Difference between revisions of "Active Directory/Documentation/Enable Computer Migration"
Jump to navigation
Jump to search
| Line 12: | Line 12: | ||
# To migrate SID history, migrating user must be a member of the target domain's Domain Administrators group. | # To migrate SID history, migrating user must be a member of the target domain's Domain Administrators group. | ||
# The following group policy changes were required in Default Domain Controller Policy: | # The following group policy changes were required in Default Domain Controller Policy: | ||
| − | #* Computer Configuration\Windows Settings\Local Policies\User Rights Assignment | + | #* Computer Configuration\Windows Settings\Local Policies\User Rights Assignment<BR>Add workstation to domain = Authenticated Users |
| − | Add workstation to domain = Authenticated Users | + | #* Computer Configuration\Windows Settings\Local Policies\Security Options<br>Network Access: Named Pipes that can be accessed anonymously = COMNAP, COMNODE, SQL\QUERY, SPOOLSS, netlogon, lsarpc, samr, browser<br><br>Network Security: LAN Manager authentication level = Send NTLMv2 response only\refuse LM |
| − | #* Computer Configuration\Windows Settings\Local Policies\Security Options | ||
| − | Network Access: Named Pipes that can be accessed anonymously = COMNAP, COMNODE, SQL\QUERY, SPOOLSS, netlogon, lsarpc, samr, browser<br><br>Network Security: LAN Manager authentication level = Send NTLMv2 response only\refuse LM | ||
==Migration Server== | ==Migration Server== | ||
Revision as of 10:34, 15 March 2006
The following outlines the changes that were necessary for computer migration from the ECEW2K domain to the WOLFTECH domain.
Source Domain
- Create a trust between the domains.
- A one-way trust from source to target is all that is necessary, however we already had a two-way trust in place.
- Migrating user must be a member of the source domain's builtin Administrators group.
Target Domain
- Create a trust between the domains.
- A one-way trust from source to target is all that is necessary, however we already had a two-way trust in place.
- Migrating user must be a member of the target domain's builtin Administrators group.
- To migrate SID history, migrating user must be a member of the target domain's Domain Administrators group.
- The following group policy changes were required in Default Domain Controller Policy:
- Computer Configuration\Windows Settings\Local Policies\User Rights Assignment
Add workstation to domain = Authenticated Users - Computer Configuration\Windows Settings\Local Policies\Security Options
Network Access: Named Pipes that can be accessed anonymously = COMNAP, COMNODE, SQL\QUERY, SPOOLSS, netlogon, lsarpc, samr, browser
Network Security: LAN Manager authentication level = Send NTLMv2 response only\refuse LM
- Computer Configuration\Windows Settings\Local Policies\User Rights Assignment
Migration Server
- Install the Active Directory Migration Tool v3.
- Migrating user must have administrator priveleges on the migration server.
Subject Computers
- Enable and start the Remote Registry service
- Open up the firewall to allow the migration agent to be installed.
- Todo
- Migrating user must be a member of the Administrators group.