ADMT is a free tool from Microsoft used for migrating Active Directory objects to a new domain. ADMT will allow you to move users, computers, groups, and service accounts to a new domain created in a new forest (inter-forest) or the existing forest (intra-forest).
ADMT will behave a bit differently depending on the environment. An inter-forest migration will essentially copy all objects allowing both domains to run simultaneously. This method allows for a bit more flexibility in the migration process as the existing environment is left as it to provide a fallback should an issue occur. An intra-forest migration will actually move the objects, which requires a bit more thorough planning and execution. Regardless of which method is used, SID History should be enabled on the trust during the co-existence period of both source and destination domains.
ADMT version 3.2 is the latest version offered by Microsoft which can only be installed on Windows Server 2008 R2 and supports migrating domains at the 2003, 2008, or 2008 R2 functional levels. ADMT uses an agent for computer migrations and supports the following operating systems: Windows XP, Vista, 7, Server 2003, Server 2008, and Server 2008 R2. Migrating users can include their passwords if the accompanying Password Export Server (PES) utility is installed on a domain controller in the source domain.
ADMT also requires a SQL instance to maintain all migration data and can support local installs of SQL Express 2005 SP3 (or later) or 2008 SP1 (or later). If you want to connect to a remote database or allow multiple consoles to connect to the same database you can install ADMT to a full version of SQL Server 2005 or 2008.
Installation is pretty straightforward. ADMT will be installed on a Windows Server 2008 R2 server in the destination domain. Depending on the SQL edition used, a database may need to be created ahead of time. The biggest issue I’ve seen is trying to install ADMT on a domain controller. This is possible but requires some adjustments that can be found here.
Password Export Server Installation
In order to migrate user passwords, the install is slightly more complicated. First, you’ll need to create an encryption file which is generated on the ADMT server. From a command prompt type “admt key /option:create /sourcedomain:
Be sure to prepare your domains for a migration. The installation of ADMT is fairly simple, but preparing the domains for a successful migration requires a bit more preparation.