How to Migrate Users and Computers to a New Domain

How to Migrate Users and Computers to a New Domain

How to Move Active Directory Users and Computers from one Domain to another  

In Active Directory, users and computers can be moved or migrated from one domain to another for various purposes. In intra-forest migration, objects are migrated between domains within the same forest. In inter-forest migration, objects are migrated between domains located across different forests.
Migration of objects can be done for several purposes such as mergers, where a large number of users spread across several domains can be migrated to a single domain. However, the settings of these objects have to be preserved. Users and computers can be moved to a new domain using one of the following methods.
  1. Active Directory Migration Tool (ADMT)
  2. PowerShell scripts

Using ADMT for migrating users and computers to a new domain

The Active Directory Migration Tool (ADMT) is a Microsoft application that can be used for moving Active Directory objects such as users, computers and groups between different domains and forests. This can be either intra-forest or inter-forest migration. Besides migration, ADMT can also be used to perform functions such as merging domains, changing the domain names, and optimizing the arrangement of objects within the Active Directory structure.

How to Install Active Directory Migration Tool (ADMT)
The following requirements should be met in order to install the Active Directory Management Tool (ADMT).
Windows Server 2008 or later versions. ADMT does not work on read-only domain controllers or computers that are part of a server core configuration.
The source and target domains should run on the supported Windows Server versions. An SQL server database to store data is required. Once the prerequisites have been met, ADMT can be installed by following the instructions given below.
  1. Download the Active Directory Migration Tool from Microsoft. In the downloaded folder, double click on admtsetup32.exe.
  2. Click Next after reading the instructions and accept the Terms and Conditions.
  3. Select the appropriate option if you want to be part of the Customer Experience Improvement Plan and click Next.
  4. In the next dialog box, enter the SQL server to be used for ADMT and click Next.
  5. Click Finish once the installation is complete.

How to Migrate Users and Computers using ADMT

In intra-forest migration, both the source and destination domains are located within the same forest. For migrating a limited number of objects such as users and computers using ADMT, follow the step-by-step procedure given as follows.
  1. Login to the target or parent domain using the ADMT credentials.
  2. Open Active Directory Migration Tool (ADMT) and select Action > User Account Migration Wizard and click on the Next button.
  3. Select the Source and Target domains and click Next.
  4. Choose the Select users from the domain option.
  5. In the next dialog box, click on Add and select the users to be migrated and click OK.
  6. Check if the selected user accounts are displayed in the main window and click Next.
  7. Select the target Organizational Unit (OU) and click Next.
  8. Check the Translate roaming profiles and Update user rights checkboxes and click Next after ignoring the warnings.
  9. In the Conflict Resolution dialog box, select the “do not migrate source object if a conflict is detected in the domain” option and click Next.
  10. Finally, check the details and click Finish. Wait for the process to get completed and check for errors and the migration summary. Open the target domain and check if the selected users have been migrated.
As a best practice, a migration checklist has to be maintained before migrating objects.

How to Migrate Users and Computers using PowerShell

An Active Directory Object such as a user or computer can be moved into another container or domain using the following PowerShell cmdlets.
To move an object to a new location using the following cmdlet.
 
Move-ADObject
    [-WhatIf]
    [-Confirm]
    [-AuthType <ADAuthType>]
    [-Credential <PSCredential>]
    [-Identity] <ADObject>
    [-Partition <String>]
    [-PassThru]
    [-Server <String>]
    [-TargetPath] <String>
    [-TargetServer <String>]
    [<CommonParameters>]
 

    • Related Articles

    • How to create Desktop Shortcuts on Domain Computers via GPO

      Introduction Organizations sometimes may want to add certain shortcuts to all or some of the computers in their domain. For example, there might be a set of applications that all employees in an organization would need to use. The organization may ...

    • LAPS - Manage Local Administrator Passwords on Domain Computers

      What is Local Administrator Password Solution (LAPS)? The Local Administrator Password Solution, generally abbreviated as LAPS, is a tool developed by Microsoft to manage local administrator passwords on Windows computers. Since the local ...

    • How to Deploy Printers to Users/Groups/Computers with GPO

      Introduction Employees in an organization would be required to use the printer for various purposes. Unless the employees have a printer installed locally on their system, they will be using one of the shared printers in the organization's Active ...

    • Domain Controllers

      Computers that function as servers in a domain can be a member server or a domain controller. A member server belongs to a particular domain but does not authenticate the users of that domain. There is no Active directory data installed in it. Domain ...

    • How to navigate to Active Directory users and computers

      Launching Active Directory Users and Computers (ADUC)    Introduction  Active Directory (AD), a service provided by Microsoft, functions as a central database for securely storing and managing information about user accounts, user groups, ...