Active Directory Migration Tool versions and supported environments

Updated: September 29, 2013

Applies To: Windows Server 2000, Windows Server 2003, Windows Server 2003 R2, Windows Server 2008, Windows Server 2008 R2, Windows Server 2012, Windows Server 2012 R2

ADMT v3.2 can be downloaded from Microsoft Connect (https://go.microsoft.com/fwlink/?LinkId=401534). If necessary, join the Azure Active Directory Customer Connection program to obtain access to the download package.

ADMT v3.2 has recently been updated and re-released. All previous versions of ADMT are deprecated. The version remains v3.2 because it’s functionally the same as its predecessor (that is, there are no new features). This final release includes various bug fixes and can be used with all supported Windows operating systems and versions of Windows Server Active Directory:

  • The server where you install ADMT can run any supported version of Windows Server, including Windows Server 2012 R2 and Windows Server 2012.

  • The source and target domain controllers must be writeable, but they can run any supported version of Windows Server with a user interface (not Server Core), including Windows Server 2012 R2 and Windows Server 2012.

  • The source and target domains must be at Windows Server 2003 domain functional level or higher.

  • The computers that can be migrated can run any supported version of Windows, including Windows 8.1.

  • You can use any version of SQL Server for the ADMT database.

Support for Windows Server features

No versions of ADMT can be installed on a read-only domain controller (RODC) or a Server Core installation. An RODC cannot be used as a source or target domain controller for migration.

In addition, ADMT provides the following support for these Active Directory features:

Feature Impact of using ADMT

Standalone managed service accounts

Note
Group Managed Service Accounts cannot be migrated.

Can be migrated by using use the Managed Service Account Migration Wizard or the admt managedserviceaccount command.

Authentication Mechanism Assurance

User accounts that are enabled for Authentication Mechanism Assurance need to be migrated by using an include file.

Important

The User Principal Name (UPN) is changed when a user is migrated, which prevents Authentication Mechanism Assurance from working. To work around this issue, you need to keep a record of the UPNs of user accounts that are enabled for Authentication Mechanism Assurance and migrate them using an include file. In an include file, you can specify the targetUPNs for these users to be migrated. This way you can override the UPNs in that target domain with the original UPNS from the source domain. For more information about using an include file, see Use an Include File.

Offline Domain Join

No impact

Active Directory Recycle Bin

No impact

Windows PowerShell

Not incorporated into ADMT

Change History

Date Revision

June 24, 2010

Original publication

June 28, 2010

Windows 7 and Windows Server 2008 R2 were added to the list of supported operating systems for computer migration objects for ADMT v3.1.

June 13, 2014

ADMT v3.2 was re-released. All operating system checks were removed, previous versions of ADMT were deprecated, and the guide was updated accordingly.