Active Directory/Documentation/Enable Computer Migration

From WolfTech
Jump to navigation Jump to search

The following outlines the changes that were necessary for computer migration from the ECEW2K domain to the WOLFTECH domain.

Source Domain

  1. Create a trust between the domains.
    • A one-way trust from source to target is all that is necessary, however we already had a two-way trust in place.
  2. Migrating user must be a member of the source domain's builtin Administrators group.

Target Domain

  1. Create a trust between the domains.
    • A one-way trust from source to target is all that is necessary, however we already had a two-way trust in place.
  2. Migrating user must have the ability to create computer accounts in the destination OU.
  3. The following group policy changes were required in Default Domain Controller Policy:
    • Computer Configuration\Windows Settings\Local Policies\User Rights Assignment

      Add workstation to domain = Authenticated Users

    • Computer Configuration\Windows Settings\Local Policies\Security Options

      Network Access: Named Pipes that can be accessed anonymously = COMNAP, COMNODE, SQL\QUERY, SPOOLSS, netlogon, lsarpc, samr, browser

      Network Security: LAN Manager authentication level = Send NTLMv2 response only\refuse LM

Migration Server

  1. Install the Active Directory Migration Tool v3.
  2. Migrating user must have administrator priveleges on the migration server.

Subject Computers

  1. Enable and start the Remote Registry service
  2. Open up the firewall to allow the migration agent to be installed.
    • Todo
  3. Migrating user must be a member of the Administrators group.
Retrieved from "https://tools.wolftech.ncsu.edu/support/index.php?title=Active_Directory/Documentation/Enable_Computer_Migration&oldid=2904"