In this post we’ll run through the User Account Migration Wizard to migrate users from the source to target domain. This guide will cover migrating users that do not exist in the target domain, if they do, please wait for the next article which will cover merging user accounts with an include file and/or migrating only the siDHistory attribute (with no other attributes).
I have created 9 test users in the source domain, which are members of the global security group we migrated in the last series post.
From the ADMT machine, run ADMT and select User Account Security Wizard.
Select the source and target domain, you can also select which specific domain controller to use.
I’ve chosen 9 test user accounts.
Select the target OU.
Select Migrate Passwords, and choose the source DC (the DC which the Password Export Service is install on). If you receive the error: Unable to establish a session with the password export server. The Password Export Services is not running on the source server. Go to the source DC and start the Password Export Server Service.
Tick Migrate Users SIDs to target domain if you require siDHistory.
Enter source domain credentials to add SID history.
You can exclude particular attributes of the user here. By default it will pull across all attributes, such as home address, telephone numbers, descriptions etc… If you want to exclude any of these from being migrated across, tick Exclude specific object properties from migration and select User in the object type box. Move any user properties you want to exclude into the excluded properties box.
Conflict management, if you are unsure if a group with the same name exists in the target domain leave the default setting in place.
If you click view log you can see that the user object and password has been migrated. As we previously migrated the global group, the user has also been added to that.
You can now see the users in the target domain.
Group membership updated.
SID history carried across.