Difference between revisions of "Active Directory/Documentation/Enable Computer Migration"
Jump to navigation
Jump to search
| Line 3: | Line 3: | ||
==Source Domain== | ==Source Domain== | ||
# Create a trust between the domains. | # Create a trust between the domains. | ||
| − | * A one-way trust from source to target is all that is necessary, however we already had a two-way trust in place. | + | #* A one-way trust from source to target is all that is necessary, however we already had a two-way trust in place. |
# Migrating user must be a member of the source domain's builtin Administrators group. | # Migrating user must be a member of the source domain's builtin Administrators group. | ||
==Target Domain== | ==Target Domain== | ||
# Create a trust between the domains. | # Create a trust between the domains. | ||
| − | * A one-way trust from source to target is all that is necessary, however we already had a two-way trust in place. | + | #* A one-way trust from source to target is all that is necessary, however we already had a two-way trust in place. |
# Migrating user must be a member of the target domain's builtin Administrators group. | # Migrating user must be a member of the target domain's builtin Administrators group. | ||
# To migrate SID history, migrating user must be a member of the target domain's Domain Administrators group. | # To migrate SID history, migrating user must be a member of the target domain's Domain Administrators group. | ||
# The following group policy changes were required in Default Domain Controller Policy: | # The following group policy changes were required in Default Domain Controller Policy: | ||
| − | * Computer Configuration\Windows Settings\Local Policies\User Rights Assignment | + | #* Computer Configuration\Windows Settings\Local Policies\User Rights Assignment |
Add workstation to domain = Authenticated Users | Add workstation to domain = Authenticated Users | ||
| − | * Computer Configuration\Windows Settings\Local Policies\Security Options | + | #* Computer Configuration\Windows Settings\Local Policies\Security Options |
Network Access: Named Pipes that can be accessed anonymously = COMNAP, COMNODE, SQL\QUERY, SPOOLSS, netlogon, lsarpc, samr, browser | Network Access: Named Pipes that can be accessed anonymously = COMNAP, COMNODE, SQL\QUERY, SPOOLSS, netlogon, lsarpc, samr, browser | ||
Network Security: LAN Manager authentication level = Send NTLMv2 response only\refuse LM | Network Security: LAN Manager authentication level = Send NTLMv2 response only\refuse LM | ||
| Line 26: | Line 26: | ||
# Enable and start the Remote Registry service | # Enable and start the Remote Registry service | ||
# Open up the firewall to allow the migration agent to be installed. | # Open up the firewall to allow the migration agent to be installed. | ||
| − | * Todo | + | #* Todo |
# Migrating user must be a member of the Administrators group. | # Migrating user must be a member of the Administrators group. | ||
Revision as of 11:32, 15 March 2006
The following outlines the changes that were necessary for computer migration from the ECEW2K domain to the WOLFTECH domain.
Source Domain
- Create a trust between the domains.
- A one-way trust from source to target is all that is necessary, however we already had a two-way trust in place.
- Migrating user must be a member of the source domain's builtin Administrators group.
Target Domain
- Create a trust between the domains.
- A one-way trust from source to target is all that is necessary, however we already had a two-way trust in place.
- Migrating user must be a member of the target domain's builtin Administrators group.
- To migrate SID history, migrating user must be a member of the target domain's Domain Administrators group.
- The following group policy changes were required in Default Domain Controller Policy:
- Computer Configuration\Windows Settings\Local Policies\User Rights Assignment
Add workstation to domain = Authenticated Users
- Computer Configuration\Windows Settings\Local Policies\Security Options
Network Access: Named Pipes that can be accessed anonymously = COMNAP, COMNODE, SQL\QUERY, SPOOLSS, netlogon, lsarpc, samr, browser Network Security: LAN Manager authentication level = Send NTLMv2 response only\refuse LM
Migration Server
- Install the Active Directory Migration Tool v3.
- Migrating user must have administrator priveleges on the migration server.
Subject Computers
- Enable and start the Remote Registry service
- Open up the firewall to allow the migration agent to be installed.
- Todo
- Migrating user must be a member of the Administrators group.