Create a Rollback Plan

  • Article

Applies To: Windows Server 2003, Windows Server 2003 R2, Windows Server 2003 with SP1, Windows Server 2003 with SP2

After you begin the migration process, you cannot roll back the changes that you make to the Active Directory domains in your forest. Because accounts are moved and not copied from one domain to another when you restructure domains, the changes are not reversible. If your plans change after you begin the migration process, the only way to return your source domain is to remigrate the accounts. Create a rollback plan in case you need to remigrate accounts after you have begun to restructure your domains. To create a rollback plan, select the method that you will use to remigrate accounts.

You can use the ADMT wizards to remigrate accounts from the target domain back to the source domain. In this case, the original target domain becomes the new source domain, and the original source domain becomes the new target domain. Follow the same steps in the wizards that you used earlier to migrate the accounts. If you remigrate the accounts, the objects that have been migrated to the target domain and then remigrated to the source domain will have new SIDs. However, they will have the original SID in their SID history so they will not be identical to the accounts before the migration, but they will have the same functionality.

Another option for remigrating accounts is to use the Undo Wizard in ADMT. The Undo Wizard uses fewer steps than the other ADMT wizards to remigrate accounts back to their original domain. However, the Undo Wizard only remigrates accounts that were originally migrated by using the User Account Migration Wizard, the Group Account Migration Wizard, and the Computer Account Migration Wizard. It does not undo changes that were made by the Service Account Migration Wizard or the Security Translation Wizard. The Undo Wizard only reverses the last operation that was performed.

If you want to reverse a service account migration, you must enumerate the services again, and then remigrate the service accounts by reversing the target and source domains.

If you use scripts to perform the original migration, using scripts to remigrate accounts is the fastest method to roll back the changes. Simply reverse the objects used for the source and target domains in the script to remigrate the objects.

Note

  • If the functional level of the original source domain is Windows 2000 mixed, you cannot use a rollback method to undo the changes and migrate the accounts back to the source domain. A remigration requires that the original source domain becomes the target domain, and the functional level of the target domain must be Windows 2000 native or Windows Server 2003. For this reason, it is not recommended that you restructure domains that are operating at the Windows 2000 mixed functional level or the Windows Server 2003 interim domain functional level.

After you create your rollback plan, make sure to test it to identify and correct any problems before you begin to restructure your Active Directory domains.