Create a Rollback Plan

Updated: September 29, 2013

Applies To: Windows Server 2008, Windows Server 2008 R2, Windows Server 2012, Windows Server 2012 R2

Applies to: Active Directory Migration Tool 3.2 (ADMT 3.2)

After you begin the migration process, you cannot roll back the changes that you make to the Active Directory domains in your forest. Because accounts are moved and not copied from one domain to another when you restructure domains, the changes are not reversible. If your plans change after you begin the migration process, the only way to return accounts to your source domain is to remigrate the accounts. Create a rollback plan in case you have to remigrate accounts after you have begun to restructure your domains. To create a rollback plan, select the method that you will use to remigrate accounts.

noteNote
To ensure a successful rollback of an intraforest migration, do not attempt to delete the objects in the target domain and then restore them in the source domain. You will not be able to recover the objects in the source domain because they are automatically deleted by the cross-domain move proxy if a restore is attempted.

You can use the Active Directory Migration Tool (ADMT) to remigrate accounts from the target domain back to the source domain. In this case, the original target domain becomes the new source domain, and the original source domain becomes the new target domain. Follow the same steps in the wizards that you used earlier to migrate the accounts. If you remigrate the accounts, the objects that have been migrated to the target domain and then remigrated to the source domain will have new security identifiers (SIDs). However, they will have the original SID in their SID history. Therefore, they will not be identical to the accounts before the migration, but they will have the same functionality.

If you want to reverse a service account migration, you must enumerate the services again, and then remigrate the service accounts by reversing the target and source domains.

If you use scripts to perform the original migration, using scripts to remigrate accounts is the fastest method to roll back the changes. Simply reverse the objects used for the source and target domains in the script to remigrate the objects.

After you create your rollback plan, make sure to test it to identify and correct any problems before you begin to restructure your Active Directory domains.

Community Additions

ADD
Show: