Introduction to migration configurations of Active Directory accounts

First introduce the environment:

Production Environment: example.cn

Test domain environment: fengdian.info

System Platform: 2K08 R2

Forest, Domain Function level: Windows Server 2008

Requirements:The test domain environment "fengdian.info" synchronizes all user accounts in the production domain environment to achieve the basic unification of the test environment and production environment.

1. Convenient function testing. (Here, only the migration account, without the migration password)

Tools are required for migrating Domain Users and passwords:Admtsetup32.exeAndPwdmig. msi(This tool is not described here ).

Admtsetup32.exe migration tool Installation:

Run the executable program "admtsetup32.exe". The installation wizard is displayed:

650) this. width = 650; "style =" width: 502px; height: 418px; "title =" 01.png" alt = "145331658.png" src =" http://www.bkjia.com/uploads/allimg/131229/114J63Z3-0.png "width =" 488 "height =" 410 "/>

The migration tool must use a database instance to save temporary data. Therefore, you must install the database.

Click "Download SQL Server Express Edition" to download SQL Express 2005. Follow the Wizard to install it gradually.

After the database is installed, perform the next step]

Agree to the license agreement:

650) this. width = 650; "title =" 2.png" alt = "145410965.png" src =" http://www.bkjia.com/uploads/allimg/131229/114J633M-1.png "width =" 492 "height =" 413 "/>

Client experience plan: Select "do not join"

650) this. width = 650; "title =" 3.png" alt = "145423900.png" src =" http://www.bkjia.com/uploads/allimg/131229/114JC102-2.png "width =" 492 "height =" 415 "/>

Enter the database instance name. After SQL Express is installed by default, the database instance is SQLExpress by default.

650) this. width = 650; "title =" 4.png" alt = "145442.16.png" src =" http://www.bkjia.com/uploads/allimg/131229/114JB507-3.png "width =" 496 "height =" 411 "/>

Migration tool installation completed:

Displays the installation path, Log Path, and database information.

650) this. width = 650; "title =" 5.png" alt = "145459973.png" src =" http://www.bkjia.com/uploads/allimg/131229/114JA446-4.png "width =" 493 "height =" 411 "/>

Prepare to migrate Domain Users:

Before migration, you must establish a trust relationship between the two domains. For details about how to establish a trust relationship, see"Instance description Active Directory domain information

System"Article.

After the trust relationship is established, start the migration tool:

Management tools> Active Directory migration tool, or enter "migrator. msc" to start the migration tool:

650) this. width = 650; "style =" width: 617px; height: 557px; "title =" 6.png" alt = "145541410.png" src =" http://www.bkjia.com/uploads/allimg/131229/114J63c9-5.png "width =" 581 "height =" 544 "/>

Management Interface:

650) this. width = 650; "style =" width: 677px; height: 418px; "title =" 7.png" alt = "145607260.png" src =" http://www.bkjia.com/uploads/allimg/131229/114J63039-6.png "width =" 807 "height =" 416 "/>

Select "Active Directory migration tool", right-click "User Account migration wizard ":

There are multiple options: "User Account migration wizard", "group account migration wizard", "Computer migration wizard", and "service account migration

The migration wizard and password migration wizard provide different functions for different migration objects:

650) this. width = 650; "style =" width: 661px; float: none; height: pixel PX; "title =" 8.png" alt = "145913856.png" src =" http://www.bkjia.com/uploads/allimg/131229/114J63503-7.png "width =" 617 "height =" 363 "/>

Account migration welcome page:

650) this. width = 650; "style =" float: none; "title =" 9.png" alt = "145915492.png" src =" http://www.bkjia.com/uploads/allimg/131229/114JA5K-8.png "/>

Domain selection: used to specify the source domain and controller and target domain and Controller

Source: Specifies the source domain and controller, that is, where the account is exported. Here is the production domain "example.cn"

Target: Specify the target domain and controller, that is, where the account is imported. The test domain "fengdian.info" is used here"

Suggestion: We recommend that you set the source domain controller to an extra-Domain Controller. It doesn't matter if you only migrate accounts to it. If you migrate passwords at the same time,

Select the extra-Domain Controller whenever possible. Because the password migration tool "pwdmig. msi" needs to be installed on the source domain controller.

Restart, and the production environment will be affected. Therefore, we recommend that you select an extra-Domain Controller.

650) this. width = 650; "style =" float: none; "title =" 10.png" alt = "145917736.png" src =" http://www.bkjia.com/uploads/allimg/131229/114J62645-9.png "width =" 498 "height =" 357 "/>

User selection options:

Select the user method. Here, select "Select User from domain ":

650) this. width = 650; "style =" float: none; "title =" 11.png" alt = "145919819.png" src =" http://www.bkjia.com/uploads/allimg/131229/114J615W-10.png "width =" 496 "height =" 360 "/>

Add to select the user to be migrated:

650) this. width = 650; "style =" float: none; "title =" 12.png" alt = "150525195.png" src =" http://www.bkjia.com/uploads/allimg/131229/114J61J1-11.png "/>

Search now. All Domain Users except "administrator" are selected here:

650) this. width = 650; "style =" float: none; "title =" 13.png" alt = "150527155.png" src =" http://www.bkjia.com/uploads/allimg/131229/114J61P5-12.png "width =" 503 "height =" 522 "/>

650) this. width = 650; "style =" float: none; "title =" 14.png" alt = "150529899.png" src =" http://www.bkjia.com/uploads/allimg/131229/114J62434-13.png "width =" 489 "height =" 346 "/>

Next, browse: select the OU location where the account is imported to the target domain. Here, select "headquarters" OU:

650) this. width = 650; "style =" float: none; "title =" 15.png" alt = "150531144.png" src =" http://www.bkjia.com/uploads/allimg/131229/114J63242-14.png "width =" 488 "height =" 350 "/>

650) this. width = 650; "style =" float: none; "title =" 16.png" alt = "150834159.png" src =" http://www.bkjia.com/uploads/allimg/131229/114JBb5-15.png "/>

Description:

650) this. width = 650; "style =" float: none; "title =" 17.png" alt = "150836744.png" src =" http://www.bkjia.com/uploads/allimg/131229/114JCH8-16.png "/>

Password options:

There are two options: one is the migration password, the other is not the migration password, and the account automatically generates a complex password after migration;

In this example, if the password is not migrated, select "automatically generate complex password ",

Check "Do not update existing user passwords" to ensure that the original user passwords in the target domain are not affected;

And set the password file storage location;

650) this. width = 650; "style =" float: none; "title =" 18.png" alt = "150838831.png" src =" http://www.bkjia.com/uploads/allimg/131229/114JA513-17.png "/>

Account conversion option: the initial status of the account after the account is migrated to the new domain. You can select "enable", "Disable", "Same as source domain ",

The third option is "Same as the source domain ";

You can also select "migrate user SID to target domain" to migrate SID at the same time.

650) this. width = 650; "style =" float: none; "title =" Maid alt = "151413358.png" src =" http://www.bkjia.com/uploads/allimg/131229/114JB014-18.png "width =" 493 "height =" 350 "/>

Select "repair user group membership ":

650) this. width = 650; "style =" float: none; "title =" 21.png" alt = "151415861.png" src =" http://www.bkjia.com/uploads/allimg/131229/114JCX7-19.png "/>

User object migration settings:

Select all migration. exclude is not set here.

650) this. width = 650; "style =" float: none; "title =" 22.png" alt = "151417841.png" src =" http://www.bkjia.com/uploads/allimg/131229/114J64A3-20.png "/>

Conflict management: used to set the operations performed when the objects in the target domain conflict with the objects in the source domain,

Select "do not migrate objects when a conflict is detected" to prevent overwriting the objects and their attributes in the test domain.

650) this. width = 650; "style =" float: none; "title =" 23.png" alt = "151419488.png" src =" http://www.bkjia.com/uploads/allimg/131229/114JA5V-21.png "/>

Complete the user account migration Wizard:

650) this. width = 650; "style =" float: none; "title =" 25.png" alt = "151720.15.png" src =" http://www.bkjia.com/uploads/allimg/131229/114J62344-22.png "/>

Complete: Perform the migration. The migration process is as follows:

650) this. width = 650; "style =" float: none; "title =" 26.png" alt = "151720.5.png" src =" http://www.bkjia.com/uploads/allimg/131229/114JAN2-23.png "/>

Migration completed:

Click "view logs" to view detailed migration logs.

650) this. width = 650; "style =" float: none; "title =" 27.png" alt = "151740473.png" src =" http://www.bkjia.com/uploads/allimg/131229/114J63160-24.png "/>

Check whether the user has been migrated successfully:

Before ADUC migration:

650) this. width = 650; "style =" float: none; "title =" 50.png" alt = "151931728.png" src =" http://www.bkjia.com/uploads/allimg/131229/114J61Q9-25.png "width =" 637 "height =" 485 "/>

After ADUC migration:

The account for migration from the source domain has been generated under "headquarters" OU, as shown in:

650) this. width = 650; "title =" 28.png" alt = "152039230.png" src =" http://www.bkjia.com/uploads/allimg/131229/114J612K-26.png "width =" 538 "height =" 451 "/>

The following describes the migration process of the next group account.:

In the migration wizard, select "group account migration wizard ":

650) this. width = 650; "style =" float: none; "title =" 51.png" alt = "152232958.png" src =" http://www.bkjia.com/uploads/allimg/131229/114J630K-27.png "width =" 523 "height =" 361 "/>

Set the source domain, target domain, and corresponding controller:

650) this. width = 650; "style =" float: none; "title =" 52.png" alt = "152234437.png" src =" http://www.bkjia.com/uploads/allimg/131229/114JA548-28.png "/>

Select "select group from domain"

650) this. width = 650; "style =" float: none; "title =" 53.png" alt = "152236792.png" src =" http://www.bkjia.com/uploads/allimg/131229/114JC456-29.png "/>

Add:

650) this. width = 650; "style =" float: none; "title =" 54.png" alt = "152238275.png" src =" http://www.bkjia.com/uploads/allimg/131229/114JC453-30.png "/>

Follow the Wizard to complete the migration.

After the operation, check the migration result:

650) this. width = 650; "style =" float: none; "title =" 55.png" alt = "152240218.png" src =" http://www.bkjia.com/uploads/allimg/131229/114J61I1-31.png "/>

In this way, the accounts and groups have been migrated.

Password migration is not involved here. You can find time for password migration to introduce it separately.

This article is from the "Wind boy" blog, please be sure to keep this source http://magic3.blog.51cto.com/1146917/1345011