If you want to use ADMT to migrate some Active Directory objects, you need to comply with ADMT prerequisites to get it work.
ADMT Prerequisites : Audit
You need to set some audit in place. You need to activate it for :
- “Audit account management“, success and failure
- “Audit directory service access“, only success (Windows Server 2008 and later)
In both source and target domains :
You also need to create a local domain group in the source domain called “SourceDomain$$$” where SourceDomain is the NetBios source domain name.
ADMT Prerequisites : Permissions
Migrate SID Hstory
To perform an Active Directory migration without any disruption for your users, you may need to migrate the SID of the user in the old domain in the SidHistory of the user in the new domain. To do that, you need the permission called “Migrate Sid History“, you apply that at the domain level.
Administrative Privileges on the source
You also need some administrative privileges on the source domain. The easiest way is to put the account initiating the migration into the “Administrators” group in the source domain.
ADMT Prerequisites : Trust
You also need an Active Directory trust between the two domains.
A lot more information and details can be found here :
To get SidHistory work, you may need to modify your Active Directory trusts Indeed, you need to disable SidHistory filtering between the domains.