Steps to Migrate Objects from One AD to Another
Follow step by step guide to Transfer Objects from one AD to another AD using SysTools Migrator for AD.
Pre-Requisites
- System Requirements:
- Migration Server: Windows 2012 R2 server class or above, 16 GB RAM, 4 Core CPU minimum
- Software Prerequisites:
- Microsoft .NET Framework 4.8
- .NET 7
- VC++ 2012 redistributable installed
- Device Settings:
- Power Options: Power option set to "Never" to ensure continuous operation during migration
- Security: Ensure checks for Anti-Virus or policies that can block or interrupt the migration process are in place. The Migrator process should be allowed on the system
- URL Access:
- URLs: https://syssales.appspot.com/api/
- Ports: Port 16011 required for communication with SysTools AD Migrator Sync installed on Source/Destination Domain Controller
- Application Prerequisites:
- Installation: The "SysTools Migrator for Active Directory" system must be in the destination domain
- ActiveDirectoryService: Must run with an authorized user in the destination domain
- Destination AD Schema: The destination AD should have the same schema as the source domain
- Trust Requirement: Remote profile configuration and credential cache for successful login to the destination domain after cutover
- Configure Security Group at Source Domain: Security group creation with "Allow to Authenticate" permission for selected destination users
- SIDHistory Prerequisites:
- Source and Destination Domain Trust: Trust between the source and destination domains is necessary
- Name Resolution: DNS (hostname) and NetBIOS name resolution between the domains must exist
- Enable Auditing: Audit policies should be enabled on the source and destination domains
- PDC Emulator Role: The Domain Controller used for migration needs to be assigned the PDC Emulator Role
Upon launching, Users are greeted with a checklist within the SysTools Migrator for Active Directory tool. It lists components that need to be installed and verified for a successful AD migration.
Mark the box next to components to confirm their installation status. Here is a list of checks Users need to make:
- AD Migrator Sync: Syncs attributes; install on source, target, or both AD domains.
- Message Exchange: Facilitates source-target communication; install on both.
- MQTT Server: Manages Message Exchange communication; install on the migration machine.
Port Access:
- 1883: For Message Exchange.
- 16011: For AD Migrator Sync.
- 16005: For Message Exchange service.
After login, the tool displays a pop-up message: "No Domains are Configured!!!" This indicates that the user has not yet defined the source and destination Active Directory domains for the migration process. To proceed, click anywhere outside of the pop-up window.
Click the Activate button with yellow exclamation mark icon in the bottom left corner of the black tab.
On the Product Activation screen within the SysTools Migrator for Active Directory, choose "Online" or "Offline" mode based on their installation criteria.
Paste the activation code in the provided field. Click the Apply button to proceed with the activation process.
Tool is now Activated for use. Click OK to close the Activation Window and continue with AD Migration.
Users can see that now the Activate Button has a Green Indicator on it. Click on Add Domain
This opens the "Add Domain" dialog box.
2. Enter Domain Information:
- Domain Friendly Name: Provide a descriptive name for the domain (e.g., "Source Domain," "Target Domain").
- AD Type: Select the type of Active Directory.
Select AD Type: Choose the type of Active Directory from the dropdown menu:
- On-Premise: For on-premises Active Directory servers.
- Entra ID: For Cloud Based Active Directory.
Enter the IP address of the domain controller.
Click on Save and Continue.
Provide the username and password of an administrator account for the specified Active Directory domain.
Hit Save and Continue.
Users can see that the credentials are Validated.
Optional: Users can toggle Diffrent DNS Server option if they require.
Switch to View Tab. Then, click on FETCH ACTIVE DIRECTORY OBJECTS to proceed with the activation process.
Inside the pop-up window, mark the box next to all the Objects Users want to include in this Fetch. Then, press continue.
The Source Objects are being Processesed.
The Source Object Processing is Completed.
Users can view Source Object List.
Close Source Object List and continue with the next step.
Click on the "Add Domain" button.
Enter Domain Friendly Name: Provide a descriptive name for the domain.
Select the type of Active Directory.
Enter the IP address of the Target domain controller.
Click on Save and Continue.
Provide the username and password of an administrator account for the specified Active Directory domain.
Hit Save and Continue.
Users can see that the credentials are Validated.
Optional: Users can toggle Diffrent DNS Server option if they require.
Switch to View Tab. Then, click on FETCH ACTIVE DIRECTORY OBJECTS to proceed with the activation process.
Inside the pop-up window, mark the box next to all the same Objects types Users selected during source domain. Then, press continue
Target Objects being Processesed.
Object Processing Complete
View Source Object List. Then close Object list.
All domains Users add can be viewed together in the Domain List.
Users can switch to the tile view to see the domains from a different perspective.
Go to the Migration tab, close the Migration Scenario info bar at the bottom of their screen.
Click on Add Scenario.
The Add Scenario pop up box appears on screen. Type in a Suitable name
Use the dropdown to select the Source Domain.
Likewise, use the lowermost dropdown to select the Target Domain.
View the Migration Scenario Info page.
Switch to the Migration tab and close the Configure Task Creation info bar.
There are three options for creating the migration task:
- Add Task
- Download the CSV template, fill it, and upload
- Import a pre-filled CSV directly
In the Add Task box, enter a name and select the job type.
Admins need to migrate AD objects and Group policies separately in that order, so choose the AD Object Migration option first.Press Save & Continue.
Clicking on Download CSV opens up a pop-up window with the object types.
Mark the box next to the Users object are migrating and hit Download.
Save the CSV in the appropriate location.
Download complete notification.
View the template on any spreadsheet program and edit it accordingly.
In the Import CSV box, type in a name and upload the custom CSV.
The Add Task window expands to show the object level options.
In the User Configuration tab Admins have 3 Password Options:
- No Password Handling (Default)
- Set Existing Password
- Set Default Password
After migrating users with the password sync options.
You can Trigger On Demand Password Sync
They can choose to include sID History so user objects can access the source side resources.
There is also the option to exclude certain properties from being migrated by using a custom CSV. Click on Sample File.
Save the CSV on their workstation and edit it on any spreadsheet program and re-upload it in the tool.
In the Computer Object tab, admins can decide when to restart the computer objects:
- Schedule at the end-user level
- or Force Restart after migration.
In the Computer Objects tab, there is also the option to manage sID History and set DNS.
View Printer Settings.
View Group Settings. (Contains option to enable sID History)
View Shared Folder Settings.
View Contact Object Settings.
Target Domain Before Migration
Click on any source side object or search for it via the search bar present on top of the screen.
This opens a Migration Options box. Depending on how Users choose the location in the target, Users can either Merge (if the same object type is selected) or Create New Object in the destination (if a container folder is selected). Here we continue to demonstrate the Create option.
- Object 1
- Object 2
- Object 3
- Object 4
Switch to Grid view. Expand the Validation bubble and choose Setup Validation option.
In the new window, expand the sID History and Computer Policy tabs (these are only visible if Users select the appropriate options during task creation). Mark the checkboxes and close the window.
Inside the Validation bubble, choose Resource Validation option.
Resource Validation starts.
Incase you see invalid status for some objects expand the Validate option then select Remove Invalidated this triggers a new window to open up. Tool will diagnose and detect invalid items automatically. Press Yes to remove those items.
You can get a CSV report of the invalid items. To get that report press Download.
View the CSV in any spreadsheet analysis tool.
Resource Validation completes and Invalid Objects are removed. Users can check the validation status, then press Start Task.
In the popup, Users can view the count and license details. Press Start.
The migration status updates in real-time.
Once all the objects have migrated successfully, close the window.
Open the target domain where Users can now see the objects have appeared.
Users can check the sID History of relevant components.
See the Profile Summary report
Go back to the Migration page and click Add Task. Fill in the task name, and from the dropdown, select Group Policy Migration. Mark the checkbox, then press Save and Continue.
From the migration task list, select the newly made GPO one. This is why a proper naming convention is a must.
Select the source group policies Users want to transfer to the target domain.
Once selected, switch to grid view. In group policy, validation is not required, so press the Start Task button directly.
In the popup, read the item count and license cost, then press Start.
Users can check the status column to see if the migration was successful or not.
After that, expand the action tab to:
- Retry failed items, if any
- Perform a delta run (on any objects that are made in the domain after the current migration instance)
- Or download the report.
Save it on their machine.
The action options (Retry, Delta, and Report) are available for the AD object migration too.
Download and save the report.
The tool contains a dedicated Reports section.
Toggle the Domain Summary bar to see the list of domains. By default you see the Destination Summary Report
The Destination From Report tells from which domains the data came to the target.
Likewise, Users have the Source Summary Report
and Source To Report, which tells where the items from this domain went.
The second major type of reports that admins can form is the Migration Level Report.
Click on Download Report and save that report.
Users can view any of the reports in a spreadsheet program as they are all CSV files.
