SAMACCOUNTNAME - if old and new match then they can be considered the "same". ADC does similar matching, although it can be extended to do matches on EX5.5 primary nt account to an AD accounts sidhistory.
Since you've done script population, you need to match on a similar attribute. If nothing matches, you can use the route mentioned below, after doing your matching manually in excel. -----Original Message----- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Coleman, Hunter Sent: 15 April 2004 04:56 PM To: '[EMAIL PROTECTED]' Subject: RE: [ActiveDir] Migration Dilemma >From what I remember, there is an option in ADMT to merge accounts from a source domain if a "similar" account exists in the target domain. I think it's handled in the Naming Conflicts section of ADMT. I can't recall which attributes it uses to determine what constitutes a matching/conflicting account, but there may be something in the documentation. You can migrate the groups first, without the members, and then have the user account migrations update/correct the group memberships. This should also allow you to pull SIDHistory along. Alternatives would include a batch/script process to clone the groups and repopulate the members, and subinacl.exe from the resource kit to handle the file permissions. Or you could go with one of the migration tools that others have mentioned. Hunter ________________________________ From: Morris, Adam [mailto:[EMAIL PROTECTED] Sent: Thursday, April 15, 2004 7:41 AM To: [EMAIL PROTECTED] Subject: [ActiveDir] Migration Dilemma Hunter, The user accounts were all created by a script and an email was sent to the new account so it became a mailbox. Permissions were then assigned to the mailbox to allow the NT 4 domain account owner rights to the mailbox so they are still authenticating with the old domain controllers. There is an Exchange 5.5 and ADC in the mix but it is at another site so hopefully this won't cause any issues. Basically we just want to migrate the groups and group memberships over as well as all the old file permissions so we can decommission the old domain. Initially we had thought the ADMT was going to be able to help us by allowing us to tie the SID from the old account to the new account, but it looks like that is only an option if you don't already have the user accounts created. Thank you for the response! Adam From: "Coleman, Hunter" <[EMAIL PROTECTED] <http://by2fd.bay2.hotmail.msn.com/cgi-bin/compose?curmbox=F000000001&a= 2792 74ffddd7b484f36fca3cb67f2795&mailto=1&[EMAIL PROTECTED]&msg=MSG108 1999 696.15&start=145797&len=325208&src=&type=x> > Subject: RE: [ActiveDir] Migration Dilemma Date: Wed, 14 Apr 2004 09:50:16 -0600 Reply-To: [EMAIL PROTECTED] <http://by2fd.bay2.hotmail.msn.com/cgi-bin/compose?curmbox=F000000001&a= 2792 74ffddd7b484f36fca3cb67f2795&mailto=1&[EMAIL PROTECTED]&ms g=MS G1081999696.15&start=145797&len=325208&src=&type=x> What are the desired results? How were the user accounts and mailboxes created in the new domain initially? Are the users authenticating against the mailboxes with their NT 4 accounts, or with the AD accounts? Is there an Exch 5.5 organization and an ADC in the mix? Hunter -----Original Message----- From: Morris, Adam [mailto:[EMAIL PROTECTED] <http://by2fd.bay2.hotmail.msn.com/cgi-bin/compose?mailto=1&msg=MSG10819 9969 6.15&start=145797&len=325208&src=&type=x&to=Adam%2eMorris%40experian%2ec om&c c=&bcc=&subject=&body=&curmbox=F000000001&a=279274ffddd7b484f36fca3cb67f 2795 > ] Sent: Wednesday, April 14, 2004 9:41 AM To: [EMAIL PROTECTED] <http://by2fd.bay2.hotmail.msn.com/cgi-bin/compose?curmbox=F000000001&a= 2792 74ffddd7b484f36fca3cb67f2795&mailto=1&[EMAIL PROTECTED]&ms g=MS G1081999696.15&start=145797&len=325208&src=&type=x> Subject: [ActiveDir] Migration Dilemma Hello, We are in the process of planning our migration from NT 4 to Windows 2000 AD. Last year we deployed a minimal AD site in order to roll-out Exchange 2000 for our users. User accounts and mailboxes were created in the new domain but no users were migrated. Some initial testing with the ADMT indicates that it will not produce the desired results. At this time I can see 2 possible plans of action and I'm looking for some better options. (Like maybe another way to migrate the SID's to the new accounts in AD or a way to get ADMT to update the existing accounts instead of replacing them). Plan 1: Back up all the user mailboxes, wipe the AD accounts, use ADMT to move all the accounts/gropus, and then restore mailbox data. Plan 2: Spend the time to develop custom scripts that will add/create the appropriate groups and script as much of the migration as possible. Currently we have close to 150 groups for around 400 users and multiple file servers so the thought of doing a manual migration process is pretty painful. If anybody has any suggestions or thoughts I'd much appreciate the feedback. Thank you! Adam Morris List info : http://www.activedir.org/mail_list.htm <http://65.54.246.250:80/cgi-bin/linkrd?_lang=EN&lah=50d951d50001d17749d b514 dbe7692c3&lat=1082033900&hm___action=http%3a%2f%2fwww%2eactivedir%2eorg% 2fma il_list%2ehtm> List FAQ : http://www.activedir.org/list_faq.htm <http://65.54.246.250:80/cgi-bin/linkrd?_lang=EN&lah=17ae489968d26ddb4d5 ef63 233be7a47&lat=1082033900&hm___action=http%3a%2f%2fwww%2eactivedir%2eorg% 2fli st_faq%2ehtm> List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ <http://65.54.246.250:80/cgi-bin/linkrd?_lang=EN&lah=383f9d0d11011b84cd8 37ce 7632b83e8&lat=1082033900&hm___action=http%3a%2f%2fwww%2email%2darchive%2 ecom %2factivedir%2540mail%2eactivedir%2eorg%2f> --------------------------------------------------------- List info : http://www.activedir.org/mail_list.htm List FAQ : http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ List info : http://www.activedir.org/mail_list.htm List FAQ : http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/
