55 lines
3.7 KiB
HTML
55 lines
3.7 KiB
HTML
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0//EN"
|
|
"http://www.w3.org/TR/REC-html40/strict.dtd">
|
|
<HTML DIR="LTR">
|
|
<HEAD>
|
|
<TITLE>Before performing an intraforest migration</TITLE>
|
|
|
|
<LINK REL="stylesheet" MEDIA="screen" TYPE="text/css" HREF="coUA.css">
|
|
<LINK REL="stylesheet" MEDIA="print" TYPE="text/css" HREF="coUAprint.css">
|
|
<SCRIPT LANGUAGE="JScript" SRC="shared.js"></SCRIPT>
|
|
<META HTTP-EQUIV="Content-Type" CONTENT="text-html;charset=Windows-1252">
|
|
<META HTTP-EQUIV="PICS-Label" CONTENT='(PICS-1.1 "<http://www.rsac.org/ratingsv01.html>" l comment "RSACi North America Server" by "inet@microsoft.com <mailto:inet@microsoft.com>" r (n 0 s 0 v 0 l 0))'>
|
|
<META NAME="MS.LOCALE" CONTENT="EN-US">
|
|
<META NAME="MS-IT-LOC" Content="Active Directory Migration Tool">
|
|
<META NAME="MS-HAID" CONTENT="a_ADMTBeforeIntraMig">
|
|
</HEAD>
|
|
<BODY>
|
|
|
|
|
|
|
|
<H1>Before performing an intraforest migration</H1>
|
|
|
|
<P>This topic lists the domain and security configurations necessary before you can use Active Directory Migration Tool to migrate users, groups, and computers between two Windows 2000 domains in the same <A ID="wPopup" HREF="HELP=ADMTGlos.hlp TOPIC=Forest">forest</A>.</P>
|
|
|
|
<H2>Source and target domain</H2>
|
|
<P>Verify that your source and target domains are configured as described in the following list:</P>
|
|
<UL>
|
|
<LI>The <A ID="wPopup" HREF="HELP=ADMTGlos.hlp TOPIC=TargetDomain">target domain</A> is running Windows 2000 and is operating in <A ID="wPopup" HREF="HELP=ADMTGlos.hlp TOPIC=NativeMode"> native mode</A>.</LI>
|
|
<LI>The <A ID="wPopup" HREF="HELP=ADMTGlos.hlp TOPIC=SourceDomain">source domain</A> is running Windows 2000 is in the same forest as target domain.</LI>
|
|
|
|
<LI>When migrating users and groups between domains in the same forest, Active Directory Migration Tool must communicate with the Relative ID (RID) pool master in the target domain. To improve performance when migrating a large number of users or groups, you should install Active Directory Migration Tool on the RID pool master in the target domain. By default, this is the first domain controller installed in the domain. Use Active Directory Users and Computers or Ntdsutil.exe to locate the domain controller that holds the RID pool master role.</LI>
|
|
|
|
<LI>Any mapped network drives and similar connections between the source domain controller and the target domain controller on which Active Directory Migration Tool is running must be disconnected before running the tool. Failure to do so may result in the failure of a migration operation due to a "credentials conflict" error.</LI>
|
|
</UL>
|
|
|
|
<H2>Security Requirements</H2>
|
|
<P>You must meet the following security configuration requirements before running Active Directory Migration Tool.</P>
|
|
|
|
<UL>
|
|
<LI><P>The user account you log on with when you run Active Directory Migration Tool must have the following permissions:</P>
|
|
<UL>
|
|
<LI>Domain Admin rights in the target domain</LI>
|
|
<LI>Member of the Administrators group in the source domain</LI>
|
|
<LI>Administrator rights on each computer you migrate</LI>
|
|
<LI>Administrator rights on each computer on which you translate security</LI>
|
|
</UL></LI>
|
|
<P class="note">Note</P>
|
|
<UL>
|
|
<LI>To migrate users and groups from a child domain to the forest root domain, the user account you log on with when you run Active Directory Migration Tool must have the permissions of the Enterprise Admins group, in addition to the security privileges normally needed to run the tool.</LI>
|
|
</UL>
|
|
|
|
<LI>Administrative shares must exist on the computer where Active Directory Migration Tool is running and on any computer to which the tool must dispatch an agent.</LI>
|
|
</UL>
|
|
</BODY>
|
|
</HTML>
|