Whenever we release a new product or suite of products we at Microsoft want to ease the adoption of it. For that reason we’ve released tools and scripts over the years to help our customers out. We’ve typically given these as free downloads from the internet, and (I know my opinion is skewed here) frankly we have had some really great freebies.
With Server 2008 it is no different. We are working on an updated version of our Active Directory Migration Tool (ADMT) which is designed to work with Windows Vista and Server 2008. This version is number 3.1; if you’ll recall the previous version is 3.0 which can be downloaded here. In addition to the great tool that is we have an awesome Migration Guide which is there to help.
So why the blog post? Well, first is to get the word out about what we have. Secondly, to set everyone’s expectations on when we will have ADMT v3.1 available. Thirdly, to discuss some ways you can use ADMT v3.0 in a migration that contains a mix of Server 2008 and Windows Vista with other Windows platforms. Finally, to encourage everyone to contact Microsoft Customer Service and Support if and when you have difficulties.
So for the second point: when will ADMT v3.1, designed and tested to work well with 2008 and Vista, be available? I don’t have a firm answer, but the general idea is soon. I’ll caution everyone that dates for this sort of thing change as part of the process and that any specific time I quote could be way off. Add to that the fact that I am not a person on that development team and you have the word that describes what I’m about to tell you: hearsay. Having said all of that I would expect ADMT to be available by August 2008. Remember this could be way off-and if it is the reason will almost certainly to make sure it’s a better product. So patience pays off, right?
Better yet there will be a beta for ADMT v3.1 I expect. Keep an eye out for betas you can enroll in by checking your account at https://connect.microsoft.com/ early and often under the Available Connections button. Don’t have an account there? Get one! Using Connect is your best way to get a head start on knowing an upcoming product as well as getting your personal experience and feedback heard.
Now for some discussion about some methods and expectations if you were to try and use ADMT v3.0 to migrate in an environment which contains Server 2008 or Windows Vista (from here on we’ll call those mixed environments).
The table below gives a good overview of what we have seen in some informal testing with ADMT v3.0 and mixed environments. Marked in painfully bright highlighter yellow are the scenarios where things are expected to work. I've also attached this matrix to the post as a monolithic HTML file you can download...I know browser windows are not always good to read this kind of thing in.
WS03 ADMT Console joined domain
WS03 ADMT Console logon Account
Source Domain Admins (DA)
Failed with “Invalid handle”
Failed with “Invalid handle” to create new computer account in target
Target Domain Admins (DA)
Target Domain Admins (DA)
Succeed after adding target DA to client local administrators group (able to create computer account, join to target domain and complete security translation)
Target Domain Admins (DA)
So how can you migrate using the ADMT v3.0 version with your mixed environment? Well, here are a few things to make sure and do in order for that to work:
· Add target DA account to WS03 ADMT console machine local administrators group
· Logon to Server 2003 ADMT console using target DA account
· Add target DA account to the XP clients local administrators group (by GP or other method)
· Run computer migration with or w/o security translation options from ADMT console
Things to keep in mind:
· ADMT v3.0 computer migration\security translation will not work for Vista client or Server 2008 member servers.
· ADMT v3.0 will not install on, or allow upgrade to if already installed, Server 2008.
· ADMT v3.0 migration from a Server 2008 domain source has not been tested and will be addressed by ADMT v3.1.
So as a final point I want to reiterate is that I encourage people to contact us if we can help with your migration to and adoption of Server 2008. It is a truly awesome product and our goal is to help people implement it, use it and reap all the benefits it can provide.
I have an upcoming project that involves moving from WS2003R2SP2/Vista Clients to WS2008 in a new forest. Planned date is April. Looks like we'll have quite some manual time ahead, but i would consider it a waste not to use WS2008.
We thought about using using a WS2003 DC in the new domain for migration, but it seems that Vista isn't supported for the machine migration part.
I know that it's not your fault, and i'm not blaming you - but i can life with WS2008 not being supported yet, but that it doesn't work with Vista (1.5 years after Vista's release) just sucks.
I'm sorry-I should have mentioned this workaround to get some security translation for your Vista and Server 2008 user profiles. It's not ideal but it can work well.
From your Vista computer go to the System Control Panel and choose Advanced Settings. Once there click on the Advanced folder tab. In the Advanced tab click on the User Profile categories Settings button.
From there you have a list of User Profiles. Simply choose the one you need to translate or more and then click the Copy To button. In the dialogue you can select a remote destination (or local) to copy it to, but the important thing is that you can alter the Permitted To Use setting to be the users destination domain identity. This should do security translation on the users profile similar to the option for that in ADMT.
The down side to this is that this is not automated-but it can work well to get the job done.
About two years ago I was the lead on an Active Directory migration/consolidation project where we collapsed
Many thanks for the reply. I already knew that trick, and thus investigated further.
There is an Update for Vista that adds the Win32_UserProfile WIM Provider, which should allow to automate this.
There are also some scripting examples:
Thanks! I'm feeling much better now ;)
マイクロソフトのサポート部隊に所属する Tim Springston が書いている blog に面白い記事が投稿されたのでご紹介します。 ADMT and Server 2008 Windows Server
I have a question about the use of ADMT and static RPC ports.
We restricted RPC traffic to port 3003 and I would like to know if ADMT can deal with that?
After installing ADMT on Windows 2008R2 member server and trying to migratie SID History I get an error message which says Unable to Add SID History for <useraccount>. The RC code with the error is 1722 stating something is wrong with RPC. However all requirements are met and there are no issues with RPC.
Does anyone have any idea if I have to tell ADMT in a way that port 3003 is being used?