Migrate Accounts
Applies To: Windows Server 2008, Windows Server 2008 R2, Windows Server 2012, Windows Server 2012 R2
Applies to: Active Directory Migration Tool 3.2 (ADMT 3.2)
You can migrate each batch of user accounts by using the Active Directory Migration Tool (ADMT) snap-in, the ADMT command-line option, or a script. If you are migrating user accounts that have the authentication mechanism assurance enabled, use an include file. In the include file, specify the original user principal name (UPNs) from the source domain as the target UPNs to keep the authentication mechanism assurance working. For more information about using an include file, see Use an Include File.
To migrate user accounts by using the ADMT snap-in
On the computer in the target domain on which ADMT is installed, log on by using the ADMT account migration account.
Use the User Account Migration Wizard by performing the steps in the following table.
Wizard page Action Domain Selection
Under Source, in the Domain drop-down list, type or select the NetBIOS or Domain Name System (DNS) name of the source domain. In the Domain controller drop-down list, type or select the name of the domain controller, or select Any domain controller.
When you perform an intraforest migration, the domain controller that holds the relative ID (RID) operations master (also known as flexible single master operations or FSMO) role is always used as the source domain controller regardless of your selection.
Under Target, in the Domain drop-down list, type or select the NetBIOS or DNS name of the target domain. In the Domain controller drop-down list, type or select the name of the domain controller, or select Any domain controller, and then click Next.
User Selection
Click Select users from domain, and then click Next. On the Group Selection page, click Add to select the users in the source domain that you want to migrate in the current batch, click OK, and then click Next.
Or
Click Read objects from an include file, and then click Next. Type the location of the include file, and then click Next.
Organizational Unit Selection
Ensure that ADMT lists the correct target organizational unit (OU). If it is not correct, type the correct OU, or click Browse.
In the Browse for Container dialog box, locate the target domain and OU, and then click OK.
User Options
Select the Translate roaming profiles check box.
Select the Update user rights check box.
Clear the Migrate associated user groups check box. A warning box appears that states that if the global groups to which the user accounts belong are not also migrated, users will lose access to resources. Click OK to continue with the migration.
Conflict Management
Click Do not migrate source object if a conflict is detected in the target domain.
After you click Finish in the User Account Migration Wizard, the Migration Progress dialog box appears. After the status changes to Completed, view the migration log to determine whether any errors occurred in the migration process. In the Migration Progress dialog box, click Close.
The migrated user accounts can log on only to the target domain, and they are prompted to change the password the first time that they log on to the target domain.
To migrate the user accounts by using the ADMT command-line option
- On the computer in the target domain on which ADMT is installed, log on by using the ADMT account migration account.
Note
When you start a user migration with sIDHistory migration from the command line, you must run the command on a domain controller in the target domain.
At a command line, type the
ADMT Usercommand with the appropriate parameters, for example:ADMT USER /N "<user_name1>" "<user_name2>" /IF:YES /SD:" <source_domain>" /TD:" <target_domain>" /TO:" <target_OU>" /TRP:YES /UUR:YESAs an alternative, you can include parameters in an option file that is specified on the command line, as follows:
ADMT USER /N "<user_name1>" "<user_name2>" /O "<option_file>.txt"The following table lists the parameters that are required for migrating user accounts, the command-line parameters, and option file equivalents.
Parameters Command-line syntax Option file syntax Intraforest
/IF:YESIntraForest=YES<Source domain>
/SD:"source_domain"SourceDomain="source_domain"<Source OU> location
/SO:"source_OU"SourceOU="source_OU"<Target domain>
/TD:"target_domain"TargetDomain="target_domain"<Target OU> location
/TO:"target_OU"TargetOU="target_OU"Conflict management
/CO:IGNORE(default)ConflictOptions=IGNORETranslate roaming profile
/TRP:YES(default)TranslateRoamingProfile=YESUpdate user rights
/UUR:YESUpdateUserRights=YESReview the results that appear on the screen for any errors.
Open Active Directory Users and Computers, and then locate the target domain OU. Verify that the users exist in the target domain OU.
To migrate user accounts by using a script
Note
When you start a user migration with sIDHistory migration from a script, the script must be run on a domain controller in the target domain.
Use the following sample to prepare a script that incorporates ADMT commands and options for migrating user accounts within a forest. Copy the script to Notepad, and save the file with a .wsf file name extension in the same folder as the AdmtConstants.vbs file.
<Job id=" MigratingUserAccountsWithinForest" >
<Script language="VBScript" src="AdmtConstants.vbs" />
<Script language="VBScript" >
Option Explicit
Dim objMigration
Dim objUserMigration
'
'Create instance of ADMT migration objects.
'
Set objMigration = CreateObject("ADMT.Migration" )
Set objUserMigration = objMigration.CreateUserMigration
'
'Specify general migration options.
'
objMigration.IntraForest = True
objMigration.SourceDomain = "source domain"
objMigration.SourceOu = "source container"
objMigration.TargetDomain = "target domain"
objMigration.TargetOu = "target container"
'
'Specify user migration specific options.
'
objUserMigration.TranslateRoamingProfile = True
objUserMigration.UpdateUserRights = True
objUserMigration.FixGroupMembership = True
objUserMigration.MigrateServiceAccounts = False
'
'Migrate specified user objects.
'
objUserMigration.Migrate admtData, Array("user name1" ,"user name2" )
Set objUserMigration = Nothing
Set objMigration = Nothing
</Script>
</Job>