Example: Preparing to Restructure Active Directory Domains

Applies To: Windows Server 2003, Windows Server 2003 R2, Windows Server 2003 with SP1, Windows Server 2003 with SP2

Contoso Corporation upgraded its hardware to increase its network bandwidth and the amount of replication traffic that it can support. As a result, the company is consolidating the Africa domain into the EMEA domain.

The Africa domain is the source domain and the EMEA domain is the target domain for the migration. The organization needs to migrate a total of 1,800 users from the Africa domain to the EMEA domain. In addition to the user accounts, they must also migrate resources such as workstations, servers, and groups. Because Contoso Corporation is a large organization with many global groups, closed sets are difficult to identify, so the company decided to migrate global groups as universal groups. They can do this because the infrastructure of the corporation can handle the increased replication of the universal groups and because both the Africa and EMEA domains are operating at the Windows 2000 native functional level. The company created identical OU structures in the Africa and EMEA domains; therefore, they do not need to create a new OU structure or migrate OUs.

Contoso Corporation created a list of computers that run service accounts, so that it can use the Service Account Migration Wizard to identify services that run in the context of user accounts. The company is most concerned about a set of accounts that access a Microsoft® SQL Server™ database. Access to this database is an important part of their business.

The company decides to use ADMT as its migration tool and to use the wizards. The company installs ADMT and creates two account migration groups to use for the migration process. They assign high-level permissions to the first group, and then add the appropriate deployment team members to that group. The centralized deployment team will use this account to migrate users. They assign workstation and local resource permissions to the second group. The deployment team will use the second group to migrate resources at the remote locations.