Wednesday, July 13, 2011

AD Migration moving data to a new server

During a Domain Migration you may want to move file data from an old server in the old domain to a new server in the new domain.

You can use robocopy http://sjmeyers.blogspot.com/2011/05/migrating-data-between-servers.html to migrate the data but you will still be left with old permissions.


You can run the Active Directory Migration Tool ADMT to do a security translation on the new server to change security on files and folders to the new domain.

Open ADMT Security Translation Wizard

Select Previously migrated objects


Select the old domain as the source and the new domain as the target


Select the computer(s)

Select Files and folders

Select Replace

Select Finish


 Run  pre-check and agent operation
Once Agent has run you can verify the logs


Then check file permissions have changed to the new Domain

Please note permissions will only be translated the the new Domain if the Group was previously migrated and has sid history.
In the example above the Domain users Group hasn't been migrated yet.

The Security Translation wizard can be run more than once on the same server.