Has anyone used ADMT?

[YokyDoky]

Has anyone used ADMT to migrate an NT domain (non-FQDN) to a new AD domain (FQDN) on 2003 server? Did you migrate computers and users? Did it work?

Y. Doky - "Manager" of Systems

"A .22 caliber intellect in a .357 Magnum world."

 

[gstar1703]

Hi there,
I used it a few months back with great success.... eventually.. Take the time to read up though as I eneded up doing it 3 times, due to "skipping" instructions!

Here's are my posts to ms chaps on google to help you along the way -

http://groups.google.co.uk/group/mi...gary+brett&qt_g=1&searchnow=Search+this+group

Good luck -

 

[markdmac]

Yes, I have used it as well. We migrated both users and computers, preserved SID history and had it migrate the users profiles. It worked flawlessly but you really do need to read the docs on it.

Be certain you read this:

http://support.microsoft.com/default.aspx?scid=kb;en-us;260871

One issue I ran into was that I needed to add the new domain admin into the local admins group of the workstations in order to ensure the PCs migrated properly. I did this via script so I did not have to go to each PC.


I hope you find this post helpful.

Regards,

Mark

 

[YokyDoky]

Mark,

I don't suppose you still have that script handy?

Y. Doky - "Manager" of Systems

"A .22 caliber intellect in a .357 Magnum world."

 

[markdmac]

Actually you will need to use 2 scripts. here si the one that actually adds the user account to the PC.

'==========================================================================
'
' NAME: AddUserToLocalAdminGroup.vbs
'
' AUTHOR: Mark D. MacLachlan , The Spider's Parlor
' URL: [URL unfurl="true"]http://www.thespidersparlor.com[/URL]
' DATE  : 8/8/2004
'
' COMMENT: <comment>
'
'==========================================================================
On Error Resume Next

Set WSHShell = CreateObject("WScript.Shell")

'Edit the next line with your new domain name and admin account name
DomainString = "DomainName\Administrator"

'Add the user to the local admins group
Call WSHShell.Run("cmd.exe /C net localgroup administrators " & DomainString & " /add")

Next you will want a copy of SysInternals PSEXEC so you can remotely execute this script on each PC.

Put PSEXEC on the root of YOUR c drive as well as a copy of the above scritp (or modify the paths in the following script).

'==========================================================================
'
' VBScript Source File -- 
'
' NAME: RemoteExecute.vbs
'
' AUTHOR: Mark D. MacLachlan , The Spider's Parlor
' URL   : [URL unfurl="true"]http://www.thespidersparlor.com[/URL]
' DATE  : 3/8/2004
'
' COMMENT: Remotely Executes Adding Users to Local Admin Group.
'
'==========================================================================
On Error Resume Next

'open the file system object
Set oFSO = CreateObject("Scripting.FileSystemObject")
set WSHShell = wscript.createObject("wscript.shell")
'open the data file
Set oTextStream = oFSO.OpenTextFile("wslist.txt")
'make an array from the data file
RemotePC = Split(oTextStream.ReadAll, vbNewLine)
'close the data file
oTextStream.Close

For Each strWorkstation In RemotePC
'Do something useful with strWorkstation

If Not oFSO.FolderExists("\\"&strWorkstation&"\c$\Scripts") Then 
	Call WSHShell.Run("cmd.exe /C md \\" & strWorkstation & "\c$\Scripts")
End If

If Not oFSO.FileExists("\\"&strWorkstation&"\c$\Scripts\AddUserToLocalAdminGroup.vbs") Then 
Call WSHShell.Run("cmd.exe /C copy C:\AddUserToLocalAdminGroup \\"&strWorkstation&"\c$\Scripts")
End If
wscript.sleep 200
If Not oFSO.FileExists("\\"&strWorkstation&"\c$\psexec.exe") Then 
	Call WSHShell.Run("cmd.exe /C copy C:\psexec.exe \\"&strWorkstation&"\c$")
End If
wscript.sleep 200
Call WSHShell.Run("cmd.exe /c c:\psexec.exe \\" & strWorkstation & " -s -i cmd.exe /C C:\Scripts\AddUserToLocalAdminGroup.vbs")		
Next

Set oFSO = Nothing
Msgbox "All done"
WScript.Quit(0)

Note that you need a file called WSLIST.TXT that contains the NetBIOS name of all of your workstations that you want this to work on. Execute this script while logged on as Administrator from the old domain. make sure you have already enabled your trust before doing this too.

You can downlaod a free copy of PSEXEC from here:

http://www.sysinternals.com/utilities/psexec.html

I hope you find this post helpful.

Regards,

Mark

 

[YokyDoky]

When migrating Computer, I get this:

"User rights translation will be performed in Add mode only..."

But I want to Replace. What now?

Y. Doky - "Manager" of Systems

"A .22 caliber intellect in a .357 Magnum world."

 

[markdmac]

If memory serves me correctly you want it in Add mode so users can still log in to either domain. it will Add permissions for the new domain user account while leaving user permissions from the old domain intact.

I hope you find this post helpful.

Regards,

Mark

 

[klh456]

I have used ADMT and we found a way around the need to put the domain admin in the local administrator group. I have a domain admin account on the old network. I use that account to log in to the server where I am running ADMT. I can then migrate users and computers without a problem.

 

[markdmac]

klh456, did you find problems AFTER doing that? Essentially, when you join a PC to the domain the Domain Admins group has rights over each PC. What I am wondering is if you circumvented this process whether or not it was added in automatically afterwards by ADMT. If not then there would be a big problem of not being able to manage the PCs on an ongoing basis.

I hope you find this post helpful.

Regards,

Mark