It has been a while since my last post (that was a good post wasn’t it). I didn’t get any holidays this year. I’m currently busy with 2 different projects and I have really little time to blog lately.
Today, I want to talk about ADMT v3.2. In my previous post, I notified you about the release of this version. I wanted to test this version and see what was different compared to the previous ones. So, I’m doing that right now !
ADMT 3.2 ? What’s that ?
Active Directory Migration Tool (ADMT) is a free Microsoft Tool that helps organization in migrating users, service accounts, groups, computers between Active Directory. You can perform inter-forest migration (between AD Forests) or you can perform intra-forest migration (between domains in the same forest. Moreover, ADMT allows you to perform re-acling (security translation) ensuring that migrated users have transparent access to the resources during the migration.
ADMT 3.2 seems to bring small changes that you should be aware of. Let list these requirements:
- ADMT 3.2. can be installed only on Windows 2008 R2
- ADMT 3.2 should be installed on a member server. If you install it on a Domain controller, you need to follow these steps . You cannot install the tool on Read Only domain controller or on a Server Core.
- The target domain functional level must be windows 2003 or later
- The source domain functional level must be windows 2003 or later
- The ADMT Agent can be installed on computers running windows XP or later and windows 2003 or later.
- The computer hosting ADMT require 128-bit high encryption. By Default, Windows 2008 R2 meets this requirement.
- ADMT 3.2 requires SQL databases and the setup routine do not perform the installation automatically (like in the previous versions!). You need to install SQL database before you run your ADMT Setup.
- If you use SQL Express edition, ADMT and SQL must be installed on the same computer and you need to have at minimum the following versions : SQL Express 2005 SP3 and later or SQL Express 2008 SP1. If you use Full version of SQL, ADMT and SQL does not needs to be located on the same computer. You can use SQL Server 2005 or SQL 2008.
- If you need to migrate SID History during your migration, you need to manually enable audit policies in source and target domain (automatically done in previous versions!)
Finally, if you want to migrate password during your migration, you need to download an additional pack called Password Export Server (PES). This software is available in 32-bit or 64 bit version. PES must be installed on a domain controller in the source domain. PES can be installed only on Windows 2003 or later.
Intra-Forest versus Inter-Forest
The following drawings provides a high level overview of intra-forest migrations versus inter-forest migration.
In the inter-forest migration scenario, you can build up your new infrastructure next to the existing one and start “migrating” objects between these environments. In this scenario, you are basically cloning objects and you have an easy rollback scenario.
In the Intra-forest scenario, you consolidate your domain structure. It’s important to understand that when migrating between domains, the migrated objects do not exist anymore in the source domain. The rollback scenario will consist then in moving back to account into the source domain. The object will be different but because you are using SIDHistory users will get access to the same functionalities as before the migration.
Installing ADMT 3.2
It’s time to perform a basic installation of the tool. We assume that you have already installed SQL database on your network (local or remote). Let’s start
First download the following software from Microsoft web site
Double click on the ADMTSetup.exe and the Wizard will start. In the Welcome page, simply ckick next
In the License Agreement, Press Next
In the Customer experience page, make your choice and press Next
In the Database selection, Type the appropriate information about your database. In this example, we are using a local SQL Express database. Note the naming convention : “.\SQLExpress” . Press Next
Note : If a database was present previously, you might get this screen (Database Import) as well. perform your choice and press next
After pressing next, you will see the configuring component page showing you progress.
At the end of the installation, and if installation is sucessful, you should see something like this. Press Finish
If you get a white screen (see below) after the installation, this means that installation failed and you are probably installind ADMT on a Domain controller
To fix it, follow the instructions here
If you go to your Administrative Tools, you should see a new MMC Console called Active Directory Migration Tool. If you click on it (or if you type migrator.msc from search box) you will see your newly migration tool console installed. If you right-click at the root level, you can see all the options that are available to you
This is the end of this post. As you can see, installation is quite straightforward (if you follow the system requirements). Performing a sucessful migration is more difficult. As soon as I have some times, I’ll try to post information on how to prepare,configure and migrate using ADMT 3.2 Tool.