You are on page 1of 9

MCITP 70-640: Active Directory Migration Tool (ADMT)

ADMT is used to quickly move objects around in your forest.


It is used during migrations or when you need to move users
between domains during restructures or job changes. This
video looks at how to install and use ADMT.

Installing ADMT
Before installing ADMT, it is worth downloading the ADMT
guide (see link below). The guide will show you which
installs are supported. If you download the latest version of
ADMT or SQL express you may have install problems and
need to implement a workaround. Reading this guide will
tell you which combination of software will work.
http://www.microsoft.com/enau/download/details.aspx?id=19188
Although possible, it is not recommended to install ADMT
on a Domain Controller. The install itself may not work
correctly and a workaround many need to be implemented
in order to get ADMT to work correctly.

Inter-Forest Migration
This is when objects are being moved/copied between
domains in different forests. The forest can be connected
by any valid trust.

Intra-Forest Migration
This is when the objects are being moved/copied between
domains that are in the same forest.

Sid History
A Sid is a unique number that every object in Active
Directory has. When ADMT moves an object it essentially
creates a new object in the target domain with the same
properties. When a user is moved or copied, the user will
have a different Sid than the old user. Because the new user
has a different Sid, it will not be able to access any of the
resources the old Sid had. Sid history allows Sids for the old
user to be stored with the new user. This essentially allows
the new user to access resources that were assigned using
the old Sids.

Demonstration
In this demonstration ADMT 3.2 will be installed on
Windows Server 2008 R2 with SQL Express 2008 SP1
providing the database support. We could not get SQL
Express 2012 to work in this configuration and the ADMT
guide recommended SQL Express 2008 SP1 to be used. If
you run different version and have installation errors, search
the Microsoft web site for the error. This may give you a
workaround to get that configuration to work.
Once ADMT is installed, it is matter of running the required
wizard depending on what you want to migrate. When
migrating groups, ADMT can be configured to put the user
in the same groups that they had in the old domain. In order
for this to work, the new domain needs to have those
groups created with the same name as the old domain.

If you want to migrate passwords between domains, you


will need the Password Export Server to be installed in the
other domain. Since the ADMT does not check the password
policy of the new domain, the user will be asked to change
their password when they login to the new domain.
References
MCTS 70-640 Configuring Windows Server 2008 Active
Directory pg 573 576
Active Directory Migration Tool (ADMT) Guide
http://www.microsoft.com/enau/download/details.aspx?id=19188
Active Directory Migration Tool (ADMT) Guide
http://www.microsoft.com/enau/download/details.aspx?id=19188

You might also like