Completing the Account Migration
Applies To: Windows Server 2003, Windows Server 2003 R2, Windows Server 2003 with SP1, Windows Server 2003 with SP2
After you migrate all batches of accounts from the source to the target domain, you can complete the account migration process. This involves the following steps:
Transferring user and group administration to the target domain by doing the following:
Freezing user and group administration in the source domain.
Maintaining at least two operational domain controllers in the source domain until the account migration process is complete.
Backing up the two domain controllers in the source domain.
Beginning administration of user and group accounts in the target domain.
Decommissioning the Windows NT 4.0 source account domain by doing the following:
Note
Ensure that you retain a full system backup of the PDC for each account domain. This enables you to bring the account domain back online.
Removing all trust relationships involving the Windows NT 4.0 source account domain.
Repurposing any remaining account domain controllers in the source account domain that you did not migrate to the target domain.
Disabling all accounts that you created during the migration process, including those accounts to which you assigned administrative credentials.
When you decommission the source account domain, shared local groups and local groups in resource domains that you have not translated by using the Security Translation Wizard display group members as account unknown because member names from the source domain do not resolve. Those group memberships still exist, however, and this does not impact users.
Note
- Do not delete shared local groups and local groups that display account unknown because this disables the access facilitated by SID history. Run the Security Translation Wizard to remove these entries.