AD Migration Tools

Control each step of the migration process

Jeremy Moskowitz

July 29, 2003

4 Min Read
ITPro Today logo in a gray background | ITPro Today

EDITOR'S NOTE: The Buyer's Guide summarizes vendor-submitted information. To find out about future Buyer's Guide topics or to learn how to include your product in an upcoming Buyer's Guide, go to http://www.winnetmag.com/buyersguide.

When you migrate to Windows Server 2003 or Windows 2000, you can choose your path. One path is passive—you migrate all your current user and group account information, defunct groups, and unused user accounts. In such an "in place" upgrade, you move your existing Windows NT 4.0 network wholesale into Win2K. Another path is to take charge and directly manage every aspect of the Win2K and Active Directory (AD) migration. The products featured in this issue's Buyer's Guide can help organizations that want to take charge of the migration process. For example, some organizations might have old user information that they don't want migrate. Others might have multiple source domains and want to reduce the number of domains significantly in a migration. Yet others have to contend with OSs other than NT, such as Novell NetWare or Banyan, that don't have a direct Win2K/AD upgrade path.

Picking a tool that's right for your situation requires thoughtful consideration. At minimum, be sure the tool you choose can take accounts from your source network OS and move them to your target domain. Not every tool can migrate all source accounts; in some situations, only one tool might be able to migrate certain source accounts from point A to point B.

The most common migration scenario involves companies with multiple NT 4.0 domains that want to consolidate to one or two domains running Win2K with AD. To achieve that goal, you can use Microsoft Active Directory Migration Tool (ADMT) 2.0, which is free. The latest version of ADMT migrates passwords and user accounts. However, like most free tools, ADMT has limited functionality and isn't very flexible.

If you're considering stepping up to a third-party tool, you'll need to look beyond the basics. All tools can get a user account from the source domain to the target domain—look for a tool that goes end-to-end and migrates all the pieces of the puzzle. For example, during your migration, migrated users might need to continue to access the data and resources they've become accustomed to. If those resources remain in the original domain, you need to be especially careful. Win2K domains in native mode feature a SID history attribute that lets newly created accounts in the target domain provide multiple credential sets to access data in the original domain. To keep security tight, make sure to clean up the extra set of credentials on user accounts after the migration is over.

After you've moved accounts and retained access to old data, you need to consider other smaller elements to ensure a complete migration. During migration from your source to your destination, make sure that the tool you use can move the following components:

  • Roaming user profiles—Make sure users' roaming profiles are accessible in the new environment. If roaming user profiles are missing, users will report that their desktops aren't the way they remember them.

  • Exchange or other mail accounts—Often, the last component to migrate is Exchange 2000 Server or Exchange Server 5.5, but you still want to make sure that users in the new domains can get to the mail on Exchange servers in the old domains. Also, verify that you can smoothly transition the mail accounts from the source to the target domains.

  • Computer accounts—You'll likely need to migrate computer accounts from the old domains to the new domains, then reboot the computers. If some computers are 800 miles away, you'll need a tool that can do the job for you.

The products listed in this Buyer's Guide migrate user accounts and the elements surrounding those accounts. If you're also planning to replace users' desktops during the migration, you'll need to migrate users' applications and settings from one desktop to another. For that task, you'll need to invest in another tool that performs complete desktop migrations.

Most of the tools include a roll forward/roll back safety feature in case the migration isn't perfect and you need to restore a previous state. You can use this feature if something doesn't go as expected, such as passwords that aren't copied correctly. Other tools have reporting capabilities above and beyond those that ADMT offers. Some of the listed products provide ease of use. Others take a project-based approach to migration and let many people monitor the overall status of the project.

Keep in mind that a migration tool isn't something you'll likely use over and over again. Buy only as much tool as you need. Most vendors offer free evaluation versions of their migration tools, so you can test-drive a tool that offers the migration features you're looking for.

Sign up for the ITPro Today newsletter
Stay on top of the IT universe with commentary, news analysis, how-to's, and tips delivered to your inbox daily.

You May Also Like