|
It is a move, that’s the key
difference.. Regardless of which tool you look at
though, all three that have been mentioned so far (well, 2 and a half :D) will
require you to: 1) move/copy the users from domain a to
domain b 2) deploy agents to the
workstations/servers to perform post processing -à this is the process that
actually updates all the SID’s and profiles for the users that have been
migrated.. it’s key to do this after all users have been migrated that
use the particular box/server you’re processing.. if not, then you’ll
run into problems with users trying to access resources.. even if you migrate
a user later – you could always go back and rerun the post processing on
a machine again (at least with quest and netiq, I’m not sure if that
functionality made it down to the free admt version..) -- Rob Ryan - MCSE, MCSA ([EMAIL PROTECTED]) -- Network Systems Engineer -- Landata Systems, Network Services -- (713) 625-8276 From:
[EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Almeida Pinto, Jorge de I'm digging into my memory right now and
the answer concerning profiles when doing an intra forest migration is (at
least I think so, don't remember exactly) ADMT will translate profiles if needed. However, using ADMT
with an intra forest migration (as I said before) of user accounts will delete
the user account in the source domain and create a new one in the target
domain. Why is the source user deleted? Reason: The new target user account
will have the same GUID as the source user and in a forest each user account
MUST have a unique GUID. The target user will get a new sid and the old sid
gets into sidhistory (if told so). So if you have windows 2000/xp/2003 clients
there is not need to redirect (ACL translation still needed if you want to get
rif of sidhistory in the end) the profile to the new user account because the
pointer in the registry uses the GUID. If you have NT4 clients then you still
must redirect the profiles Cheers #JORGE# From:
[EMAIL PROTECTED] on behalf of Chris Flesher Destructive migration is not sounding
real good at the moment. Restoring all of the user and objects back the way
they were probably isn't an easy proposition either, I'm guessing. As for the profiles, would the profiles be
"migrated" as well with admt version2, meaning when the user logs in
as domain-destination\username, the same profile would be there as the one
domain-origin\username? The reason I ask is that even if the migration is a
move and not a copy with admtv2, I may need another reason to push for a
commercial product. If admtv2 can't do the above with the profile, how
difficult do you think it would be to script something for ~2500 users so that
when they walk in on Monday, all they have to do is log in and all things are
good to go. Sorry for the ramble. Thanks for the reply. From:
[EMAIL PROTECTED] on behalf of Almeida Pinto, Jorge de when doing intra forest migrations some
tools are destructive menaing the old user account is deleted before the new
one is created. Reason is with a intra forest migration the GUID does not
change (SID does) the problem with this is it does not provide fallback. In
fact it is a MOVE. As I know, Domain Migration Wizard from Quest does a copy
and thus providing for fallback concerning the user account which is a pro.
There also cons when thinking about profiles, when thinking copy compared to move.
It all depends on what you want and like best Cheers #JORGE# From:
[EMAIL PROTECTED] on behalf of Chris Flesher We are trying to reorganize our forest and move accounts to
one domain with multiple child resource domains, mostly for political reasons
that most Universities are familiar with. What tool(s) are available besides
ADMTv2 to migrate users from one domain to another within the same forest? ADMT
does not copy profiles as far as I know. My biggest issue is not having enough
staff to touch all the desktops in one weekend, and hiring temps is probably
out as well. Would it be difficult to script something to migrate profiles? Has
anyone tried to do this themselves? Thanks as always. This list is a real help. Chris Flesher The NSIT/DCS (773)-834-8477 |
