User
and Group Migration
You must
configure the source domain to trust the
target domain. Optionally, the target
may be configured to trust the source
domain. While this may ease
configuration, it is not required to
finish the ADMT migration.
Requirements for Optional Migration
Tasks
You can
complete the following tasks
automatically by running the User
Migration Wizard in Test mode and
selecting the migrate sIDHistory option.
The user account you use to run ADMT
must be an Administrator in both the
source and the target domains for the
automatic configuration to succeed.
-
Create
a new local group in the source
domain that is named
%sourcedomain%$$$. There must be
no members in this group.
-
Turn
on auditing for the success and
failure of Audit account management
on both domains in the Default
Domain Controllers policy.
-
Configure the source domain to allow
RPC access to the SAM by configuring
the following registry entry on the
PDC Emulator in the source domain
with a DWORD value of 1:
HKEY_LOCAL_MACHINE\System\CurrentControlSet\
Control\LSA\TcpipClientSupport
You must
restart the PDC Emulator after you make
this change.
Note:
For Windows 2000 domains, the account
you use to run ADMTv2 must have domain
administrator permissions in both the
source and target domains. For Windows
Server 2003 target domains, the 'Migrate
sIDHistory' may be delegated. For more
information, see Windows Server 2003
Help & Support. |
