Example: Preparing to Restructure Active Directory Domains

  • Article

Applies To: Windows Server 2008, Windows Server 2008 R2, Windows Server 2012, Windows Server 2012 R2

Applies to: Active Directory Migration Tool 3.2 (ADMT 3.2)

Contoso Corporation upgraded its hardware to increase its network bandwidth and the amount of replication traffic that it can support. As a result, the company is consolidating its Africa domain into its EMEA domain.

The Africa domain is the source domain, and the EMEA domain is the target domain for the migration. The organization has to migrate a total of 1,800 users from the Africa domain to the EMEA domain. In addition to the user accounts, the organization must also migrate resources, such as workstations, servers, and groups.

Because Contoso Corporation is a large organization with many global groups, closed sets are difficult to identify. Therefore, the company decided to migrate global groups as universal groups. The company can do this because the infrastructure of the corporation can handle the increased replication of the universal groups and because both the Africa and EMEA domains are operating at the Windows 2000 native functional level. The company created identical organizational unit (OU) structures in the Africa and EMEA domains. Therefore, they do not have to create a new OU structure or migrate OUs.

Contoso Corporation created a list of computers that run service accounts, so that it can use the Service Account Migration Wizard to identify services that run in the context of user accounts. The company is most concerned about a set of accounts that access a SQL Server database. Access to this database is an important part of their business.

The company decided to use Active Directory Migration Tool (ADMT) as its migration tool and to use the wizards. The company installs ADMT and creates two account migration groups to use for the migration process. The company assigns high-level permissions to the first group and then adds the appropriate deployment team members to that group. The centralized deployment team will use this account to migrate users. The company assigns workstation and local resource permissions to the second group. The deployment team will use the second group to migrate resources at the remote locations.