Wednesday, January 20, 2010

Domain Migration from W2K Native to W2K8 R2

We are setting up a trial to perform inter-forest migration from the old W2K domain to the new W2K8 R2 domain. As W2K forest level is unable to support forest trust, I set up 2-way external domain trust between them. SID Filtering is enabled by default and because we want to preserve resource ACL using SIDHistory, I have to turn it off by using the following command on both sides of the domain controllers:

Netdom trust TrustingDomainName /domain: TrustedDomainName /quarantine:No /userD: domainadministratorAcct /passwordD: domainadminpwd

The tool that used to perform such migration is known as "Active Directory Migration Tool (ADMT)" and the latest version as of current is 3.1. After downloading it, I realised that it can only be installed on W2K8 server (not even R2!). Hence, I have to setup a W2K8 member server in the target domain just to install ADMT. W2K8 domain controller in the source domain is also required to run "Password Export Server v3.1" for password migration.

As for the rest, follow this migration guide (downloadable copy). Pay particular attention on "Preparing the Source and Target Domains" section, as well as the "Troubleshooting" section if you hit any error using the tool. I did stuck at an error "TcpipClientSupport" for a while until I read this part of the guide.

No comments:

Post a Comment