Enterprise Mobility and Security Blog

RSS

 

Whenever we release a new product or suite of products we at Microsoft want to ease the adoption of it.  For that reason we’ve released tools and scripts over the years to help our customers out.  We’ve typically given these as free downloads from the internet, and (I know my opinion is skewed here) frankly we have had some really great freebies.

 

With Server 2008 it is no different.  We are working on an updated version of our Active Directory Migration Tool (ADMT) which is designed to work with Windows Vista and Server 2008.  This version is number 3.1; if you’ll recall the previous version is 3.0 which can be downloaded here.  In addition to the great tool that is we have an awesome Migration Guide which is there to help.

 

So why the blog post?  Well, first is to get the word out about what we have.  Secondly, to set everyone’s expectations on when we will have ADMT v3.1 available.  Thirdly, to discuss some ways you can use ADMT v3.0 in a migration that contains a mix of Server 2008 and Windows Vista with other Windows platforms.  Finally, to encourage everyone to contact Microsoft Customer Service and Support if and when you have difficulties.

 

So for the second point: when will ADMT v3.1, designed and tested to work well with 2008 and Vista, be available?  I don’t have a firm answer, but the general idea is soon.  I’ll caution everyone that dates for this sort of thing change as part of the process and that any specific time I quote could be way off.  Add to that the fact that I am not a person on that development team and you have the word that describes what I’m about to tell you: hearsay.  Having said all of that I would expect ADMT to be available by August 2008.    Remember this could be way off-and if it is the reason will almost certainly to make sure it’s a better product.  So patience pays off, right?

 

Better yet there will be a beta for ADMT v3.1 I expect.  Keep an eye out for betas you can enroll in by checking your account at https://connect.microsoft.com/ early and often under the Available Connections button.  Don’t have an account there?  Get one!  Using Connect is your best way to get a head start on knowing an upcoming product as well as getting your personal experience and feedback heard.

 

Now for some discussion about some methods and expectations if you were to try and use ADMT v3.0 to migrate in an environment which contains Server 2008 or Windows Vista (from here on we’ll call those mixed environments).

 

The table below gives a good overview of what we have seen in some informal testing with ADMT v3.0 and mixed environments.  Marked in painfully bright highlighter yellow are the scenarios where things are expected to work. I’ve also attached this matrix to the post as a monolithic HTML file you can download…I know browser windows are not always good to read this kind of thing in.

 

Source Domain

Target Domain

WS03 ADMT Console joined domain

WS03 ADMT Console logon Account

ADMT Operation

Results

Server 2003

Server 2008

Source

Source Domain Admins (DA)

User

Failed with “Invalid handle”

 

 

 

 

Computer

Failed with “Invalid handle” to create new computer account in target

Server 2003

Server 2008

Source

Target Domain Admins (DA)

User

Succeed

Server 2003 

Server 2008 

Source 

Target Domain Admins (DA) 

Computer

Succeed after adding target DA to client local administrators group (able to create computer account, join to target domain and complete security translation)

Server 2003

Server 2008

Target

Target Domain Admins (DA)

User

Succeed

Server 2003 

Server 2008 

 Target

 Target Domain Admins (DA)

Computer

Succeed after adding target DA to client local administrators group (able to create computer account, join to target domain and complete security translation)

Server 2003

Server 2008

Target

Source Domain Admins (DA)

User

Failed with “Invalid handle”

Server 2003

Server 2008

Target

Source Domain Admins (DA)

Computer

Failed with “Invalid handle” to create new computer account in target

 

 

So how can you migrate using the ADMT v3.0 version with your mixed environment?  Well, here are a few things to make sure and do in order for that to work:

 

·         Add target DA account to WS03 ADMT console machine local administrators group

·         Logon to Server 2003 ADMT console using target DA account

·         Add target DA account to the XP clients local administrators group (by GP or other method)

·         Run computer migration with or w/o security translation options from ADMT console

 

Things to keep in mind:

·         ADMT v3.0 computer migrationsecurity translation will not work for Vista client or Server 2008 member servers.

·         ADMT v3.0 will not install on, or allow upgrade to if already installed, Server 2008. 

·         ADMT v3.0 migration from a Server 2008 domain source has not been tested and will be addressed by ADMT v3.1.

 

So as a final point I want to reiterate is that I encourage people to contact us if we can help with your migration to and adoption of Server 2008.  It is a truly awesome product and our goal is to help people implement it, use it and reap all the benefits it can provide.

 

 

ADMT Mixed Env Matrix.mht