The process to migrate computers from one domain to another via PowerShell is quite complex. Users have to maintain the overall structure of the Active Directory Organizational Unit and align numerous group policies too. Apart from this, as a computer itself has no limit on the number of users, it adds another layer of complexity.
Therefore, organizations preparing for this task must have a detailed plan with step-by-step instructions. Hence that’s exactly what we deliver here: this blog contains a robust guide with PowerShell commands and their explanations as well. Without further ado, let’s start by discussing the pre-migration steps.
Pre Requisites of A PowerShell Script to Move Multiple Computers to Different Domain
The prerequisites are covered in multiple phases. Be sure not to skip any one of them as it can lead to errors down the line.
Phase 1 – Get the Active Directory PowerShell module:
- Step-1. Use the domain administrator account and log in to the member server.
- Step-2. Launch a new PowerShell console.
- Step-3. Type in the following command.
Add-WindowsFeature RSAT-AD-PowerShell
- Step-4. Press Enter and wait for the module installation to complete.
Phase 2 – Establish & Verify Trust With The New Domain:
If you add a new domain to an AD Forest it automatically establishes trust with all other domains. However if still in doubt use this command to double-check the trust new domain. Use this command to check if the trust was established or not.
Get-ADTrust -Filter *
Phase 3 – Make a List of All Permissions and Accounts Attached to the Computer(s):
Get all the data regarding the computer’s current settings so it becomes easier to verify and establish it in the new domain. Use the following command:
Get-ADComputerServiceAccount -Identity UserComputerAccount1
Phase 4 – Create a Backup of Current Settings:
Using the checkpoint command you can save a backup of the current computer settings. Moreover, it provides a safety net while attempting to migrate computers from one domain to another using PowerShell. Execute the command given below:
Checkpoint -Computer -Description "DomainChange" -RestorePointType MODIFY_SETTINGS
Explanation:
Description: A mandatory parameter that indicates a user-defined name for a restore point.
RestorePointType: It simply means the type of restore point.
Additional Information: Learn to move Office 365 Mailbox to Another User Account using Step-by-Step Guide
These were just the steps for preparing for the migration. Up next we will cover the Powershell commands for an interdomain computer transfer.
How do I move computers in Active Directory using PowerShell? Explained
For this task, we are going to apply the Move-ADObject cmdlet. This command can directly move a computer object from one domain to another that exists in a single AD forest.
This operation of moving a computer between Active Directory domains requires users to specify both source and target domains. They should also have preestablished mutual trust.
Apart from this, the source and target DC also need the owner’s role in the domains of RID Master FSMO. Below is an example of moving the computer between AD domains.
Get-ADComputer -Identity UserPC | ` Move-ADObject ` -TargetPath "OU=Computers, DC=TargetDomain, DC=tld" ` -TargetServer "TargetDC.TargetDomain.tld " ` -Server "SourceDC.SourceDomain.tld"
In case your organization does not use the default AD format the above-mentioned command may fail to deliver results.
An alternative way to use a custom PowerShell script to move multiple computers to different domains is to create a function. Here is a template that you can utilize. Please make the necessary changes to migrate computers from one domain to another via PowerShell for the best results.
function domain_move($compacc,$fqdn) {
$username_joinTarget=”DestinationDomain\DestinationServiceAccnt”
$password_joinTarget=cat“d:\scripts\server_move\AttachTarget.txt”|convertto-securestring
$cred_JoinTarget=new-object -typename System.Management.Automation.PSCredential –argumentlist $username_joinTarget,$password_joinTarget
$username_unjoinSource=”OriginDomain\OriginServiceAccnt”
$password_unjoinSource=cat“d:\scripts\server_move\RemoveSource.txt”|convertto-securestring
$cred_UnjoinSource=new-object -typename System.Management.Automation.PSCredential -argumentlist $username_unjoinSource,$password_unjoinSource
$Error.clear
Try {Add-Computer -ComputerName $compacc -DomainName $DestinationDomain -Credential $cred_AttachTarget -UnjoinDomainCredential $cred_RemoveSource -Server $TargetDC -PassThru -Verbose}
Catch {return $false}
Start-Sleep -Seconds 15
Restart-Computer -ComputerName $fqdn
return $true}
Conclusion
With this, our discussion on how to migrate computers from one domain to another using PowerShell comes to an end. All in all, we saw that the PowerShell method is time-consuming, error-prone, and requires expert-level knowledge. Therefore, to avoid the hassle, it is better to choose the automated utility.
Frequently Asked Questions
Q. What is Active Directory Domain migration?
Active Directory domain migration refers to the process of migrating computers and their accounts from one Active Directory domain to another.
Q. What is PowerShell? And why Is It used for domain migration?
PowerShell (short for “PowerShell”) is a command-line and scripting language. It is primarily used for automation tasks and configuration management but is also used to automate and simplify domain migration.
Q. What are the challenges users face while migrating from one computer to another?
Migrating computers from one Domain to another presents users with several challenges, such as Maintaining the Active Directory OPU structure, Aligning group policies, Restoring trust between domains, Managing user permissions Managing errors caused by script changes. Migrating to a new domain requires careful planning and backup
Q. How Do I Move Computers Between Domains Using PowerShell?
To transfer computers between domains using PowerShell, use the Move-ADObject command. To do this, you will need to specify the source domain and target domain. This will ensure that the owner of the source domain and the target domain have the same role in both domains. You can also change the commands according to your organization’s AD format to prevent errors.
Q. What are the key factors that users need to keep in mind before migrating from one computer to another?
Before moving computers from one domain to another, users need to make sure they have Active Directory’s (AD) PowerShell module installed. Next, they need to establish and validate trust in their new domain. Finally, they need to compile a list of privileges and accounts associated with their computer. Lastly, they need to create a backup of their current settings using the PowerShell commands.