Thursday, December 13, 2012

How to Migrate Users Across forest (Cross Forest) using ADMT 3.2 with sid and Passwords


Once Trust is in place
Open Administrators Group in the Source Forest , Add Administrator of the Target Forest to acquire proper Permissions
Vice Versa
Open Administrators Group in the Target Forest , Add Administrator of the Source Forest to acquire proper Permissions
otherwise you will end up with Access denied errors while Moving Users back and forth
image
Once permission part is done
We have to configure a Password Export Server in the source domain to allow exporting the passwords to the Target domain

If your Source Domain DC is running a 64 bit Version
Password Export Server version 3.1 (x64)
If your Source Domain DC is running a 32 bit Version
Password Export Server version 3.1 (x86)

Choose Next
image

Before you choose next , We need to create a password Encryption file from the Target Domain

Reference –
Enabling Migration of Passwords
http://technet.microsoft.com/en-us/library/cc974435(v=ws.10).aspx

Open a Command Prompt where ADMT is installed on the Target Domain , Run the Below Command to Create a .pes file
admt key /option:create /sourcedomain:<SourceDomain> /keyfile:<KeyFilePath>

image

Once the File is Created on the Target Domain , Bring the File to the Source domain and Browse for the file

image

image
Click Finish

Reboot the Server to complete the installation

Start the “Password Export Serve Service”

image

Now Open ADMT , Choose User Account Migration Wizard
image
Choose Source Domain and Target domain
image

Now Select users
image

image

Choose the Target OU

image

Choose Migrate Passwords

image

Choose Target Same as source
Choose Migrate User SIDS to Target Domain

image

Type User name and Password of the Source domain

image
Choose Next

image

Choose Next

image

Choose Next

image


image

Great !!

Now Users with SID and Password have been migrated across forest (Cross forest) Successfully

Original Post: