Product Reviews

Microsoft's Free AD Migration Tool Shines

While commercial product boast bells and whistles, Microsoft's free tool gets the job done.

Though free, Microsoft's Active Directory Migration Tool (ADMT) offers most of the features found in commercial tools. It's fairly simple to use, and its installation is based on an MSI that's located on the Windows Server installation CD. ADMT operation basically consists of using the right mouse button to click on Active Directory Migration Tool, accessing the context menu and selecting the appropriate wizard to operate.

ADMT wizards support account, group, computer and service account migrations, group remappings, security translations and more.

The operation of the wizards is straightforward. Identify the source and target domains, the objects to migrate, the container to migrate them to, and how to perform the migration. ADMT supports both reporting and test migrations. It also migrates users through global groups, making the migration simpler if your source groups are well organized. ADMT's reporting tools provide comprehensive information on source domain objects, letting you clearly identify which objects to filter before going ahead with the migration.

ADMT supports SID history migrations, but only through the use of a Password Export Server (PES), the same server required for both Quest Migrator and BindView's bv-Admin for Windows products. The PES is installed on a domain controller in the legacy network. It's best to use a dedicated server for this operation since it's resource intensive. Therefore, you should stage a new DC and dedicate it to this task. A PES is also required to support password migration.

Microsoft's ADMT
ADMT offers most of the functions of commercial tools when it comes to security principals migrations.

For the PES to work, your network needs to meet the following conditions:

  • Auditing must be enabled on the source and target domains. If it isn't, ADMT will offer to turn it on during the migration.
  • Your target domain must be in Native mode.
  • You must activate legacy access in the target domain by inserting the Everyone group into the Pre-Windows 2000 Compatible Access group. You'll have to remember to turn it off once the migration is complete.

In addition, ADMT version 2 supports scripting, letting you script migration operations to have them run during off hours. As far as security principal migrations are concerned, ADMT is pretty much as powerful as most commercial tools. Its interface is fairly intuitive, since the wizards provided for migration are listed in the order you would perform them in the context menu. For many environments, ADMT can simply get the job done.

About the Author

Danielle Ruest and Nelson Ruest, both Microsoft MVPs, are IT professionals focused on technologies futures. They are authors of multiple books, including "Microsoft Windows Server 2008: The Complete Reference" (McGraw-Hill Osborne Media, 2008), which focuses on building virtual workloads with Microsoft's new OS.


  • RAMBleed Side-Channel Attack Method Disclosed by Researchers

    Academic researchers this week published information about another side-channel attack method, called "RAMBleed," that can expose information from memory chips, including encryption key information.

  • Penguin

    Windows 10 Preview Build 18917 Shows Off New Linux Integration

    Microsoft's latest Windows 10 "fast-ring" preview release is showcasing a coming Delivery Optimization enhancement, along with the ability to try the newly emerged Windows Subsystem for Linux version 2.

  • Customizing Microsoft Office 365

    While the overall look and feel of Office 365 is pretty standard across organizations, there are several ways to personalize it and make it fit better with your company's specific needs.

  • Microsoft 365 Business Tenants Getting Conditional Access and Trouble-Ticket Features

    Microsoft added its conditional access security service to Microsoft 365 Business subscriptions, according to a Wednesday announcement, and it also added new trouble-ticket features for Microsoft 365 administrators.

comments powered by Disqus

Office 365 Watch

Sign up for our newsletter.

Terms and Privacy Policy consent

I agree to this site's Privacy Policy.