Steps required for Active Directory Migration

1. Establish a two-way trust relationship on the target domain.

2. Turn off SID filtering on the target domain

Source domain: old.com

Target domain: net.com

Netdom trust old.com /domain:net.com /quarantine:NO

/usero:old\\administrator /password:*

3. Arrange the ADMT tool on the target domain.

4. Run the command line ADMT KEY on the target domain to generate the .pes file (the password is not the password of the source domain administrator, but the password of the protection pes file)

admt key old.com c:\\*

5. Copy the .pes file on the target domain to the source domain.

6. Modify the security policy of the domain controller on the target domain, and change the audit account management to "success" and "failure". The same is true on the source domain. Run the policy refresh tool when you are done.

7. Modify a group in the "AD User and Computer" of the target domain, "Pre-Windows 2000 compatible access" under the Bulitin container, and add the anonymous login;everyone users to their group. in.

8, install the password export tool on the source domain to set the password export, find the copied .pes file in the installation process. Modify the registry after you finish, otherwise you will not be able to use the password export tool.

(1) Open the password export function: HKEY Local_machine\\system\\currentcontrolset\\control\\LSA "AllowpasswordExport" key value, change 0 to 1;

(2) Allow ADMT tools Access the SAM database: HKEY Local_machine\\system\\currentcontrolset\\control\\LSA The key value of the new DWORD type, named "Tcpipclientsupport", set the value to 1. And restart your computer.

9. Use the ADMT tool in the target domain to migrate users and computers, and use LDP to monitor SIDHistory.

This article is from 51CTO.COM technology blog