1
00:00:06,970 --> 00:00:09,070
Here is a plan for this lesson.

2
00:00:09,070 --> 00:00:17,790
First we'll talk about Active Directory migration tool and what kind of tasks it supports for completing

3
00:00:17,800 --> 00:00:19,600
a domain migration.

4
00:00:19,600 --> 00:00:27,760
Next we'll talk about pre migration steps which you must complete to prepare the source and target domains.

5
00:00:27,760 --> 00:00:35,740
Then we'll talk about inter forest restructure and with Ada empty an entire forest restructuring involves

6
00:00:36,010 --> 00:00:42,940
five steps to be performed namely the steps are create and a restructuring plan.

7
00:00:42,940 --> 00:00:51,980
Prepare and source and target domains migrate and accounts migrate and resources and finalize in migration.

8
00:00:52,030 --> 00:00:55,490
And finally we'll talk about seed history attribute.

9
00:00:55,780 --> 00:00:59,400
So let's start as part of deploying aid in the.

10
00:00:59,410 --> 00:01:06,880
You might choose to restructure your environment for the following reasons you might want to restructure

11
00:01:06,880 --> 00:01:14,350
it to optimize the legal aid it is structure as in some organizations the business might have changed

12
00:01:14,650 --> 00:01:18,340
significantly since ATF was first deployed.

13
00:01:18,340 --> 00:01:25,690
As a result the ADT is the main or forest structure might no longer meet the business requirements.

14
00:01:25,700 --> 00:01:34,780
Another reason you might want to assist in completing a business merger acquisition or divestiture restructuring

15
00:01:34,780 --> 00:01:42,850
involves migrating resources between 80 days domains in either the same forest or in different forests

16
00:01:43,090 --> 00:01:51,200
a radius has no option to detach a domain from one forest and then attach it to another forest.

17
00:01:51,280 --> 00:01:57,960
You're going to rename and rearrange demands within a forest under some circumstances.

18
00:01:58,090 --> 00:02:04,530
But there is no way to easily merge demands within or between forests.

19
00:02:04,540 --> 00:02:12,640
The only option to restructure in a domain in this way is to move all the accounts and resources from

20
00:02:12,640 --> 00:02:14,600
one domain to another domain.

21
00:02:14,740 --> 00:02:22,960
You can use the active directory migration tool to move User Group and computer accounts from one domain

22
00:02:22,960 --> 00:02:27,120
to another and to migrate server resources.

23
00:02:27,190 --> 00:02:36,790
If managed carefully the migration can be completed without disrupting users access to the resources

24
00:02:37,030 --> 00:02:46,960
that they need to do their work e.g. empty provides both a gooey and a scripting interface and it supports

25
00:02:47,170 --> 00:02:50,750
the following tasks for completing a domain migration.

26
00:02:50,890 --> 00:03:00,070
It supports user account migration group account migration computer servers account migration trust

27
00:03:00,070 --> 00:03:09,870
migration Exchange Server director a migration security translation on migrated computer accounts report

28
00:03:09,870 --> 00:03:18,090
and features for viewing their migrations results and functionality to undo the last migration and to

29
00:03:18,110 --> 00:03:20,170
retrace the last migration.

30
00:03:20,170 --> 00:03:25,740
Please consider this re migration steps before performing a migration.

31
00:03:25,900 --> 00:03:31,290
You must complete several tasks to prepare the resource and target domains.

32
00:03:31,300 --> 00:03:39,970
These tasks include four domain member computers that predate Windows Vista Service Pack 1 or Windows

33
00:03:39,970 --> 00:03:42,730
Server 2008 are 2.

34
00:03:42,820 --> 00:03:47,530
You have to configure a registry key on the target 80 days.

35
00:03:47,530 --> 00:03:57,040
Domain Controller to allow group to grow for algorithms that are compatible with Microsoft Windows and

36
00:03:57,130 --> 00:04:00,130
server for operating system.

37
00:04:00,130 --> 00:04:08,380
You have to also enable firewall rules on source and target ADT as the main controllers to allow file

38
00:04:08,380 --> 00:04:10,150
and printer sharing.

39
00:04:10,150 --> 00:04:18,640
Also you have to prepare the source and target edit is domains to manage how users groups and user profiles

40
00:04:18,640 --> 00:04:20,020
will be handled.

41
00:04:20,020 --> 00:04:28,270
Another task is to create a rollback plan and to establish the task relationships that are required

42
00:04:28,270 --> 00:04:29,780
for the migration.

43
00:04:29,830 --> 00:04:37,840
You have to configure a source and target edit as demands to enable seed history migration and you have

44
00:04:37,840 --> 00:04:41,290
to specify service accounts for the migration.

45
00:04:41,320 --> 00:04:48,100
And last but not least you have to perform a task migration and fix and reported errors.

46
00:04:48,100 --> 00:04:56,470
Now some words about inter forest restructure and was Ada empty an entire forest restructuring involves

47
00:04:56,710 --> 00:05:04,470
moving resources from source domains that are in different forests than the Tajik domain to use Ada

48
00:05:04,490 --> 00:05:10,030
M2 to perform an inter forest restructuring you have to do the following.

49
00:05:10,030 --> 00:05:18,340
First you have to create a restructuring plan an adequate plan is critical to the success of the restructuring

50
00:05:18,340 --> 00:05:19,150
process.

51
00:05:19,240 --> 00:05:23,800
Complete the following steps to create your restructuring plan.

52
00:05:23,800 --> 00:05:34,480
A determined the account migration process be assigned object locations and location map and see develop

53
00:05:34,570 --> 00:05:35,930
a test plan.

54
00:05:36,010 --> 00:05:41,310
Then create a rollback plan and create a communication plan.

55
00:05:41,470 --> 00:05:48,670
After agreed in a restructure and plan you have to prepare a source and tortured demands for the restructure

56
00:05:48,670 --> 00:05:52,770
and process by performing the following tasks.

57
00:05:52,810 --> 00:06:02,650
Ensure that 1 20 a bit encryption is on all domain controllers Windows Server 2000 service box 3 and

58
00:06:02,710 --> 00:06:11,600
newer versions natively support 1 28 bit encryption for older operation operating systems.

59
00:06:11,680 --> 00:06:19,120
You must download and install a separate and groups and back within this step you have to also establish

60
00:06:19,120 --> 00:06:26,660
required trusts you must configure at least a one way trust between the source and target domains.

61
00:06:26,680 --> 00:06:34,930
After doing so you have to establish migration accounts as a empty users migration accounts to migrate

62
00:06:34,930 --> 00:06:37,990
objects between source and target domains.

63
00:06:37,990 --> 00:06:45,700
Ensure that these accounts have permissions to move and modify objects on the source and target domains.

64
00:06:45,700 --> 00:06:54,280
After this step please determine whether Ada M2 will handle seat history automatically or if you must

65
00:06:54,280 --> 00:07:01,840
configure the target and service domains manually then ensure proper configuration of the target domain

66
00:07:01,910 --> 00:07:11,380
or use structure ensure that all you configure the proper administrative rights and delegated administration

67
00:07:11,410 --> 00:07:13,150
in the target domain.

68
00:07:13,150 --> 00:07:21,520
After that install Ada empty in the larger domain and enable password migration then perform a test

69
00:07:21,520 --> 00:07:29,650
migration with a small test account group and switch to step 3 which is my great account.

70
00:07:29,650 --> 00:07:32,990
You have to perform the following to migrate accounts.

71
00:07:32,990 --> 00:07:41,540
You have to have transition service accounts then migrate global groups and migrate accounts.

72
00:07:41,560 --> 00:07:49,110
Consider migrating user and computer records and badges to monitor the migrations process.

73
00:07:49,150 --> 00:07:56,680
If you are migrating local profiles as part of the process migrate the affected computers first and

74
00:07:56,680 --> 00:07:59,770
then the associated user accounts.

75
00:07:59,860 --> 00:08:08,230
After this switch to step 4 which is my great resources you have to migrate the remaining resources

76
00:08:08,530 --> 00:08:11,730
in the domain by performance the following steps.

77
00:08:11,770 --> 00:08:20,080
First migrate workstations and member servers then migrate domain local groups and after that migrate

78
00:08:20,080 --> 00:08:27,310
domain controllers and finally move on to the final step which is finalized on migration.

79
00:08:27,310 --> 00:08:33,070
You have to finalize the migration and perform cleanup by performance the following steps.

80
00:08:33,070 --> 00:08:38,350
First transfer administration processes to the target domain.

81
00:08:38,350 --> 00:08:46,150
Second ensure that at least two operable domain controllers exist in the target domain.

82
00:08:46,150 --> 00:08:48,190
Backups as domain controllers.

83
00:08:48,340 --> 00:08:52,030
And finally decommission the source domain.

84
00:08:52,030 --> 00:08:59,590
Now some words about seed history attribute during the migration you might have moved use around group

85
00:08:59,590 --> 00:09:08,350
accounts to the new domain but the resources that the users need to access might still be in the old

86
00:09:08,350 --> 00:09:11,530
domain when you migrate a user account.

87
00:09:11,530 --> 00:09:19,420
Edit Here's a science ID and you seed because the resource in the source domain grants access based

88
00:09:19,420 --> 00:09:22,510
on the user receipt from the source domain.

89
00:09:22,600 --> 00:09:30,970
The user can not to use the new suit to access their resources until the resources moved to the new

90
00:09:30,970 --> 00:09:33,600
domain to address this situation.

91
00:09:33,600 --> 00:09:42,400
You can configure a duty to migrate they see it from the source domain and then store the seed in an

92
00:09:42,520 --> 00:09:44,890
attribute called SEED history.

93
00:09:44,890 --> 00:09:52,780
When the seed history attribute is populated the user as previous seed is used to grant access to resources

94
00:09:53,110 --> 00:10:01,390
in the source domain search history increases the size of users access tokens after migrating users

95
00:10:01,420 --> 00:10:02,670
to the new domain.

96
00:10:02,710 --> 00:10:11,330
The access control lists in your in should be examined and you should also migrate the ACLU.

97
00:10:11,540 --> 00:10:18,950
After our migration is completed and the original domain has been removed you should clean up your users

98
00:10:19,240 --> 00:10:19,620
seat.

99
00:10:19,630 --> 00:10:21,290
Here's to attribute.

100
00:10:21,410 --> 00:10:28,200
You can best accomplish this task by using the get seed history and remove seed history.

101
00:10:28,310 --> 00:10:30,440
Windows power shall command laps.

102
00:10:30,530 --> 00:10:38,570
You should carefully plan and exactly use activities because removing said history before the environment

103
00:10:38,570 --> 00:10:43,570
is properly prepared could cause business interruptions.