Steps required for Active Directory Migration

1. Establish a two-way trust relationship on the target domain.

2, turn off SID filtering on the target domain

Source domain: old.com

Target domain: net.com

Netdom trust old.com /domain:net.com /quarantine:NO

/usero:old\\administrator /password:*

3. Arrange the ADMT tool on the target domain.

4, run the command line ADMT KEY on the target domain to generate a .pes file (password is not the password of the source domain administrator, but the password to protect the pes file)

admt key old.com c:\\*

5. Copy the .pes file on the target domain to the source domain.

6. Modify the security policy of the domain controller on the target domain, and change the audit account management to “success> and “failure”. The same is true on the source domain. Run the policy refresh tool when you are done.

7. Modify a group in the target domain's "AD users and computers", "Pre-Windows 2000 compatible access" under the Balitin container, and join the anonymous login; everyone Go to their group.

8, install the password export tool on the source domain to set the password export, find the copied .pes file in the installation process. Modify the registry after you finish, otherwise you will not be able to use the password export tool.

(1) Open the password export function: HKEY Local_machine\\system\\currentcontrolset\\control\\LSA below the "AllowpasswordExport" key value, change 0 to 1;

(2) Allow ADMT The tool accesses the SAM database: HKEY Local_machine\\system\\currentcontrolset\\control\\LSA The key value of the new DWORD type, the name is "Tcpipclientsupport" Set the value to 1. And restart your computer.

9. Use the ADMT tool in the target domain to migrate users and computers, and use LDP to monitor SIDHistory.