Home » Updates » Migration » How to Migrate AD Objects from One Domain to Another – A Quick Guide

How to Migrate AD Objects from One Domain to Another – A Quick Guide

  author
Written By Mohit Jha
Anuraag Singh
Approved By Anuraag Singh
Published On January 4th, 2024
Reading Time 7 Minutes Reading

The article provides a detailed guide on how to move Active Directory (AD) objects, including users, groups, and computers, from one domain to another. The process involves using Microsoft’s Active Directory Migration Tool (ADMT), which is a free utility that can be downloaded from Microsoft’s website, and an automated software solution to make the entire process quick and reliable.

Active Directory (AD) is a directory service developed by Microsoft for managing and organizing network resources. It stores information about objects on a network and allows administrators to manage and control access to those resources.

Migrating AD objects from one domain to another is a common requirement in many organizations due to various reasons such as mergers, acquisitions, reorganizations, or consolidations. Now, let’s discuss the different approaches to performing this task safely.

How to Migrate Active Directory Users to New Domain?

The manual method requires technical know-how and due to this several IT admins suggest professional software such as SysTools AD Migration Tool, as it makes the entire task hassle-free and easy. Even a naive user can easily run the utility without any error or data loss. 

Some Of the Pre-Requisite of Software 

  • Microsoft .net framework v4.6.1 should be installed.
  • DNS setting should be there on all DCs (Source and destination).
  • Trust Relationships should be created.
  • DNS suffix Search List should be configured.
  • Admin Account should be added to the administrator’s group.
  • AD server needs to be in the same network.
  • Destination AD should have the schema same as the source domain [Schema Classes / Custom/standard / In Built.
  • The provided User should have Active Directory access.
  • Active Directory servers should be in the same network.
  • The destination active directory machine should have the same Active Directory Schema Classes + Attributes (Custom+ Standard+ in Built) as per the source.
  • Antivirus should not be blocked the application.
  • The firewall should be disabled in Source and destination machines.

Also Read: Microsoft Office 365 Pre & Post Migration Checklist Plan to Follow

Software Working Steps to Migrate Active Directory Users from One Domain to Another

Step 1. Download and launch the tool on your computer as mentioned above.

Download Now Purchase Now

Step 2. Enter your Email ID and Password on the login screen to log in.

step-1

Step 3. Once logged in, you will see the software’s domain screen. Click the Register Domain Controller button.

step-2

Step 4. Provide the source Domain Name and IP Address. Click Save & continue.

migration

Step 5. Add the destination Domain Name and IP Address. Click Save & continue.

all users

Step 6. Click on the source Domain and provide credentials in the “Info” tab. Click Save & Validate to migrate Active Directory users from one domain to another.

domain

Step 7. Go to the Active Directory section and click Fetch Active Directory Objects to fetch all source Domain Objects.

verification

Step 8. Click on the destination Domain and enter credentials in the “Info” tab. Click Save & Validate.

one domain to other

Step 9. Go to the Active Directory tab and click Fetch Active Directory Objects. You will see the destination AD objects.

Step 10. Go to the Migration section and click Create Migration Scenario to copy AD users from one domain to another.

secure method

Step 11. Assign a name and select the Source and Destination Domain. Click Save & Continue.

add destination

Step 12. Create a task and select the required workload, such as User, Printer, Computer, Group, Shared Folder, or Contact.

migration process

Step 13. On this screen, you will see all AD Objects present in the source domain. Click the three dots in front of any object to map it with the destination.

migrated

Step 14. After selecting the object, choose whether you want to Merge, or Create at the destination. Click Select.

list objects

Step 15. Click Start to migrate active directory users to the new domain.

select items

Alternatively, you can use the ADMT (Active Directory Migration Tool) to migrate users manually.

But before moving to the manual method, let’s discuss the benefits of using tools over the manual method.

Must Read: How to Migrate Your OneDrive Data to Another Account: A Step-by-Step Guide

Benefits of Using Software in Migrating AD Objects from One Domain to Another

The use of software can bring several benefits in this process, including:

  • Simplified process: Software automate the migration process, which reduces the need for manual intervention, saves time, and minimizes the risk of errors.
  • Comprehensive migration: Tools migrate all AD objects, including user accounts, groups, computers, and printers. This ensures that the migration is comprehensive and complete.
  • Data integrity: By providing various types of reports, It also ensures that data is transferred without any data loss, corruption, or errors. 
  • Time-saving: The software allows administrators to automate the migration process, saving time and allowing for other important tasks to be performed simultaneously.
  • Minimal downtime: With the help of migration software, the migration process can be done with minimal downtime. Because the software works in the background, without affecting the Active directories. Hence, the complete process becomes invisible to the users and does not affect business continuity. 

Hence, using software for AD migration helps to streamline the migration process, minimize risks and errors, and save time and resources.

How to Move Active Directory Users from One Domain to Another Using ADMT? 

To migrate user accounts using ADMT, follow these steps:

Step 1. Download ADMT and run the tool on your computer. Now log in using the appropriate credentials.

Step 2. Click on Action and then click on  User Account Migration Wizard and click Next.

Step 3. Now select the source and target Active Directory domains, and then click Next.

Step 4. Opt for the “Select Users from the Domain” option.

Step 5. In the next dialog box, click “Add” and select the users to be migrated. Then click “OK”. 

Note: If you have not followed the prerequisites carefully, you may encounter an error message that says, “Unable to establish a session with the password export server. Access Denied”.

Step 6. Check the selected user accounts are displayed in the main window and click “Next”.

Step 7. Choose the destination Organizational Unit (OU) and click “Next”.

Step 8. Review all details carefully, and click “Finish”. Wait until the migration process is completed.

Step 9. Finally, check the destination domain to ensure that the desired AD users have been successfully migrated.

Limitations and Shortcomings of UsingMaunal Methods in Migrating Active Directory Objects to New Domain

While using the manual method, you might get some common issues that may arise during the migration process, such as permission issues and issues with DNS configuration. Let’s discuss them in detail.

  • Users can not migrate Read-Only Domain Controllers through ADMT, as it does not work with it.
  • While dealing with ADMT, users have to migrate in closed sets, as It destructively moves objects to the destination AD. 
  • Users can only migrate those domains that are running on supported Windows Server versions.
  • They can not migrate AD objects without ADMT SID history.
  • Without a SQL server, ADMT can not store the respective data.
  • ADMT is unable to migrate Trustless inter-forest objects.
  • It does not provide any statistics or graphical display, hence users are unable to track the migration process.
  • Native permissions delegation is required to run the ADMT tool.

Why You Should Choose the Above Software Over the Manual Method?

  • Migrating AD objects manually can be time-consuming and error-prone. Using the above-mentioned software can automate the process, saving administrators time and effort.
  • AD objects such as user accounts, groups, printers, etc have complex dependencies that you can easily miss or overlook in a manual migration process. Using software can help minimize these errors and ensure a successful migration.
  • The manual migration process can be complex, and it is crucial to maintain data integrity throughout the process. Moreover, the software can help ensure that data is correctly migrated and that all objects are mapped to their corresponding objects in the new domain.

Bringing It All Together

Migrating Active Directory objects from one domain to another is a crucial task especially when you are dealing with large enterprise databases. You must ensure all the objects have migrated to the destination active directory.

As outlined in the above guide, the prima facia of the manual method seems a simple approach, while performing it becomes error-prone and could lead to an unorganized AD forest at the target domain. Hence,  opting for a professional alternative as discussed above is always a smart choice for users to do hands-on. 

  author

By Mohit Jha

Mohit is a writer, researcher, and editor. Cyber ​​security and digital forensics are the two subjects that keep Mohit out of his seat. In addition, he hopes that the well-researched and thought-out articles he finds will help people learn.