ADMT (Active Directory Migration Tool) - ADMT 3.2 Step by Step Installation and Migration Full

Video Statistics and Information

Video

Captions Word Cloud

Reddit Comments

Captions

hi guys welcome to my channel and today I'm going to start a admt 3.2 tutorial and this is basically actually active migration toolkit where we are going to do the migration from one old domain to new domain and we'll see how the admt going to install and how we can configure and how we can use the admt tool to migrate a user's group or you can say the service account computer servers all from any old Forester new form so there was number of a number of like requirement to migrating the migrating the domain or forest from one domain to new domain like like some company purchase some companies so you want to merge those companies to extract it together or someone take it or taken over the some company so you want to migrate all the resource from all domain old company environment a new domain which is which is purchased that company so there were lots of stuff you know which is which is we can face the issues or we can have a scenario where we need to migrate the domain domain resources to new domain so I'm going to follow the follow the video where we are going to install the ADM T and you can you can also follow my instructions on my video to configure the ADM T and you can do the forest wise migration so in this video I'm going to do the forest wide migration and this is as you can see this is the first video so in this video I am going to basically focus on installation of admt and doing the migration and coming video we can see how to can have to migrate your file server from one domain to new domain and also also I'm going to record few videos on like after migration how we can do demo to completely demote your ol domain and after migrating all the users computer all the resources to new domain so let's start so here is we have a two domain you can see I mean I am focusing on three virtual machines for now however I have few other virtual machine if you go my this lab scenario which I have build so I have basically six machine but I'm I'm focusing on three virtual machines now because these are the primary DC and second row DC and the New Forest domain controller so rest we have a two file server and two windows client which is Windows 8 and Windows 10 so I'm going to focus on these domain controller for now so the primary DC so the old domain controller you can see the domain name is victor in for sole calm where is the all the resources we want to migrate to new domain which is vector new.com so in an old forest what we have we have two domain controller here you can see the first primary DC's Oh - win - get for - DC 0 1 which is running on Windows Server 2012 r2 and this is the IP address of the primary DC 192 168 1 dot 201 and the second ADC we have a scene with the 2 0 2 so this is my old omen control let's verify the server so you can see the old whole domain controller which is victim for so and oh-oh - win - k12 this is 0 1 and IP address and you can go and above that trajectory also here is my actual active users and computer we can see the domain name and we have a broad view where I have created those some groups and we have a one file server also here and we have a few users a normal user this is a file server admin which is basically our domain your main rest of the users are normal user they are go their domain user and join in some group which we have created here so and we have a two to Windows machines client machine so this is the infrastructure and if you go to domain controller you can see we have two domain controller DC 0 1 and DC 0 2 and both are the global catalog and and shown in my main site so seem you can verify from here also this is my domain controller - and you can see everything from here also all the things so these are the two domain controller for the whole domain can to hold the mean which is victim for soul calm and the next we have a new forest which is Victor new.com so here's the machine you can see the computer name we went to get role and an extensive like you can say new new into k12 DC 0 1 and the new domain is Victor's new and you can see here this machine is also running on Windows Server 2012 r2 and the IP this is 1 9 2 6 8 1 201 and you can see the details and you can see the actual active also you so we have no computer here we have no prod oh you and we have only one domain controller which is this so let's start the step by step Mike relations so step by step for this migration by a DMT so the first thing we need to create a DNS setting on all diseased minds before creating the before proceeding anything we must need to configure DNS on all domain controller get thought get recognized by other domain so I'm going to put here 1 9 2 & 6 8 100 200 Wow there's a this machine itself as a DNS server and this is its primary secondary domain controller and the last one is I am putting that DNS name for the this machine which is new domain controller in a new forest so so basically we have a DNS setting for all three DNS which we have for new domain and the whole domain has for us so done for primary DC and I am going to do on old dc2 so here you can see the dummy I need to put here 192 192 168 1 the 2 2 1 so it's done you can verify also you can also verify let's do the same on our new domain domain controller so you can see I'm going to wipe this setting and 192 168 1 or 2 2 one for itself and the primary domain control of the whole domain 201 I'm going to put the second readiness also one nine two one six eight hundred two hundred two for the secondary so we have this now so we have done the DNS setting on all the servers all the domain cut where we have to make sure we have not changed the DNS setting on our client or our file server we will we will work on these machines later on so so the first thing the the first step we have just done is create a DNS setting on all the DC and now we are good to go and create a trust and we are going to create a forest a trust between this old domain which is which is Victorian for so the Victor knew so I'm going to do it now so I'm on my new domain controller which is an Victor new I'm going to use the Act adaptive domain and trusts so on an Victor new.com click right click and go to properties here we have a trust so I'm going to create a new trust forest in another forest and this is gang giving some basic detail what is toast I'm going to put here my the main domain name for the old domain click Next and you can see we are able to dissolve it so we have external trust and forest rust so I'm going to create a forest trust between the two forests allow users from any domain one for us to authenticate in say other for this so we are going to create a forest trust click Next and how the trust is going to be a one-way a two-way or like incoming or outgoing only so I'm going to create a two-way trust between these new domain and the old domain so click Next and we have a create a trust with the following this domain or both the main and a specified domain so I'm going to use the both domain and which is safai domain click Next and now we need to put the credential for the victim for sole calm so I'm going to put the credential here and I'm going to type here administrator credential for Victor and for sole calm click Next and now you can see we are passed and outgoing trust or authentication level local so for just Y so for outgoing for this wise click Next and we are good to go here you can see the this domain and they specified domain we have both domain and it's a trustee forest first and we have a direction to a transitive yes I'll do an incoming click next and now you can see the trust relationships created successfully specify the main victim force all calm and everything looks good click Next and it's confirming it's asking to confirm the outgoing first yes I want to confirm the outgoing trust click Next do you want to confirm the incoming trust yes I want to confirm it and now you can see that just resistancy was successfully created and confirm so loud we have a Bordeaux main click finish now you can go here and you can actually validate it so I'm going to validate it and the trust is validated and in place and active so good to know and this is a trajectory I said do you want to update the naming suffix routing information to trust yes I want so it's done and go in well you ate this also so I'm going to validate for over 10 for soul comm so I'm going to put administrator credentials so you must need to validate the trust after creations to activate the trust so all good so now we have an act of trust form determine and also we need to go to our victim for soul calm which is ultras and need to activate that trust to act to work so properties and validates which will ask you the credential for Victor new.com which is our target domain so I'm going to type here with her you know good initial for it click OK so Trust has been validated and in place and active get to know this also we need to verify so Victor new administrator and the password for the administrator and that just is validated good to know ok so now we have an act of trust between both the domain which is a good time for soul and Victor new so we are good to go move on so I'm going to step the third step which is configuring DNS suffix such result so what is mean basically if we go on your CMD and type ipconfig oh you can see we have only Deena suffix such list with time for soul and if you go to new domain you are able to find only only means ipconfig /all means f our users as requesting something and a new domain which is our old domain it will not going to search the DNS suffix because the domain don't have the information about the other forest Deena suffix so we need to add it manually so it can be done by GPO easily so we am going to do it by the policy only so I'm going to you can create a new GPU either you can go and modify any existing me GPO so as this is a forest right we are doing this activity for the forest face or domain way so I'm going to modify in a default domain policy for now so click Edit and you need to go to computer settings and you need to go to policies administrator templates networking the DNS client and you have here you can see the DNS suffixes search list so I'm going to change here and make it enable I'm going to copy my both down domain name here and paste it and enable now if I go and type GP update to get the new GPO applied on this machine so the computer policy is applied come completed and now if I go and check the I'd be configured you can see the DNS DNS effects such is added so same I'm going to do for new domain as well as so I'm going on here on my group policy on new domain control and I'm going to make the changes in my default domain policy and policies at mr. t templates networking and the DNS client and here I have to put in enable type it so I'm going to make some changes here the first it should come to my Victor new and apply and we are good to go if I go here gpupdate first update the group policy and then we can verify so it's completed and now I feel config also you can see the both the DNS fixes added so we are good to go we have added the DNS suffix in old and new domain both so we are good with it and let's move to next step so now we are proceeding to basically installing the admt tool so what I'm going to do I'm going to install a DMT tool on my target domain which is Victor new so I'm login to my this is my domain controller in a target domain and I have downloaded the required set up here so admt can use the Express edition of the SQL Server so I am going to install that SQL Express first so launching the SQL Express setup so new installation that's a brand-new installation so this is basically SQL Server 2008 r2 accept the license terms click Next and wait for the setup to copy the files so this is the school setup so the main thing we require the database engine services so these all default click Next so if you want to change that instance name you can change the instance name however I'm going to use the default angstroms which is a mess SQL server so click Next so I want to run a school server by systems on account so I just sort to the system and the authority system click Next now you can see the victor a new class administrator is already added so go ahead click Next and click Next and now you can see the installation is started so the installation will take some time to get the installation done for escrow Server 2008 r2 Express Edition so after this installation done we can go ahead and install the admt 3.2 so admt I have already downloaded here you can see it's a very small setup it's around 4 and we set up so once the installation is done for this exclusive we will push it with the ID empty installation so wait for few minutes here so now you can see escrow Server 2008 r2 installation completed successfully go ahead close this and you can also close this installation center and now I'm going to launch the solution for this a DMT migration actually active migration toolkit so click Next I actually click Next and here we have I don't want to chew on this paragraph put here m as SQL Server now you can see its installation is done and it's asking to input the database so I don't want to input any database click oh no don't want to import an existing database default click Next and now you can see they acted active migration to kill Jenna so she successfully install and you can go ahead and click on finish and if I go here you can see active active migration tool kit new openness and send icon to desktop on same way we need to install a idiom Jian also also so I'm going to do on all domain controller and I'm going to run the installation for SQL first and click on new installations I accept the license agreement click Next we'll take some time we need to wait so click Next leave the default name is calyx players click next and service accounts should be system and the authority system click Next you can see the victim for sole administrator is added click Next click max and now you can see the installation is started so installation will take some time after once the installation is done we can go ahead and install idiom two on this machine also so just wait for installation to get finish and also if you want we can move to next step which is creating corruption key what is this encryption key this is encryption key is basically to sync your password from all domain to new domain we must make choir some asexual method to migrate the passwords so it's needs to be done by encryption so I'm going to export the migration tool kit here so for the migration we need to go to this path well this is open in and type the CMD and I have here my command ready so it's something you need to put like you can see the admt and key create source name with time for soul calm and the key file I'm going to save in my C Drive but this name and password should be on test so good to go I'm going to type my password again so click enter and you can see the password export for domain was successfully created and saved in C Drive so now I can go to C Drive and I can see my password file here and I'm going to copy this file in my primary domain which is here so that's good so we have created the encryption key which required later on so now you can see the s collision is almost install complete installation is almost complete we can go and run the ad empty on my sauce the main server so we are good to go close this and you can close this also I'm going to run the ad MT toolkit here so SQL Express click Next that's installing so I am basically installing the ad empty toolkit on my source and destination forrester domain both so click Next and we have successfully created and so so now I'm going to send icon to shots go to my desktop so we are good to it with it so we are done basically first six-step and now we can move this our 70 surfaces a da d empty migration account in my administrator group you can basically add your admt migration if you created an inch and rake account and a specific account for your ad MD migration only so you can add to add masu tech group so in my case I am going to add my administrator account of target domain controller target domain and the source domain and administrators group so we have here in victim for sole administrators group I'm going to add the member of the Victor new so I'm going to type the administrator check name so click OK and now basically I have added my target domain administrator ID in here readiness to take group to allow it or full rights on my source domain and same I'm going to do in my target domain to access the full control to get the full control of my domain so built in the source domain administrator I'm going to find my so the domain here we have a trust go ahead type that month later it will take some time to search it I got to go here you can see we came for so quick add apply so this account basically need to be or have administrative rights on all your machines users desktop end-users machines and desktop and servers everywhere so for now I am just adding to my active active servers and now we are good to go and install ad empty password migration DLL so this need to be in so long source domain controller so I'm going on my source domain controller owner this is my right able domain controller so click on password migration setup and welcome to the admt password migration dear little setup wizard click Next I accept the license term now you need to provide the encryption key which we have just generated from the our target domain so it's in my C Drive next and the password for this encryption key so I'm putting my password here and ready to is already empty password migration DLL click install and we need to put the lock service account so on a service account I'm going to put my target domain controller administrator account so Victor new an administrator and the password for this account click OK and now you can see the account Victor new slash admission has granted a logon service click OK and now you can see it's asking for reboot the server so I'm going to reboot the server and then we will start the service this password migration service so we need to do this ninth step so just wait for it just I will bring online then we will do it so he can talk to devil to log into this machine and now if I go to services I'm able to see the service called posh word export server service so I'm going to run it automatic and I'm going to start it so we are good with it and you can see the log on as service also so we can close this and now we can move to next step which is create even a target or target to me so so basically we need to make sure we have a same structure in our forest new forest so you can dump the all the data although used a or use a structure and a CSV file by using the powershell and you can create the automate the script to create an using new target domain so basically we have only few group for you so i'm going to create it for manual is right now so prod and the prod we have users we have groups we have servers and finally we have oxygens so we are good with it so we have created the OU's and now we can start the migration step so what is the recommendation for Microsoft to migrate the resources so the first thing you can migrate the groups then you can migrate the user account then the security translation and the computer account migration so I am going to do it now so let's test with the few users so I'm going to open my active active migration toolkit on my target domain and I'm going to run a group group account migration so click Next welcome to the group account migration with that click Next here you need to put the type of the source to mean so I'm going to put Victor and for Seoul calm and we can see we have a two domain controller you can either select any domain controller you can if you have a preference you can select the preference also and the target domain which is Victor new.com and we have only one domain here that's over here so click Next you know it will search further select the group from the domain or the if you have a any text file which include all the objects you can go and use that text file information file also so I'm going to select the group basically so click Next and group selection click Add and I'm going to run the find here so I'm going to basically migrate my these groups these four groups so I'm going to select them so this is basically I think here these three groups and I have missing one group also which is a script group so click OK and now you can see if I have selected all four group which is given in groups so I'm going to click Next and the target to you I'm going to migrate in my prod and groups so we can written you owe you and click Next and here we have a something called migrated groups a society to the target domain we can select these setting you can customize as per your requirements so I'm giving two with the these options copy the group members members and fix the membership of the group and you can go basically with the default option also and you can fix these options later on also so I'm going to do this fixed membership for the group and group SSID to the target so so you can see the auditing is currently not enable in source domain do you want to like to enable it yes and for the target domain also we don't have you want to enable it yes so go ahead and put the password for the takos domain so I'm going to put my credential here for the victim for sole domain so click Next lead everything default and now you can go ahead and click on finish and you can see the you examined for and copied for so we don't have any errors so we are good to go also you can go and find locks here which is showing that it not be able to find the users these users which is a part of this script group and they should not be able to find this group so it's not be able to fix the permissions basically so we can we have migrated the group and now we are good to go and migrate the user so we can close this and let's verify the groups so we have a if i refresh here you can see we have all group and but we don't have any member of these groups yet because we have not migrated any users so now we need to migrate the users and we'll see how it's going to fix the auto fix the groups by using adding them user so user account migration wizard click Next and you can see it's by default selected click Next and select the users from domain yes and I want to add them call it user so we have five user here and this go you and including we have one more thing FS so let's move FS also so we have half a sermon so click Next and the target we need to select users I'm good to go click Next and generate password migrate password if you want to migrate the password from we have already installed my password migrations services and click Next do not update password for the existing users click Next it will take some time so we have here the account saw station option you can close account and set the expire date and everything so I'm not going to disable the source account you can also go ahead and select this option and it will disable the user account in the source domain so I don't want to do this and we have here the target account the state target on target as same as source so if you want to disable you can go ahead and enable or disable so I'm going to use the default which is target same as so so and we have a small check box here migrate users ID to new domain which is acquired so click Next and put the password here so I'm going to type my password and we have update user rights migrate associated groves update the previously migrated objects so it will fix the membership also click Next and if you want to exclude something you can exclude so let's click on finish and you can see now it's copying the migrating the users so examine one copied one so it will take some time we have to wait copy - and copy it six so everything looks good we don't have any other close this now you can go and verify the users I go here refresh you can see all the users has been migrated and you can also see the group membership hands isn't fixed now for the group which we have previously migrated so everything looks good here and you can see for this also if I go to office admin you can say it's a member of the main user so so good we are done with it and now we can go and do the security translation so the security translation is basically required on much on a desktop on a server which you want to join in domain or in a new folder so I'm going to do it on my previous Windows 8 machine for now so for this I'm going to put my administrator credential and put the DNS detail of the new domain server so I'm going to change the DNS setting 1 I 2 so 192 168 1 dot 221 so we have putted the DNS entry for the new domain now you need to make sure you have disable the firewall so I'm going to do it manually for now also you can apply the cheap you for this and one more thing you need to make sure that the user the migration account which you are going to use from the target domain controller have access to this machine as a domain as the administrator so I'm going to use this finish here so I'm going to use that Victor new administrator account here in a local administrator so to allow the migration so click OK now everything looks good and now I can go ahead and do the security translations say go here and security translation is basically required when you are most required when you are going to do the migration for the file servers so previous objects click Next and searching for the object we have to be it and so the computer from domain click Next and add and go to your source domain which is written for Seoul now if you find my computer objects and here we have a Windows 8 machine so I'm going to click OK next and what you want to make do the security translation so I'm going to select everything here which is going to my do the security translation for user rights user profile shear so just three printers local groups and the use of files and folders as well so click Next and what you have option here you want to add it you want to remove or you want to replace so the safest way to do this you can do the add add is equivalent to security preference target object and leave the source reference in fact also so I'm going to add this click Next and here you can see finish showing slicing please wait now you can see we have two action here agent X and run pre-check and then P check an agent operation so I'm going to run a pre-check so to verify everything connection and everything is ok with this machine and a new forest and then we can if everything is passed we can go and run so you can see the pre check is passed so now we are good to go and run the three second agent operation to start this so now you can see it's started and it will take some time to complete this so we have to wait so some time it's going to take a long time basically it's depend on how much data you have how much of printers and how much changes it's basically how much changes is required needed and your machine so you need to make sure you have enough time to do this activity translation so just wait for this to complete and then we will do the our final step which is computer account migration so I'm just waiting to complete this so you can see completed with Arabs so might be we have some error so we can see the migration love also here so so you can see it's not saying anything protocol so we can go and close this we are done with now let's move to the computer account migration so I'm going to into the computer icon migration so select here computer migration wizard click Next and you need to select this and the select computer from a domain so you can go and find the object Windows 8 machine click OK click Next and the target do you we need to select in a new domain so I'm going to put invitations click Next and what do you want to do the security translation so click Next and add we have already done this so click Next and minute before computer restart so I'm going to make it 1 I don't want to exclude anything so everything's looks good click on finish now it will examine copied everything good close this or sensitizing please wait and now i'm going to run the pre check so past agent started not so I'm going to start the agent now so the this process is automatically going to change this machine domain and it's going to unjoin this machine from victim for soul comm I'm going to join this machine automatically in a new domain which is a Victor new and it will restart the machine itself so we have to wait for it you can see the agent is running now so now you can see that it's completed and waiting for reboot so the machine is going to reboot ml may be less less than in minute so we have to wait for it and then if I go to properties you can see the machine is joining new domain itself Victor neucom so after reboot it's going to we are going to get the login to the new domain from this windows 8 client machine so we have to wait for few seconds few minutes here to auto reboot this machine so now you can see it's automatically a DMT is automatically rebooting this machine and going to join in new domain so now you can see the machine is a generator new so I'm going to use my user 0-1 to log into this machine and you can see password must change before sign-in so I'm going to change the password for use the 0 1 which was migrated by using the idiom t only so click next and changing password in new domain so you have possibly changed we are signing in and now you can go and find the machine detail turn this divining Victor you so it will take some time to give you the message that the boss check is completed also you can see will verify the computer object in AD so I'm going in my old domain controller old domain and if i refresh you can see the Windows 8 computer account is still there with the victim fossil dot-com domain so so basically computer migration is not going to migrate your computer icon it's going to it's doing basically just join and join machine into new domain so if I go to new domain and I refers this and go to was creation you are able to find your machine also here with the new domain name which is avin 8 victor neucom so everything looks good here so we have migrated a computer successfully so everything's passed so go ahead and close this and same way you can use to migrate although all your clients from windows from older mentor new domain so so basically this is this is the how we can install the ad MTA active active migration tool kit and install and configuration and also you can see how we have migrated the users computers group and security translation also so thank you for watching and please subscribe me for more videos and if you have any query indication related to this you can post me on my given me laddies thank you once again bye bye

Info

Channel: Labs Hands On

Views: 90,309

Rating: 4.9104085 out of 5

Keywords: admt migration, admt computer migration, admt migration guide, admt tool step by step, admt intraforest migration, admt guide, admt domain users, admt install, admt installation steps, admt password migration install, admt server migration, admt server 2016, admt 3.2, admt 3.3, admt 3.2 step by step, admt 3.2 installation guide, admt group migration, admt computer migration wizard, AD migration, Forest Migration, Domain Migration

Id: wXsLjzpb9ZA

Channel Id: undefined

Length: 49min 33sec (2973 seconds)

Published: Wed Jan 31 2018