Resources For IT Professionals
Post an article
Wikis - Page Details
  • First published by (eMicrosoft Community Contributo)
  • When: 19 Jan 2013 9:37 PM
  • Last revision by (eMicrosoft Community Contributo)
  • When: 1 Feb 2013 2:56 AM
  • Revisions: 19
  • Comments: 2
Options
RSSSubscribe to Article (RSS)
Can You Improve This Article?
Positively! Click Sign In to add the tip, solution, correction or comment that will help other users.

Report inappropriate content using these instructions.
Wiki  >  TechNet Articles  >  ADMT-Migration ("Domain local" group with all members)

ADMT-Migration ("Domain local" group with all members)

ADMT-Migration ("Domain local" group with all members)

Trusting domain name is "Contoso.com" & Trusted domain name is "microsoft.com". Now we will be migrated a domain local group(will_be_Migrated). Which having multiple members from trusting domain & trusted domain.ADMT Version 3.1.



Will migrate a domain local group group called will_be_Migrated


but is the member of the trusing domain(Contoso.com) and Ed & Richard is the member of the trusted domain (Microsoft.com)


Click Active Directory Migration tool


ADMT Wizard


Click Group Account Migration Wizard


Click Next


Select the source & target domain and DCs


Click next




Click next


Type the group name



Need to Browse the target OU & Click next

Fix membership of group(Selected by default) should be selected for migrating the all group members.


Click next

Click next

Click finish.


See the errors if anything is there & after competeing the migration you need to check the ADMT log.
Log location is C:\Windows\ADMT\Logs. I have given this migration log below.
---------------------------ADMT LOG-----------------------------
[Settings Section]
Task: Group Migration (2)
ADMT Console
    User:       CONTOSO\Administrator
    Computer:   KOL-LDS01.contoso.com (KOL-LDS01)
        Domain:     contoso.com (CONTOSO)
        OS:         Windows Server (R) 2008 Datacenter 6.0 (6001) Service Pack 1
Source Domain
    Name:   contoso.com (CONTOSO)
    DC:     KOL-LDS01.contoso.com (KOL-LDS01)
        OS:     Windows Server® 2008 Datacenter 6.0 (6001) Service Pack 1
    OU:    
Target Domain
    Name:   microsoft.com (MICROSOFT)
    DC:     biz-ads0001.microsoft.com (BIZ-ADS0001)
        OS:     Windows Server 2003 5.2 (3790) Service Pack 2
    OU:     LDAP://microsoft.com/OU=ptest,DC=microsoft,DC=com
Intra-Forest: No
Migrate Security Identifiers: No
Update Rights: No
Fix group membership: Yes
Conflict Option: Ignore
Migrate members: No

[Object Migration Section]
2013-01-20 10:57:06 Starting Account Replicator.
2013-01-20 10:57:06 CN=will_be_Migrated  - Created
2013-01-20 10:57:07 WRN1:7561 ADMT could not migrate some properties for this object type (group) due to schema mismatches.  Please refer to the Schema Section in the migration log for a complete listing.  The Schema Section will be available once object migration is complete.
2013-01-20 10:57:07 Processing group membership for CN=will_be_Migrated.
2013-01-20 10:57:07 MICROSOFT\Richard added.
2013-01-20 10:57:07 MICROSOFT\Ed added.
2013-01-20 10:57:08 CONTOSO\but added.
2013-01-20 10:57:08 Operation completed.

[Schema Section]
The following properties for group objects are not defined in the target forest schema.
msDS-AzBizRule
msDS-AzBizRuleLanguage
msDS-AzLastImportedBizRulePath
msDS-AzApplicationData
msDS-PrincipalName
msDS-RevealedDSAs
msDS-KrbTgtLinkBl
msDS-IsFullReplicaFor
msDS-IsDomainFor
msDS-IsPartialReplicaFor
msDS-PhoneticDisplayName
msDS-AzObjectGuid
msDS-AzGenericData
msDS-AuthenticatedToAccountlist
msDS-NC-RO-Replica-Locations-BL
msDS-RevealedListBL
msDS-PSOApplied
msDS-NcType

If you check the entire the log you will get the all informations about the migration.
Now have a look the Microsoft.com domain where I have migrated the group.



Bingo!!! But, Ed & Richard is there into that Domain local group.
___________________________________________________________________________________________________________________


Using Group Nesting Strategy - AD Best Practices for Group Strategy

Users will be present in trusted domain & trusting domain as well coz Inter forest migration is the copy paste operation not the cut paste. Cut paste operataion is Intra forest migration.

How to Disable SID Filtering

Contoso.com is the trusting domain & GS is the trusted domain.

Enabling the sidhistory for Forset trust

Netdom trust contoso.com /domain:gs.com /enableSIDhistory:yes

Enabling the sidhistory for External trust

Netdom trust contoso.com /domain:gs.com /quarantine:No

__________________________________________________________________________________________________________________

1.ADMT not fixing user group membership
2.Active Directory Migration Using ADMT 3.1
3.Users are not migrated when you use Active Directory Migration Tool with the "Fix users' group memberships" option in Windows Server 2003

, , , , , , , , , , [Edit tags]
Leave a Comment
  • Please add 7 and 7 and type the answer here:
  • Post
Wiki - Revision Comment List(Revision Comment)
Wikis - Comment List
Sort by: Published Date | Most Recent | Most Useful
Posting comments is temporarily disabled until 10:00am PST on Saturday, December 14th. Thank you for your patience.
Comments
Page 1 of 1 (2 items)