Difference between revisions of "Active Directory/Documentation/Enable Computer Migration"
Jump to navigation
Jump to search
| (2 intermediate revisions by the same user not shown) | |||
| Line 9: | Line 9: | ||
# Create a trust between the domains. | # Create a trust between the domains. | ||
#* A one-way trust from source to target is all that is necessary, however we already had a two-way trust in place. | #* A one-way trust from source to target is all that is necessary, however we already had a two-way trust in place. | ||
| − | # Migrating user must | + | # Migrating user must have the ability to create computer accounts in the destination OU. |
| − | |||
# The following group policy changes were required in Default Domain Controller Policy: | # The following group policy changes were required in Default Domain Controller Policy: | ||
| − | #* Computer Configuration\Windows Settings\Local Policies\User Rights Assignment<BR><BR>Add workstation to domain = Authenticated Users | + | #* Computer Configuration\Windows Settings\Local Policies\User Rights Assignment<BR><BR>Add workstation to domain = Authenticated Users<BR><BR> |
#* Computer Configuration\Windows Settings\Local Policies\Security Options<br><BR>Network Access: Named Pipes that can be accessed anonymously = COMNAP, COMNODE, SQL\QUERY, SPOOLSS, netlogon, lsarpc, samr, browser<br><br>Network Security: LAN Manager authentication level = Send NTLMv2 response only\refuse LM | #* Computer Configuration\Windows Settings\Local Policies\Security Options<br><BR>Network Access: Named Pipes that can be accessed anonymously = COMNAP, COMNODE, SQL\QUERY, SPOOLSS, netlogon, lsarpc, samr, browser<br><br>Network Security: LAN Manager authentication level = Send NTLMv2 response only\refuse LM | ||
Latest revision as of 10:26, 16 March 2006
The following outlines the changes that were necessary for computer migration from the ECEW2K domain to the WOLFTECH domain.
Source Domain
- Create a trust between the domains.
- A one-way trust from source to target is all that is necessary, however we already had a two-way trust in place.
- Migrating user must be a member of the source domain's builtin Administrators group.
Target Domain
- Create a trust between the domains.
- A one-way trust from source to target is all that is necessary, however we already had a two-way trust in place.
- Migrating user must have the ability to create computer accounts in the destination OU.
- The following group policy changes were required in Default Domain Controller Policy:
- Computer Configuration\Windows Settings\Local Policies\User Rights Assignment
Add workstation to domain = Authenticated Users - Computer Configuration\Windows Settings\Local Policies\Security Options
Network Access: Named Pipes that can be accessed anonymously = COMNAP, COMNODE, SQL\QUERY, SPOOLSS, netlogon, lsarpc, samr, browser
Network Security: LAN Manager authentication level = Send NTLMv2 response only\refuse LM
- Computer Configuration\Windows Settings\Local Policies\User Rights Assignment
Migration Server
- Install the Active Directory Migration Tool v3.
- Migrating user must have administrator priveleges on the migration server.
Subject Computers
- Enable and start the Remote Registry service
- Open up the firewall to allow the migration agent to be installed.
- Todo
- Migrating user must be a member of the Administrators group.