Shulou(Shulou.com)06/03 Report--

This article mainly discusses the requirements and methods of using ADMT tools. There is a certain reference value, friends in need can refer to, follow the editor to see the solution.

I. matters needing attention before using ADMT

AD migration is the migration of a part of AD data from the old domain to the AD database of the target domain (new domain). Some operations are quite dangerous. To use the ADMT tool flash, please be sure to understand the above precautions:

1. Backup AD database: in case of unexpected conditions in ADMT migration tool, the migrated AD data cannot be recovered. Please back up the existing AD before using ADMT.

2. The order of migrating AD: migrate the less important data first, in case of problems, the loss will be less.

3. Promote the domain mode to Window 2000 gambit 3 pure mode: in order for the ADMT migration tool to work properly, it is best to transfer the domain mode of both the original domain and the target domain to the pure mode of Windows 2000 gambit 3.

4. Pre-test the migration steps using the test options provided by the ADMT tool

5. Pay attention to the dependency of the migration project: first migrate the group, then migrate the user

Second, the environment setting before using ADMT.

If you want to migrate AD data from the source domain Deng.com to the destination domain Tech.com in the future, in addition to installing the ADMT tool, you need to make the following environment settings:

1. Establish the trust relationship between the source domain and the target domain

2. Set audit policy

Open Default Domain Controllers Policy using the Group Policy Management tool GPMT in the source domain and the target domain, respectively. Find Windows Settings\ installation Settings\ Local Policy\ Audit Policy\ Audit account Management, and enable success and failure auditing for this policy. In this way, regardless of the success or failure of the migration, the corresponding records are generated in the event Viewer.

3. Set permissions in the source domain and target domain

Before AD migration, the domain system administrator (Domain Admins) of the source domain must have native system administrator (Local administrators) privileges of the DC of the target domain; similarly, the domain system administrator (Domain Admins) of the target domain must have native system administrator (Local administrators) privileges of the DC of the source domain.

In the Pre-Windows 2000 Compatible Access group of the target domain, join two groups of systems, such as "Everyone" and "Anonymous Logon".

4. Install the ADMT tool on the target domain

Install the\ I386\ Admt, admigration.msi tools from the Windows 2003 CD to the DC of the target domain.

5. Install the password export server (PES-Password Export Server) on top of the DC of the source domain.

Anything related to the migration of user accounts must involve the migration of account passwords. In order for the user account to retain the password used by the user after migration, you must first make a key to protect the user's password on the target or DC where the ADMT migration tool has been installed.

In the ADMT installation folder of DC in the target domain, execute the: admt key command in the format: admt key tech.com.

Generate a key file for .pes

Copy this .pes file to the DC of the source domain Deng.com

Use "I386\ admt\ pwdmig\ PWDMIG.EXE" on the Windows 2003 CD to install the password export server on the DC of the source domain.

After the installation is complete, do not restart DC for the time being. Open the registry for this DC. Find "\ HLM\ System\ CurrentControlSet\ Control\ Lsa\", select "AllowPasswordExport", and set its value to 1.

Restart this DC.

Third, use ADMT tools for migration testing

When using ADMT tools to migrate AD data, be sure to test it before migrating.

4. Settings before migrating AD data

When the source domain migrates AD data for the first time, you also need to do the following:

Register a "TcpipClientSupport" on the DC of the source domain

Create a local group on the DC of the source domain, whose name is the NetBIOS name of the domain plus $$, that is, Deng$$$, this local group and login password is used as a migration SID.

5. Migrate AD data

Before migrating, you can set the migration details of the AD data on the DC of the target domain. These include: setting data attributes not to be migrated, setting migration SID history records, setting the migration mode of user passwords in the group, and deciding to disable or enable the user account in the group.

VI. Restore the error of migration

If an error occurs when migrating AD data, you can execute the "Operation / cancel the Last Migration Wizard" command, and the source domain and target domain can restore the AD database environment before the migration.

After reading the above, do you have a general understanding of the requirements and methods of using ADMT tools? If you want to know more about the content of the article, welcome to follow the industry information channel, thank you for reading!

Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.