The Complete Active Directory Migration Process
Overview: There are different scenarios for performing Active Directory migration. The process of transferring data within the Active Directory is not that easy. It is a complex process that requires many things to be prepared. Here you will find the complete Active Directory migration process stepwise to make the task easier.
The data exchange within Active Directory has proved to be tougher. Because, there is a need to migrate several objects such as users, groups, computers, printers, and so on to another domain or forest. Having a complete plan before the process makes the process disruption-free.
Challenges in Active Directory Migration
Several challenges can occur during the Active Directory migration process. Some of the key challenges are as follows.
- Application Compatibility – During the migration some of the applications are compatible with certain server names, and user names. But then after the migration, they did not become compatible easily.
- Security Concerns – The user accounts & memberships also migrate then the issues of passwords occur.
- Data Loss – Migrating all of the resources, users, groups, and computers causes chances of error and data loss.
- Downtime – If you do not follow the right plan, then the whole organization has to face downtime. As a result, the business is affected.
User Disruption – User disruption also happened after the migration because they needed to reset their passwords, change the way of login, and many more.
Steps for A Complete Active Directory Migration Process
Here are the steps for a successful Active Directory Migration between domains and cross-forest.
Step 1. Develop a Detailed Plan
A detailed plan is the essential step for the Active Directory migration. You need to prepare a detailed plan for the successful AD migration.
- Identify all of the factors that can affect the process of AD migration.
- Prepare an ordered list of resources to provide the sequence of the migration.
- Have a schedule for the migration.
- Get ready all of the required software and hardware.
- Ensures the existing AD does not have the vulnerabilities.
Step 2. Destination Domain Design
After having a detailed plan for the migration now it’s time to focus on the destination domain design. You need to go through the below factors in the destination domain before performing the migration.
- Scalability – Ensures the scalability of the destination domain. It should be able to handle multiple users at the same time so that you are not required to perform AD migration again.
- Performance – The domain should be efficient so that you do not need to face downtime due to which the chances of business loss are increased.
- Security – The domain should be secure enough so that your data privacy is maintained.
Step 3. Focus on AD Security
Before performing the Active Directory migration process, go deep dive into the existing Active Directory security.
- Verify the state of the environment and identify all the security gaps in the system such as weak passwords and unsecured systems.
- Make sure that firewalls are configured and passwords are secured. Weak passwords and unsecured systems can create security issues during the migration
Step 4. Prepare Forests and Domains
The preparation of forests and domains is performed within two phases. The first is to verify that you are not using FRS. In the earlier version of Windows, the domain controllers supported the DFS for replication. Check the FRS by running the command in the PowerShell.
In the second phase of the forest and domain preparation using the adprep. Run the following commands
Now, it’s time to promote the servers to domain controllers. You need to run the below commands in the PowerShell.
Install-WindowsFeature -Name AD-Domain-Services -IncludeManagementTools
Install-ADDSDomainController -CreateDnsDelegation:$false -InstallDns:$true -DomainName “tailwindtraders.com” -SiteName “Default-First-Site-Name” -ReplicationSourceDC “DC01.tailwindtraders.com” -DatabasePath “C:\Windows\NTDS” -LogPath “C:\Windows\NTDS” -SysvolPath “C:\Windows\SYSVOL” -Force:$true
The first command is to install the necessary roles and services required for the migration. The second command is for the customization of the domain name, and site name.
Step 5. Transfer FSMO Roles from Existing Domain Controllers
Now, is the time to transfer the FSMO roles in the Active Directory migration process. To locate the first and domain FSMO roles, run the below commands.
Get-ADDomain | Select-Object InfrastructureMaster, RIDMaster, PDCEmulator
Get-ADForest | Select-Object DomainNamingMaster, SchemaMaster
To shift the FSMO roles to a new domain controller, run the below command
Move-ADDirectoryServerOperationMasterRole -Identity TargetDC -OperationMasterRole SchemaMaster, DomainNamingMaster, PDCEmulator, RIDMaster, infrastructure master
Step 6. Demote the Domain Controller
Now demote the existing domain controllers having the earlier versions. Through this, the domain controller removes the role and goes back to the standard server role. If the domain controller has to be demoted is it of the Windows Server 2008 R2 or previous? They use the dcpromo wizard to remove the AD domain services. If you are using the Windows Server 2012 or later then use the below command.
Uninstall-ADDSDomainController -DemoteOperationMasterRole -RemoveApplicationPartition
Step 7. Upgrade Domain and Forest Function Level
Now the existing domain controllers having earlier versions are removed. Now raise the domain and forest function level. Windows Server 2016 is the highest one which is supported by Active Directory. Run the following commands for the upgradation of Domain and Forest Function levels during the Active Directory migration process.
Set-ADDomainMode -identity tailwindtraders.com -DomainMode Windows2016Domain
Set-ADForestMode -Identity tailwindtraders.com -ForestMode Windows2016Forest
Step 8. Migration Planning
Plan the migration carefully which includes:
- Select the Names for the source and destination AD forest and domain.
- Plan the Organizational unit (OU) structure to meet the requirements of the organization.
- Plan the group policies settings for the AD DS forest.
- Make the complete list of the objects that need to be migrated.
- Identify the apps for the migration because they are the interdependent components.
Also Read: What is Office 365 Migration Project Plan?
Step 9. Perform Active Directory Migration Process
Now, you are good to go with the process of migration. Here you have two approaches to performing migration. Using the ADMT or experts recommended tool. Firstly, see the steps of the ADMT tool.
Use ADMT Tool
The ADMT tool is offered by Microsoft for the migration of Active Directory. Below are the required steps that should be followed.
Step 1. Install the ADMT tool and sign in with the destination domain credentials.
Step 2. Now after opening the ADMT tool, go to Action > User account migration wizard and Next.
Step 3. Choose the source and destination domains.
Step 4. Load all the users for the migration and press OK.
Step 5. Now select the targeted organizational unit and move Next.
Step 6. Tick the option of “Do Not Migrate source object if a conflict is detected in the domain” in the dialog box of conflict and Next.
Step 7. Finally, verify the migrated users in the destination Active Directory.
You can also choose the Expert’s recommended tool for the successful migration. Through this, you do not need to face the ADMT limitations.
The Active Directory Tool is the expert’s first choice. There are different advanced features associated with the professional tool. Here is the complete list of the prerequisites that should be done before performing the Active Directory migration process.
- Make sure you have Microsoft .NET version 4.6.1 or later.
- Manage DNS settings for DCs on both the platforms Source and Destination.
- Ensures trust relationship.
- Configured the DNS suffix search list.
- Set up the admin account in the administrator groups.
- Keep Active Directory servers in the same network.
- Both source and destination should have the same schema Schema classes / Custom/Standard/ In Built].
- Ensures the AD access to the user.
- Destination AD machine should have the same AD schema Classes + Attributes (Custom + STandard+ in Built) according to the Source.
- Keep the Antivirus disabled, so that it cannot block the application.
- Firewalls should be disabled on both of the machines.
Steps Need to be Followed
Here are all of the steps that need to be executed for the seamless Active Directory migration process to the destination.
Step 1. Download and Enter the administrator as the default details in the admin and password field.
Step 2. Enter the Domain Name and IP address then click on Save and Continue.
Step 3. Add a second domain name.
Step 4. Click on the first domain fill in the required credentials and save.
Step 5. Load all the active directory objects.
Step 6. Complete the credentials of the destination domain.
Step 7. Load the essential active directory objects.
Step 8. Click on the Migration button to create the migration scenario.
Step 9. Create a task by clicking on the migration scenario & select the data and Save.
Step 10. Hit three dots to map the objects.
Step 11. Select any option from the merge or create and click on the start button.
Step 12. Click on the Start button to the start the migration. The process gets completed after a while.
Step 13. To update the destination user passwords, use the sync feature.
- Download and set up the AD Watcher tool.
- Reset the source user password.
- The passwords synced to the destination user automatically.
Step 14. Go to the Report section and generate the reports.
Step 10. Verify the Result After the Active Directory Migration Process
- Go through the results after the migration by the generated report after performing the migration.
- After the data is migrated to the expected location, then inform all the users. Stopped all the activities in the previous Active Directory.
- Make sure that DNS is updated with the Reverse or Forward zones.
- Perform a complete checkup of the data after the migration by the personnel.
- If there are any data is missed after the migration, then use the advanced Delta option to complete the migration.
- Make sure that all of the required data is successfully migrated, then disable the previous Active Directory.
Here we have explained, the complete Active Directory migration process. All of the steps are necessary to get the expected results. Make sure that all of the commands of the PowerShell should be executed by the personnel. Do not make quick for the process of the migration. Also check at least once after the migration that all of the users, groups, computers, and application works as per the requirement.