Re: W2k3 AD migration to W2k3 AD - HELP HELP!!
- From: "Jorge de Almeida Pinto [MVP - DS]" <SubstituteThisWithMyFullNameSeparatedByDots@xxxxxxxxx>
- Date: Wed, 3 Jan 2007 11:24:33 +0100
you NEED admin permissions on the source
for the target either delegated permissions or admin permissions
to migrate users/groups from source to target
create an account in the target domain, make it a member of domain admins
and administrators. make that same account a member of administrators in the
source domain....
also have a look at:
http://blogs.dirteam.com/blogs/jorge/archive/2006/12/27/Migrating-stuff-with-ADMTv3.aspx
--
Cheers,
(HOPEFULLY THIS INFORMATION HELPS YOU!)
# Jorge de Almeida Pinto # MVP Windows Server - Directory Services
BLOG (WEB-BASED)--> http://blogs.dirteam.com/blogs/jorge/default.aspx
BLOG (RSS-FEEDS)--> http://blogs.dirteam.com/blogs/jorge/rss.aspx
------------------------------------------------------------------------------------------
* This posting is provided "AS IS" with no warranties and confers no rights!
* Always test before implementing!
------------------------------------------------------------------------------------------
#################################################
#################################################
------------------------------------------------------------------------------------------
"Sammy" <Sammy@xxxxxxxxxxxxxxxxxxxxxxxxx> wrote in message
news:BC545950-26CB-4F08-BE9F-B9A01EE08FC4@xxxxxxxxxxxxxxxx
Hi,
Please help.
We have manged to get ever sooo close to this working - I am now getting
"Access Denied"
We have a good two way trust setup - what is the best way to get a user
with
admin rights on both domains. I am assuming that we do need to run the
tool
that has admin rights on both domains???
I am going square eyed trying to read up on everything.
Thanks
"Jorge de Almeida Pinto [MVP - DS]" wrote:
there may be some small differences, but from a high-level view there is
not
much difference:
Migration high level steps are:
* Make sure the AD has been configured (sites, subnets, replication, OUs,
GPOs, delegations, DNS, WINS, DHCP, etc.)
* Setup name resolution (WINS or DNS) between source and target
domain/forest
* Setup trusts (if an external trust is configured and sidhistory is
used,
disable sid filtering)
* Install and configure migration tooling
* Migrate groups, user accounts with passwords and group memberships
(with
sidhistory)
* Migrate clients from the source domain to the target domain, translate
security on the client, and translate profiles (at this moment users
start
logging on with their new AD account on the migrated clients that have
been
migrated previously to the w2k3 domain)
* Migrate mailboxes if needed
* Migrate servers to the new domain or migrate data to new servers
* Translate security (Re-ACL) of the data/resources from source security
principals to target security principals (replace the security
descriptors
from the old domain with the security descriptors from the new domain )
* Cleanup temporary configurations
* Cleanup sidhistory (recommended!). sIDHistory is used to access
resources
while those resources still have security descriptors from the old
domain.
As soon as all data (file, folders, mailboxes, etc.) have been re-ACL-ed
sIDHistory can be cleaned. Sidhistory should only be used temporary for
migration purposes!
* Remove trusts
* Decommission old domain(s)
--
Cheers,
(HOPEFULLY THIS INFORMATION HELPS YOU!)
# Jorge de Almeida Pinto # MVP Windows Server - Directory Services
BLOG (WEB-BASED)--> http://blogs.dirteam.com/blogs/jorge/default.aspx
BLOG (RSS-FEEDS)--> http://blogs.dirteam.com/blogs/jorge/rss.aspx
------------------------------------------------------------------------------------------
* This posting is provided "AS IS" with no warranties and confers no
rights!
* Always test before implementing!
------------------------------------------------------------------------------------------
#################################################
#################################################
------------------------------------------------------------------------------------------
"Sammy" <Sammy@xxxxxxxxxxxxxxxxxxxxxxxxx> wrote in message
news:139506B4-CC96-4102-AA7C-074DA91FBB21@xxxxxxxxxxxxxxxx
Hi Everyone,
In quick need to some help. I have been reading for days about AD
mirgration and everything is geared to NT4 to W2k or W2k3.
I need to Migrate a Current W2k3 AD Domain to A NEW Domain but keeping
the
existing users and computers, so that when user re-log on to their pc's
they
select their new domain.
EG:
Currentdomain.com (full windows 2003 AD setup) - Change to new
Newdomain.com (all on new hardware all users and resources are staying
the
same)
in the end currentdomain has to stay in place as is and the new domain
is
then going to be seperate with own routing and ADSL link etc, in the
end
there will be TWO domain's with exactly the same AD Structure and
Information, but Run Completely Seperately with different names.
I hope this make sense...... Thanks in advance.
.
- References:
- Re: W2k3 AD migration to W2k3 AD - HELP HELP!!
- From: Sammy
- Re: W2k3 AD migration to W2k3 AD - HELP HELP!!
- Prev by Date: Re: Domain Controller hardware replacement
- Next by Date: Re: Replacing a server?
- Previous by thread: Re: W2k3 AD migration to W2k3 AD - HELP HELP!!
- Next by thread: Domain Controller hardware replacement
- Index(es):
Relevant Pages
|
|
