AwinishNaitik's Technical Blog

Lets continue the journey of learn & Share..

Posts Tagged ‘ADMT’

Quest and ADMT comparison

Posted by Awinish on October 4, 2011


There are various tools used for migration such as ADMT(Active Directory Migration Tool) from Microsoft, DMM(Domain Migration Manager) from the Quest, Netiq etc.

ADMT is the free tool from the MS and there is no licensing cost involved. Any number of AD objects/servers/computers can be migrated to other domain without need to pay single penny whereas Quest tool is paid and licensing is based on the number of enabled users migrated or mailbox migration for exchange.

Each tool has its own pros and cons, but features and support should be considered in the first place while opting for any migration tool. ADMT has its own advantages like support through MS forum, ability to handle and its working is known to most, getting reference on the internet is easy where as handling/using quest tool requires some kind of skill and learning, quest documents are not easily available, support might be pocket burning here, so both the tool has its own benefits and demerits.

The table below shows the features available with the Quest DMM tool and ADMT tool.

FEATURE

MIGRATION MANAGER

ADMT

COMMENT

Continuous synchronization

Yes

No

Since migration can last for a long time, migrated data might become obsolete and need to be updated. To address this, ADMT performs remigrations throughout the process with different options. This means that it is necessary to repeat the same actions every day, requiring more time and manual effort. Migration Manager greatly simplifies this task, providing real-time directory synchronization and ensuring that critical data is kept up to date. Additionally, Migration Manager  also provides two-way synchronization, making it possible to manage both directories simultaneously. This is especially critical for keeping passwords   and group memberships up to date between the  two environments.

Statistics

Yes

No

Migration Manager Statistics Portal gives you detailed information about the migration project.

Undo

Complete

Limited

Migration Manager allows you to revert any performed changes at any time without restoring data from backup. ADMT cannot roll back resource updating tasks. Directory migration undo is restricted to the last session only; account

Inter-forest migration

Non-destructive

Non-Destructive

ADMT cannot roll back resource updating tasks. Directory migration undo is restricted to the last session only; account merging cannot be undone.

Intra-forest migration

Non-destructive

Destructive

In case of intra-forest migration, ADMT deletes a source account and its tombstone immediately after moving it to the target domain. Functionality to roll back this operation is not provided – it is necessary to re-migrate the account and workstation from the target back to the source.

Migration without trusts

Yes

No

In some organizations, trusts between source and target domains cannot be established due to security reasons. Unlike ADMT, Migration Manager allows migration in this case.

Advanced object selection capabilities

Yes

No

ADMT uses a standard “select users and groups” dialog for object selection. It shows objects in flat list and doesn’t allow filtering of disabled, expired, or system accounts.

Property population rules

Yes

No

Migration Manager lets you modify any object properties before the migration data is actually applied to the target domain, using import file technology. It allows you to populate values from  an HR database or according to some other rules. ADMT does not allow you to modify all object properties, only the Container Name (CN), Relative Distinguished Name (RDN), sAMAccountName and userPrincipalName.

Security descriptor migration

Yes

No

If administrative rights are delegated on the OU level and you plan to preserve the existing delegation model after migration, security descriptors of OUs and accounts should be migrated. ADMT does not migrate security descriptors, and all permissions must be granted manually.

Consolidated resource updating

Yes

No

If you migrate multiple domains, resources should be updated for users from all domains. With ADMT, you have to update the same resources multiple times, separately for each source-target domain pair.

Workstation update

Complete

Limited

Migration Manager provides complete user workstation update. Whereas ADMT requires a reboot of the workstation in order to complete migration, only a logoff/logon is needed with Migration Manager. When migrating the workstation with Migration Manager, you can automatically change the default domain name on the workstations’ logon prompt, making the switch invisible to users. In contrast to ADMT, it also includes update of scheduled tasks and migration   of certificates for encrypted files and mail.

Laptop update

Yes

No

Usually laptops are disconnected from the corporate network and cannot be updated as ordinary workstations. Migration Manager allows you to update laptops via user logon scripts and without additional interaction with users.

Server infrastructure update

• Active Directory

• Exchange 5.5/2000/2003/2007

• SharePoint Services 2.0/3.0, SharePoint Portal Server 2003/2007

• Internet Information Services 5.0/6.0

• SQL Server 7.0/2000/2005

• Systems Management Server 2003/System Center Configuration Manager 2007

• NAS/SAN devices

Exchange 5.5

ADMT has incomplete server resource updating. It requires a great deal of administrator effort because all permissions must be updated manually.

Clean-up SIDHistory

Yes

No

To preserve network security, the SIDHistory attribute of objects should be cleaned up after migration. ADMT does not provide this functionality.

Note:  I’m neither a Quest agent nor MS agent, the above reference posted for reference and informational purpose only during migration tool selection for performing forest/domain migration based on the cost and complexity.

The table posted above is taken from the Quest site.

 

Posted in Directory Services, Exchange, SCCM/SCOM | Tagged: , , | 7 Comments »

Inter/Intra Forest Migration Using ADMT Tool

Posted by Awinish on December 24, 2010


ADMT Version
OS required by ADMT tool
Source Domain
Target/Destination Domain System OS support
ADMT 3.0 Windows Server 2003 Has no requirement for functional levelDCs: Windows NT
Windows 2000 Server
Windows Server 2003
Minimum functional level: Windows 2000 Native Windows NT
Windows 2000 Professional
Windows XPWindows 2000 Server
Windows Server 2003
ADMT 3.1 Windows Server 2008 Has no requirement for functional levelDCs: Windows 2000 Server
Windows Server 2003
Windows Server 2008* Do Not support the migration of domain objects from Windows NT4
Minimum functional level: Windows 2000 Native*Minimum functional level: Windows 2000 Native*Known issues that may occur when you use ADMT 3.1 to migrate to a domain that contains Windows Server 2008 R2 DC
KB:976659*You cannot uninstall ADMT 3.1 after you perform an in-place upgrade to Windows Server 2008 R2.KB: 974625
Windows 2000 Professional
Windows XP
Windows VistaWindows Server 2000
Windows Server 2003
Windows Server 2008
ADMT 3.2 Windows Server 2008 R2 Minimum functional level:  Windows Server 2003DCs: Windows Server 2003
Windows Server 2008
Windows Server 2008 R2
Minimum functional level:
Windows Server 2003
Windows XP
Windows Vista
Windows 7Windows Server 2003
Windows Server 2008
Windows Server 2008 R2

The above table has been used from Ana Paula M Franco blogs, since it was in Portuguese, i converted into English to be understand by others.

Download ADMT 3.2 guide from below.

http://www.microsoft.com/downloads/en/details.aspx?familyid=6D710919-1BA5-41CA-B2F3-C11BCB4857AF&displaylang=en

http://technet.microsoft.com/en-us/library/cc974332%28WS.10%29.aspx

http://blogs.dirteam.com/blogs/jorge/archive/2006/12/27/Migrating-stuff-with-ADMTv3.aspx

Known issues that may occur when you use ADMT 3.1 to migrate to a domain that contains Windows Server 2008 R2 domain controllers

http://support.microsoft.com/kb/976659

ADMT 3.2: Common Installation Issues

http://blogs.technet.com/b/askds/archive/2010/07/09/admt-3-2-common-installation-issues.aspx

Checklist: Performing an Intraforest Migration

http://technet.microsoft.com/en-us/library/cc974337%28WS.10%29.aspx

Checklist: Performing an Interforest Migration

http://technet.microsoft.com/pt-pt/library/cc974327%28WS.10%29.aspx

Establishing Migration Accounts for Your Migration

http://technet.microsoft.com/en-us/library/cc776438%28WS.10%29.aspx

Best Practices for Active Directory Migration

http://technet.microsoft.com/pt-pt/library/cc974412%28WS.10%29.aspx

How to install ADMT 3.2 on Windows 2008 R2 SP1 Domain Controller

http://blogs.microsoft.co.il/blogs/yuval14/archive/2011/09/26/how-to-install-admt-3-2-on-windows-2008-r2-sp1-domain-controller.aspx

Migrating All User Accounts

http://technet.microsoft.com/en-us/library/cc974368%28WS.10%29.aspx
http://remoteitservices.com/content/migrating-users-windows-2003-windows-2008-using-admt-31-0

Migrated Users Get Prompted To Change Password at First Logon Even After Migrating Their Password with the PES

http://blogs.technet.com/b/askds/archive/2010/05/12/migrated-users-get-prompted-to-change-password-at-first-logon-even-after-migrating-their-password-with-the-pes.aspx

Migrate Workstations and Member Servers

http://technet.microsoft.com/en-us/library/cc974402%28WS.10%29.aspx

http://blogs.technet.com/b/askds/archive/2010/07/10/migrating-vista-and-windows-7-profiles-with-admt-3-2.aspx

Enabling Migration of Passwords

http://technet.microsoft.com/en-us/library/cc974435%28WS.10%29.aspx

Migrating Vista and Windows 7 profiles with ADMT 3.2

http://blogs.technet.com/b/askds/archive/2010/07/10/migrating-vista-and-windows-7-profiles-with-admt-3-2.aspx

Managing Users, Groups, and User Profiles

http://technet.microsoft.com/en-us/library/cc974331%28WS.10%29.aspx

Translating Security in Add Mode

http://technet.microsoft.com/en-us/library/cc974439%28WS.10%29.aspx

http://technet.microsoft.com/en-us/library/cc782157%28WS.10%29.aspx

http://technet.microsoft.com/es-es/library/cc780450%28WS.10%29.aspx

Troubleshooting KB’s

http://support.microsoft.com/kb/841820

Troubleshooting Password Migration Issues

http://technet.microsoft.com/en-us/library/cc974377%28WS.10%29.aspx

Troubleshooting Computer Migration Issues

http://technet.microsoft.com/en-us/library/cc974341%28WS.10%29.aspx

ADMT, RODC’s, and Error 800704f1

http://blogs.technet.com/b/askds/archive/2009/10/19/admt-rodc-s-and-error-800704f1.aspx

 

Posted in Directory Services | Tagged: , | 4 Comments »