Pre-creating user account in the target domain is a common scenario these days due to single-sign-on solution, HR management procedure etc. This will make the user migrate procedure more challenging. During the migration you need to make sure these accounts are properly “merged” with correct SID information.
In this example, I will explain a procedure to migrate and merge user accounts using Quest Migration Manager (QMM). You can read the Part I (User Account Migration and Merging – Part I (ADMT)) of this document in the following link:
I have pre-created user accounts in the target domain. Their logon name (samAccoutnName) is different in the target domain. My goal to migrate an account from the source domain, merge it with the corresponding account in the target domain and maintain the source SID in the migrated object.
My plan is to use an input file which contains a mapping between source and target user accounts. The file encoding type must be ANSI. You can read about this requirement in my following blog:
Here is an example of this input file:
In the above example, my plan is to migrate User1 and merge it with a pre-created user account (12345) in the target domain. The column headers are Source sAMAccountName, Target sAMAccountName and Target Name.
1. Open Quest Migration Manager console. Right click on the Migration node and select New Session option.
Note: Make sure the Account Name matching attributes is selected in the domain pair configuration (Domain Pair –> Properties –> Object Matching).
2. Click Next on the Welcome window.
3. Specify the name in the Name box for this migration session. Click Next.
4. On the Select Object in Source Domain window, click on Import button and select the user input file and click Open.
5. Click Next on Select Objects in Source Domain window.
6. On the Select Target Container window:
a. Click Browse to select the appropriate target OU
b. Select Migrate objects without OUs as a flat list option and
c. Select either
- Merge and move the objects to the new OU –> This option will move the migrated/merged object to the selected OU.
- Merge and leave the account where it was before the migration option –> This option will leave the account where it was before the migration.
d. Click Next.
7. On the Set Security Settings window, select appropriate options. Click Next.
8. On the Specify Object Processing Options window, select appropriate options. Click Next.
9. Click Next on the Specify Object Processing Options window.
10. On the Select Migration Agent window, select the correct DSA as the migration agent server. Click Next.
11. Click Next on the Migrate Active Directory Objects window.
12. Click Yes on the Migration Wizard Popup window. Migration process status will display on the status windows
14. Select View log button on the Completing the Migration Wizard windows to verify the log file.
15. Click Finish to complete the user migration process.
You can verify the sIDHistory value using ADSI Editor or one of the following scripts. The sIDHistory value should be equal to the ObjectSID in the source domain.
QMM Directory Synchronization
If you are planning to use Quest directory synchronization, you can enable the directory synchronization after the user migration. QMM will update the user information (user properties, group membership etc) based the QMM matching attribute value (adminDescription & adminDisplayName or ExtensionAttribute 14 and 15). These values get populated during the user migration.
Other Related Blogs & Articles:
Active Directory Migration Using ADMT - http://www.sivarajan.com/admt.html
Computer Migration - Things to Consider - http://www.sivarajan.com/cm.html
User Account Migration and Merging Using ADMT - http://www.sivarajan.com/
ADMT Include File - http://portal.sivarajan.com/2011/06/admt-include-file.html
User Migration and Input File Format - http://portal.sivarajan.com/2010/12/user-migration-and-input-file-format.html