Remigrating All Global Groups After All Batches Are Migrated

  • Article

Applies To: Windows Server 2008, Windows Server 2008 R2, Windows Server 2012, Windows Server 2012 R2

Applies to: Active Directory Migration Tool 3.2 (ADMT 3.2)

After all batches have been migrated, perform a final global group remigration to ensure that any late changes that are made to global group membership in the source domain are reflected in the target domain. You can remigrate global groups by using the Active Directory Migration Tool ADMT snap-in, the ADMT command-line option, or a script.

Important

When you start a global group migration with SID history from the command line or from a script, you must perform the migration on a domain controller in the target domain.

To remigrate global groups by using the ADMT snap-in

  1. On the computer in the target domain on which ADMT is installed, log on by using the ADMT account migration account.

  2. Use the Group Account Migration Wizard by performing the steps in the following table.

    Wizard page Action

    Domain Selection

    Under Source, in the Domain drop-down list, type or select the NetBIOS or Domain Name System (DNS) name of the source domain. In the Domain controller drop-down list, type or select the name of the domain controller, or select Any domain controller.

    Under Target, in the Domain drop-down list, type or select the NetBIOS or DNS name of the target domain. In the Domain controller drop-down list, type or select the name of the domain controller, or select Any domain controller, and then click Next.

    Group Selection

    Click Select groups from domain, and then click Next. On the Group Selection page, click Add to select the groups in the source domain that you want to migrate, click OK, and then click Next.

    Or

    Click Read objects from an include file, and then click Next. Type the location of the include file, and then click Next.

    Organizational Unit Selection

    Type the name of the organization unit (OU), or click Browse.

    In the Browse for Container dialog box, find the container in the target domain that you want to move the global groups into, and then click OK.

    Group Options

    Click Update user rights.

    Ensure that Copy group members is not selected.

    Ensure that Update previously migrated objects is not selected.

    Click Fix membership of group.

    Click Migrate Group SIDs to target domain.

    User Account

    Type the user name, password, and domain of an account that has administrative rights in the source domain.

    Object Property Exclusion

    Clear the Exclude specific object properties from migration check box.

    Conflict Management

    Select the Migrate and merge conflicting objects check box (all other options are cleared).

  3. When the wizard has finished running, click View Log, and review the migration log for any errors.

  4. Open Active Directory Users and Computers, and locate the target OU. Verify that the global groups exist in the target domain OU.

To remigrate global groups by using the ADMT command-line option

  1. On a domain controller in the target domain on which ADMT is installed, log on by using the ADMT account migration account

Important

When you start a global group migration with SID history from the command line, you must perform the migration on a domain controller in the target domain. It is recommended that you use a full version of SQL Server when you install ADMT on a domain controller.

  1. At the command line, type the ADMT Group command with the appropriate parameters, and then press ENTER.

    ADMT GROUP /N "<group_name1>" "<group_name2>" /SD:" <source_domain>" /TD:" <target domain>" /TO:" <target OU>" /MSS:YES /CO:REPLACE

    As an alternative, you can include parameters in an option file that is specified at the command line as follows:

    ADMT GROUP /N "<group_name1>" "<group_name2>" /O: "<option_file>.txt"

    The following table lists the common parameters that are used for migrating global groups, along with the command-line parameter and option file equivalents.

    Parameters Command-line syntax Option file syntax

    <Source domain>

    /SD:"source_domain"

    SourceDomain="source_domain"

    <Source OU> location

    /SO:"source_OU"

    SourceOU="source_OU"

    <Target domain>

    /TD:"target_domain"

    TargetDomain="target_domain"

    <Target OU> location

    /TO:"target_OU"

    TargetOU="target_OU"

    Migrate GG SIDs

    /MSS:YES

    MigrateSIDs=YES

    Conflict management

    /CO:REPLACE

    ConflictOptions=REPLACE

  2. Review the results that are displayed on the screen for any errors.

  3. Open Active Directory Users and Computers, and locate the target OU. Verify that the global groups exist in the target domain OU.

To remigrate global groups by using a script

  • Prepare a script that incorporates ADMT commands and options for migrating global groups by using the following sample script. Copy the script to Notepad, and save the file with a .wsf file name extension in the same folder as the AdmtConstants.vbs file.

    <Job id=" RemigratingGlobalGroupsBetweenForests" >
<Script language="VBScript"  src="AdmtConstants.vbs" />
<Script language="VBScript" >
   Option Explicit

   Dim objMigration
   Dim objGroupMigration

   '
   'Create instance of ADMT migration objects.
   '

   Set objMigration = CreateObject("ADMT.Migration" )
   Set objGroupMigration = objMigration.CreateGroupMigration

   '
   'Specify general migration options.
   '

   objMigration.SourceDomain = "source domain" 
   objMigration.SourceOu = "source container" 
   objMigration.TargetDomain = "target domain" 
   objMigration.TargetOu = "target container" 
   objMigration.ConflictOptions = admtReplaceConflicting

   '
   'Specify group migration specific options.
   '

   objGroupMigration.MigrateSIDs = True

   '
   'Migrate specified group objects.
   '

   objGroupMigration.Migrate admtData, Array("group name1" ,"group name2" )

   Set objGroupMigration = Nothing
   Set objMigration = Nothing
</Script>
</Job>