Blog

ADMT Series – 9. Merging Users with a Different sAMAccountName

Is the last post we looked at a vanilla user account migration, assuming a clean target domain. There may be a situation where the users have already been created in the target domain with a different sAMAccountName. For example, the user Branch Warren might have the sAMAccountName of bwarren in the source domain but branch.warren in the target. Source

ADMT Series – 8. User Account Migration Wizard

In this post we’ll run through the User Account Migration Wizard to migrate users from the source to target domain. This guide will cover migrating users that do not exist in the target domain, if they do, please wait for the next article which will cover merging user accounts with an include file and/or migrating only the siDHistory attribute (with no other attributes). I have created 9 test users in the source domain, which are

ADMT Series – 7. Group Account Migration Wizard

Universal, global and domain local groups can be migrated with the ADMT tool. Each group type has different rules for membership, and each group type serves a different purpose. This affects the order that the groups are migrated from the source to the target domains.   Universal groups Universal groups can contain members from any domain in the forest, and they can replicate group membership to the global catalog. Therefore, you can use them for

ADMT Series – 6. Service Account Migration Wizard

The Service Account Migration Wizard will identify, migrate and update services that run in the context of a domain user account. ADMT does not migrate services running under the Local System account as they are migrated automatically when the computer is migrated. The Local Service and Network Service accounts are not migrated, because they are well-known accounts that always exist in domains. When you run the Migrate Service Account Wizard, you are asked to select

ADMT Series – 3. SID History

In the first post we setup the trust and prepared Active directory for the migration. One of the last messages provided when creating the trust states: To improve the security of this external trust, security identifier (SID) filtering is enabled. However, if users have been migrated to the trusted domain and their SID histories have been preserved, you may choose to turn off this feature.

ADMT Series – 2. Preparing the ADMT Machine

You should install ADMT and SQL onto a member server in the target forest. Use the ADMT service account explained in the previous post to install SQL and ADMT. ADMT requires a preconfigured instance of SQL Server for its underlying data store, so we’ll go ahead and install SQL 2008 SP1 Express on ADMT.target.local. Installing SQL Express 2008 SP1 SQL Express download here: http://www.microsoft.com/download/en/details.aspx?displaylang=en&id=25052 1. Choose New Stand-alone

ADMT Series – 1. Preparing Active Directory

I just finished migrating our company domain windows server 2008 to a totally new domain windows server 2012, this series from thesysadmins helped me a lot Introduction to Series After recently using ADMT for an Active Directory migration I thought I’d write a series to document its use and to share any useful tips I found along the way. This first post will explain how to prepare the Active Directory for the migration process.

Server 2012 – Moving Between GUI, Core and Minimal Server Interface

One of the cool new abilities with 2012, is that you can configure the server as normal with the GUI, and then ‘take it back to the core’ once you have finished! Great for those who were put off by the potential complexity of learning new commands and administration techniques with core-only. Switch from Server 2012 Core to GUI If you install Server Core, the binaries to add the GUI aren’t present (resulting in a

Group Policy – GPUpdate an OU of Computers

There are times when you need to remotely refresh the group policy on a group of computers, bypassing the 90 minute (+30 minute offset) default interval. Let’s look at 3 ways to achieve that, two of the methods require Server 2012 or Windows 8 with the remote administration tools to initiate the refresh, and the 3rd method can be initiated from Windows 7 or Server 2008 R2.   Method 1. Server 2012 introduced the functionality

Deliver RemoteApps to end users

Windows Server 2012 gives several options that offer the ability to automate application icons distribution to users, and keeps them up to date if later on you make some changes to what apps (and desktops!) are available through RDS. 5 different ways to achieve this goal as following:

  • RDWeb Access web site
  • RemoteApp control panel
  • Group Policy Object
  • Modern Remote Desktop App
  • Manually copy RDP file

Each of the options below has a dependency