Active DirectoryMicrosoft Technologies

Active Directory Domain Migration / Active Directory Forest Restructure

When plan for AD infrastructure design main concerns are to maintain the hierarchy and reduce the complexity. We can’t expect businesses to be same for years, as business grows we will also need to apply changes to the infrastructure design. For example company may move to a different business name, may be acquired by another company or else merge with another company. Any of the above situations may cause major AD infrastructure design change. This is where AD migration and Forest restructure techniques comes in handy.

There are mainly two types of AD migrations or restructure.

1)    InterForest – This is mainly happens when company involves with mergers, acquisitions which will need to integrate the resources between forests. When migrate between forest both target forest and source forest will exist. It make easier to roll back changes at any time.

2)    IntraForest – This is mainly apply when you try to reduce the complexity of the domain structure. So it will not involve with multiple forest. Source domain and target domain both will be under same forest. Unlike the interforest, if you need to roll back you need to go with reverse migration to get things back to previous state.

Let’s look in to the comparison between these two types against migration considerations.

Migration Considerations

InterForest

IntraForest

Object Preservation

Objects are cloned. Original objects will be remain in the source.

User and Group objects will be migrated and will not exist in source. Computer and Service accounts will remain enabled in source location.

Password Retention

Optional

Retained

Local Profile Migration

Tools like ADMT should use to migrate the local profiles

Will be migrated automatically

Accounts in Closed Set

Do not need to migrate

Must migrate

Security Identifier (SID) history

Optional

Required for the user, group and computer accounts. No need for managed service accounts.

Microsoft provides a great tool called Active Directory Migration Tool (ADMT) to help with the migration and domain restructure process. The latest tool can download using http://go.microsoft.com/fwlink/?LinkId=401534

ADMT

This tool simplifies the migration of AD objects as its automated most of the tasks. Using wizard with few clicks we can complete the process.

ADMT can run via GUI, command line or as a script. You can download complete guide for this tool from http://go.microsoft.com/fwlink/?LinkId=191734

If you have any question about post feel free to contact me on rebeladm@live.com

Related posts
Cyber SecurityMicrosoft Entra IDMicrosoft Technologies

Microsoft Entra lifecycle workflows Part 02 - How to synchronize value for employeeHireDate attribute from on-premises Active Directory ?

In my previous blog post, I explained how we can automate JML (Joiners/Movers/Leavers) process by…
Read more
Azure servicesMicrosoft Entra IDMicrosoft Technologies

Step-by-Step Guide : Automate JML(Joiners/Movers/Leavers) process with Microsoft Entra lifecycle workflows

JML (Joiners/Movers/Leavers) process of an organization has a major impact on its security and…
Read more
Cyber SecurityMicrosoft DefenderMicrosoft Technologies

Microsoft Defender for Identity Part 02 – Create Directory Service Account

In Part 01 of Microsoft Defender for Identity blog series, I have explained about Microsoft Defender…
Read more
Newsletter
Become a Trendsetter

Sign up and get the best of RebelAdmin, tailored for you.

Leave a Reply

Your email address will not be published. Required fields are marked *