Best Practices for Using the Active Directory Migration Tool

Applies To: Windows Server 2008, Windows Server 2008 R2, Windows Server 2012, Windows Server 2012 R2

Applies to: Active Directory Migration Tool 3.2 (ADMT 3.2)

  • Perform regular backups of domain controllers in both the source and target domains throughout the course of the migrations. If you are migrating computers that contain file shares to perform security translation, we recommend that you also back up those computers throughout migrations.

  • Before you begin a migration, perform a test migration by creating a test user, adding the test user to the appropriate global groups, and then verifying resource access before and after migration.

  • Test your migration scenarios in a test environment before migrating objects in the production environment.

  • Have a recovery plan, and ensure that your recovery plan works during the test phase of your migration.

  • Decrypt files that have been encrypted by means of Encrypting File System (EFS). Failure to decrypt encrypted files will result in loss of access to encrypted files after migration. Be sure to communicate to end users that they must decrypt any encrypted files or they will lose access to those files.

  • Ensure that the system time is synchronized in each domain from which objects are migrated. Kerberos authentication fails if time is skewed.