Summary: There are different situations where you need to perform Active Directory cross forest migration. Here you will find the distinct manual methods to do Active Directory migration such as ADMT and PowerShell. A proficient automated tool is also discussed that makes the process simpler.
In Active Directory migration, user accounts, groups, and other objects are also migrated from one AD forest to another. In some situations, admins also search for how to move users from one domain to another in same forest. Microsoft suggests making a plan before performing the Active Directory migration and taking the backup of the data. There are multiple reasons why you need to perform AD migration in cross-forest.
Table Of Content
Why to Perform Cross Forest Migration Active Directory?
- To consolidate the multiple forests into a single forest due to which the administrator overhead is reduced.
- To improve the security of the forest. One forest is easy to secure as compared to multiple forests.
- To improve the performance, because a single forest is more performant than multiple forests.
- The data is also stored at a central location which the accessing data easier.
- Sometimes the organization merges with another at a time to store all of the data in one place you need to perform Active Directory migration.
Active Directory Cross Forest Migration Using the ADMT Tool
The ADMT (Active Directory migration tool) is a Microsoft application that can be used to migrate Active Directory cross-forest. Follow the steps sequentially.
Step 1. Download the ADMT tool and sign in to the destination domain.
Step 2. Open ADMT and go to Action then User account migration wizard and hit Next.
Step 3. It’s time to select the source domains and the destination domains.
Step 4. Fetch the users to perform migration and hit OK.
Step 5. Select the targeted Organizational unit and click Next.
Step 6. Now tick the “Do Not Migrate source object if a conflict is detected in the domain” in the conflict dialog box and Next.
Step 7. After a while verify the migrated users for the successful cross forest migration Active Directory.
Limitations of ADMT Tool
- ADMT requires the SQL server to store the data.
- Migration of trust-less inter-forest objects is not possible.
- Allow all the native permissions before migration.
- No option to track the process.
- Requires ADMT SID history before the migration.
Active Directory Cross Forest Migration Step By Step Using PowerShell
You can perform the AD migration with the help of PowerShell commands. This manual method is complex and requires a lot of technical knowledge. It is not sure that all of the data is successfully migrated. You can also migrate computers from one domain to another with PowerShell. You can apply this method by detaching the domain from the old domain and connecting it to the new domain. Follow the below steps.
Step 1. Set up a new Active Directory in the destination and make sure it is working perfectly.
Step 2. Install and Run the Remote Server Administration Tools (RSAT) on the source computer from where the migration will take place.
Step 3. Setting up a trust relationship between the source and destination domains for hassle-free migration.
Step 4. Now Launch the PowerShell as administrator on the source computer from where migration will take place.
Step 5. Now disconnect the domain from the current source computer.
Remove-Computer -UnjoinDomainCredential Domain01\Admin01 –Restart
Replace ‘Domain01’ according to the source domain and ‘Admin01’ with a domain administrator account that possesses the required permission to perform the unjoin process.
Step 6. Now, replace the ‘Domain002’ with the destination domain, and ‘Admin002’ with a domain administrator account.
Add-Computer -DomainName Domain002 -Credential Domain002\Admin002 –Restart
Step 7. After rebooting, the domain is attached to the destination
Step 8. If the changes are not done then use the other scripts. Repeat the complete process for every computer where you want to migrate the AD.
Active Directory Cross Forest Migration Professionally
You can use the Active Directory migration tool to perform the Active Directory cross forest migration. There is no requirement for any technical knowledge to operate this tool. This tool is able to migrate the AD user’s printers, computers, and many more. There is also an option of creating multiple jobs to migrate AD objects. Supports multiple AD migrations at once. Also, migrate the newly added properties of the objects. You will not face any downtime during the migration. Sometimes there are errors occurs during the migration then you can use the Active Directory migration checklist to overcome those errors.
Prerequisites
- Requires the Microsoft .NET version 4.6.1 or later.
- Complete DNS settings should be applied to all DCs.
- Requirement of trust Relationship.
- Configuration of DNS suffix search list is a must.
- Need to add the Admin account to the administrator groups.
- Active Directory servers have to be in the same network.
- The schema should be the same in both source and destination.
- The user needs to have the AD access.
- Antivirus should not be able to block the application.
- Disable the firewall on both machines for smooth functioning.
Steps Need to be Followed
Step 1. Download and enter the administrator as user ID and password.
Step 2. Enter the details of the domain and Save and Continue.
Step 3. Enter the second domain details. Click on Save and Continue.
Step 4. Click on the first domain enter the credentials and Save.
Step 5. Now, move to the Active Directory option and Click on Fetch Active Directory Objects.
Step 6. Click on the second domain enter the details then Save.
Step 7. Click on the Active Directory and fetch the AD objects.
Step 8. Now, create the Migration scenario by assigning a name to the scenario and entering the source and destination domains. Save & continue.
Step 9. After the creation of the scenario, create the Task in the Task window. Assign the name to the Task, select the objects, and Save&Continue.
Step 10. Do mapping of the objects by clicking on the three dots and selecting the merge or create option and Click the option of Start Task.
Conclusion
Due to the requirement of the Active Directory cross forest migration, the admins are searching for successful migration methods. Here we have explained both the manual methods either it is ADMT or PowerShell. However, due to some limitations and complexities, they are not advised to use. The automated tool is also explained for the seamless Active Directory cross-forest migration. You can choose any method as per the need.