ADMT Prerequisites

Hello,

If you want to use ADMT to migrate some Active Directory objects, you need to comply with ADMT prerequisites to get it work.

ADMT Prerequisites : Audit

You need to set some audit in place. You need to activate it for :

• “Audit account management“, success and failure
• “Audit directory service access“, only success (Windows Server 2008 and later)

In both source and target domains :

ADMT – Prerequisites – Audit

You also need to create a local domain group in the source domain called “SourceDomain$$$” where SourceDomain is the NetBios source domain name.

ADMT Prerequisites : Permissions

Migrate SID Hstory

To perform an Active Directory migration without any disruption for your users, you may need to migrate the SID of the user in the old domain in the SidHistory of the user in the new domain. To do that, you need the permission called “Migrate Sid History“, you apply that at the domain level.

Migrate SidHistory

Administrative Privileges on the source

You also need some administrative privileges on the source domain. The easiest way is to put the account initiating the migration into the “Administrators” group in the source domain.

ADMT Prerequisites : Trust

You also need an Active Directory trust between the two domains.

Additional Information

A lot more information and details can be found here :

DsAddSidHistory

Microsoft documentation

To get SidHistory work, you may need to modify your Active Directory trusts Indeed, you need to disable SidHistory filtering between the domains.