Difference between revisions of "Active Directory/Documentation/Enable Computer Migration"

The following outlines the changes that were necessary for computer migration from the ECEW2K domain to the WOLFTECH domain.

Source Domain

1. Create a trust between the domains.
   • A one-way trust from source to target is all that is necessary, however we already had a two-way trust in place.
2. Migrating user must be a member of the source domain's builtin Administrators group.

Target Domain

1. Create a trust between the domains.
   • A one-way trust from source to target is all that is necessary, however we already had a two-way trust in place.
2. Migrating user must be a member of the target domain's builtin Administrators group.
3. To migrate SID history, migrating user must be a member of the target domain's Domain Administrators group.
4. The following group policy changes were required in Default Domain Controller Policy:
   • Computer Configuration\Windows Settings\Local Policies\User Rights Assignment

Add workstation to domain = Authenticated Users

1. • Computer Configuration\Windows Settings\Local Policies\Security Options

Network Access: Named Pipes that can be accessed anonymously = COMNAP, COMNODE, SQL\QUERY, SPOOLSS, netlogon, lsarpc, samr, browser

Network Security: LAN Manager authentication level = Send NTLMv2 response only\refuse LM

Migration Server

1. Install the Active Directory Migration Tool v3.
2. Migrating user must have administrator priveleges on the migration server.

Subject Computers

1. Enable and start the Remote Registry service
2. Open up the firewall to allow the migration agent to be installed.
   • Todo
3. Migrating user must be a member of the Administrators group.