locked
Using ADMT Security Translation with uncloned users account... (ADMT wasn't used) RRS feed

 > 

  • Question

  • Question
    Sign in to vote
    0
    Sign in to vote

    Hello,

    I have the following case:

    Enterprise has DOM_A
    Entreprise has implemented a new trusted Forest DOM_B
    Enterprise has created users in DOM_B, using same name as users in DOM_A

    Don't ask why they didn't used ADMT..

    Now they face the question of SidHistory and Computer profile migration (security translation) etc.

    My Questions: Is there a way to :

    1) Liste DOM_A's users SID and put them in DOM_B's users SidHistory, based on same name (case A) and some mapping.csv (Case B as some user have different names). I'm convinced all this can ben done with PS and other Tools, but perhaps some of you had to do it and can confirm its feasibility ?

    2) Can we then import the relevant informations to "rebuild" the ADMT Database to migrate the computer accounts and Profiles ??

    As my understanding is that ADMT require these informations.. am I correct?

    Any help would be highly appreciated. Thank you in advance!

    Conrad


    Wednesday, September 23, 2015 12:59 PM

Answers

All replies

  • Question
    Sign in to vote
    0
    Sign in to vote

    Hi Conrad,

    Thanks for your post.

    As far as I know, there's no build-in method from microsoft to assgin the SID to re-created user accounts in new domian.

    In your scenairo, since you have created the same accounts in the target domain, you might consider to migrating same user from differents domains with admt.

    If it is in this case, you could refer to the thread discussed before.

    https://social.technet.microsoft.com/Forums/windowsserver/en-US/642eb4ca-93da-45f4-8e6a-4f172ef32c04/migrating-same-user-from-differents-domains-with-admt-32?forum=winserverDS

    Or you may need to set the new related  SID for the new accounts. For you initial idea, "Liste DOM_A's users SID and put them in DOM_B's users SidHistory" with powershell,  since I haven't test before, I suggest you may also post in PowerShell Forum to make sure it exists the commands to achieve the goal.

    And for migrating the computer accounts and Profiles, you may take a look at the articles below.

    http://social.technet.microsoft.com/wiki/contents/articles/16621.interforest-migration-with-admt-3-2-part-3.aspx#Security_Translation_Local_Profiles

    Best Regards,

    Mary Dong

    Please remember to mark the replies as answers if they help and unmark them if they provide no help. If you have feedback for TechNet Subscriber Support, contact tnmff@microsoft.com.

    • Proposed as answer by Mary Dong Friday, October 2, 2015 1:46 AM
    • Marked as answer by Mary Dong Friday, October 9, 2015 5:27 AM
    Thursday, September 24, 2015 5:39 AM
  • Question
    Sign in to vote
    0
    Sign in to vote

    Hi Mary!

    Sorry for the late reply (busy times). Thank you much for the links, I'll have a look to the links and will come back.

    Thank you again and best regards

    Conrad

    Friday, October 2, 2015 8:43 AM
  • Question
    Sign in to vote
    0
    Sign in to vote

    Hi Conrad,

    Is there any updates for your issue?

    Look forward to your reply.

    Best Regards,

    Mary Dong

    Please remember to mark the replies as answers if they help and unmark them if they provide no help. If you have feedback for TechNet Subscriber Support, contact tnmff@microsoft.com.

    Thursday, October 8, 2015 2:26 AM