Here is a short list for using ADMT 3.0
1) Install ADMT
Installing Password Export Server Service
2) Create ADMT Password Migration Key with
admt key /option:create /sourcedomain:DOMAIN /keyfile:c:key /keypassword:Password01
3) Move the keyfile and the Pwdmig.msi file to the new source server and install the file
Note: Use another account than LocalSystem for ease of use later.
4) Edit the key HKEY_LOCAL_MACHINESYSTEMCurrentControlSet
ControlLsaAllowPasswordExport and set it to 1
5) Start the Password Export Server Service
6) Add the Service Account to Domain Admins in the target domain
7) Add the account running ADMT to the Domain Admins in the source domain (or run the as an admin
account for source domain)
8) Run ADMT
Migrating Users
Troubleshooting for User Migration
If you get the following error:
2006-03-06 14:07:25 ERR2:7435 SID History cannot be updated for USERNAME. This operation requires the TcpipClientSupport registry key to be set on domain.local. Changes to the TcpipClientSupport registry key require a restart to take effect. rc=6.
Try running the migration as a domain admin from the source domain. It needs to be added to the domain admins in the target domain.
Migrate Computers
It is important that computer migration is run as administrator for the source domain otherwice the Pre-Check will not work
Leave a Reply