Translate Local User Profiles
Applies To: Windows Server 2008, Windows Server 2008 R2, Windows Server 2012, Windows Server 2012 R2
Applies to: Active Directory Migration Tool 3.2 (ADMT 3.2)
Translate local user profiles after you migrate the user accounts. To minimize the disruption to users, translate local user profiles immediately after you migrate a batch of users. If your source domain includes only a small number of pre–Active Directory clients, migrate them as a group, and then translate their user profiles before you migrate the next batch of users.
Typically, no action is required to translate a local profile on clients between domains in the same forest because the GUID of the user remains the same. The local profile can use the SID-to-GUID mapping that it preserves in the registry to reassign the profile of the user, and then reassociate it with the new security identifier (SID).
If you are migrating the user account to a domain within the forest, and the path for the local profile is different, the user profile is modified, and a new profile folder is created on the server with the correct access control lists (ACLs). The administrator must make sure that the user has access to the profile folder.
You can translate local user profiles by using the Active Directory Migration Tool (ADMT) snap-in, the ADMT command-line option, or a script.
Warning
Verify that user profile translation succeeds for each user before that user is allowed to log on. If the user profile translation fails for a user, that user must not log on to the target domain. In this case, roll back the user account manually by disabling the user account in the target domain and enabling the user account in the source domain. If the user logs on before user profile translation succeeds, a new profile will be created for the user and the old profile will not be available.
To translate local user profiles by using the ADMT snap-in
On the computer in the target domain on which ADMT is installed, log on by using the ADMT account migration account.
In the Active Directory Migration Tool (ADMT) snap-in, click Action, and then click Security Translation Wizard.
Complete the Security Translation Wizard by using the information in the following table.
Wizard page Action Security Translation Options
Click Previously migrated objects.
Domain Selection
Under Source, in the Domain drop-down list, type or select the NetBIOS or Domain Name System (DNS) name of the source domain. In the Domain controller drop-down list, type or select the name of the domain controller, or select Any domain controller.
When you perform an intraforest migration, the domain controller that holds the relative ID (RID) operations master (also known as flexible single master operations or FSMO) role is always used as the source domain controller, regardless of your selection.
Under Target, in the Domain drop-down list, type or select the NetBIOS or DNS name of the target domain. In the Domain controller drop-down list, type or select the name of the domain controller, or select Any domain controller, and then click Next.
Computer Selection
Click Select computers from domain, and then click Next. On the Computer Selection page, click Add to select the computers in the source domain that have user profiles that you want to migrate, click OK, and then click Next.
Or
Click Read objects from an include file, and then click Next. Type the location of the include file, and then click Next.
Translate Objects
Click User Profiles.
Security Translation Options
Click Replace.
To translate local user profiles by using the ADMT command-line option
On the computer in the target domain on which ADMT is installed, log on by using the ADMT account migration account.
At the command line, type the
ADMT Security
command with the appropriate parameters and then press ENTER.ADMT SECURITY /N "<computer_name1>" "<computer_name2>" /SD:" <source_domain>" /TD:" <target_domain>" /TOT:REPLACE /TUP:YES
As an alternative, you can include parameters in an option file that is specified at the command line, as follows:
ADMT SECURITY /N "<computer_name1>" "<computer_name2>" /O "option_file.txt "
The following table lists the parameters that are required for translating local user profiles, command-line parameters, and option file equivalents.
Parameters Command-line syntax Option file syntax Intraforest
/IF:YES
IntraForest=YES
<Source domain>
/SD:
"source_domain"SourceDomain=
"source_domain"<Target domain>
/TD:
"target_domain"TargetDomain=
"target_domain"<Target domain>
/TOT:REPLACE
TranslateOption=REPLACE
Modify local user profile security
/TUP:YES
TranslateUserProfiles=YES
Review the results that appear in the migration log for any errors.
To translate local user profiles by using a script
Use the following sample to prepare a script that incorporates ADMT commands and options for translating local user profiles. Copy the script to Notepad, and save the file with a .wsf file name extension in the same folder as the AdmtConstants.vbs file.
<Job id=" TranslatingLocalProfilesWithinForest" > <Script language="VBScript" src="AdmtConstants.vbs" /> <Script language="VBScript" > Option Explicit Dim objMigration Dim objSecurityTranslation ' 'Create instance of ADMT migration objects. ' Set objMigration = CreateObject("ADMT.Migration") Set objSecurityTranslation = objMigration.CreateSecurityTranslation ' 'Specify general migration options. ' objMigration.IntraForest = True objMigration.SourceDomain = "source domain" objMigration.TargetDomain = "target domain" ' 'Specify security translation specific options. ' objSecurityTranslation.TranslationOption = admtTranslateReplace objSecurityTranslation.TranslateUserProfiles = True ' 'Perform security translation on specified computer objects. ' objSecurityTranslation.Translate admtData, _ Array("computer name1" ,"computer name2" ) Set objSecurityTranslation = Nothing Set objMigration = Nothing </Script> </Job>