerShell Virtual Chapter. You can follow her on Twitter at @cl.

Posted in Active Directory

Leave a Reply

Your email address will not be published. Required fields are marked *