Remigrating All Global Groups After All Batches Are Migrated

  • Article

Applies To: Windows Server 2003, Windows Server 2003 R2, Windows Server 2003 with SP1, Windows Server 2003 with SP2

After all batches have been migrated, perform a final global group remigration to ensure that any late changes made to global group membership in the source domain are reflected in the target domain. You can remigrate global groups by using the Active Directory Migration Tool console, by using the ADMT command-line option, or by using a script.

To remigrate global groups by using the ADMT console

  1. On the domain controller in the target domain on which ADMT installed, log on by using the ADMT account migration account.

  2. Open the Active Directory Migration Tool, and then select Group Account Migration Wizard.

  3. Complete the Group Account Migration Wizard by using the information in Table 11.18.

    Table 11.18   Using the Group Account Migration Wizard to Remigrate Global Groups

    Wizard Page Action

    Test or Make Changes

    Click Migrate Now?

    Domain Selection

    In the Source domain box, type the NetBIOS or DNS name of the source domain or select the name from a list.

    In the Target domain box, type the NetBIOS or DNS name of the target domain.

    If ADMT includes the names of the source and target domains, ensure that they are correct.

    Group Selection

    Click Add.

    In the Select Groups dialog box, select all global groups, click Add, and then click OK.

    Organizational Unit Selection

    Type the name of the OU, or click Browse.

    In the Browse for Container dialog box, locate the container in the target domain you want to move the global groups into, and then click OK.

    Group Options

    Click Update user rights.

    Ensure that Copy group members is not selected.

    Ensure that Update previously migrated objects is not selected.

    Click Fix membership of group.

    Click Migrate Group SIDs to target domain.

    Click Do not rename accounts

    User Account

    Type the user name, password, and domain of an account that has administrative rights in the source domain.

    Object Property Exclusion

    Clear the Exclude specific object properties from migration check box.

    Naming Conflicts

    Click Replace conflicting accounts (all other options are cleared).

  4. When the wizard has finished running, click View Log, and review the migration log for any errors.

  5. Open Active Directory Users and Computers and locate the target OU. Verify that the global groups exist in the target domain OU.

To remigrate global groups by using the ADMT command-line option

  1. On the domain controller in the target domain on which ADMT is installed, log on by using the ADMT account migration account.

  2. At the command line, type:

    ADMT GROUP /N "group_name1" "group_name2" [parameters]

    You can append parameters to the command as follows:

    ADMT GROUP /N "group_name1" "group_name2" /SD:"source_domain" /TD:"target_domain" /TO:"target_OU" /MSS:YES

    Alternatively, you can include parameters in an option file that is specified at the command line as follows:

    ADMT GROUP /N "group_name1" "group_name2" /O: "option_file.txt"

    Table 11.19 lists the common parameters used for migrating global groups, along with the command-line parameter and option file equivalents.

    Table 11.19   Common Parameters Used for Global Group Migrations

    Parameters Command-Line Syntax Option File Syntax

    Source domain

    /SD:"source_domain"

    SourceDomain="source_domain"

    Source OU location

    /SO:"source_OU"

    SourceOU="source_OU"

    Target domain

    /TD:"target_domain"

    TargetDomain="target_domain"

    Target OU location

    /TO:"target_OU"

    TargetOU="target_OU"

    Migrate GG SIDs

    /MSS:YES

    MigrateSIDs=YES

    Do not rename accts

    /RO:DONT (default)

    RenameOption=DONT

    Ignore conflicting accts and do not migrate them

    /CO:REPLACE

    ConflictOptions=REPLACE

  3. Review the results that are displayed on the screen for any errors.

  4. Open Active Directory Users and Computers and locate the target OU. Verify that the global groups exist in the target domain OU.

To remigrate global groups by using a script

  • Prepare a script that incorporates ADMT commands and options for migrating global groups by using the sample script shown in Listing 11.10.

    Listing 11.10   Remigrating Global Groups Between Forests

    <Job id=" RemigratingGlobalGroupsBetweenForests" >
<Script language=" VBScript"  src=" AdmtConstants.vbs" />
<Script language=" VBScript" >
   Option Explicit

   Dim objMigration
   Dim objGroupMigration

   '
   'Create instance of ADMT migration objects.
   '

   Set objMigration = CreateObject(" ADMT.Migration" )
   Set objGroupMigration = objMigration.CreateGroupMigration

   '
   'Specify general migration options.
   '

   objMigration.SourceDomain = " source domain"
   objMigration.SourceOu = " source container"
   objMigration.TargetDomain = " target domain"
   objMigration.TargetOu = " target container"
   objMigration.ConflictOptions = admtReplaceConflicting

   '
   'Specify group migration specific options.
   '

   objGroupMigration.MigrateSIDs = True

   '
   'Migrate specified group objects.
   '

   objGroupMigration.Migrate admtData, Array(" group name1" ," group name2" )

   Set objGroupMigration = Nothing
   Set objMigration = Nothing
</Script>
</Job>

    For a script file to assist you in creating a script to migrate global groups, see "Remigrating Global Groups Between Forests" (DSSREER_10.wsf) on the Windows Server 2003 Deployment Kit companion CD (or see "Remigrating Global Groups Between Forests" on the Web at https://www.microsoft.com/reskit).