Microsoft Azure AZ-801 — Section 16: Migrate workloads from previous versions to Server 2022, IIS workloads, & AD DS Part 4
99. Migrate AD DS objects using Active Directory Migration Tool
Let’s talk about the concepts now of using the Active Directory migration tool to migrate objects from one domain to another.
So, to understand this, we’re going to make a couple of domains here. All right. One will be a source domain and one will be a target domain. Right. Let’s see. All right. And so right here, we will call this source domain.com and this will be called destination domain.com. All right.
Obviously, in the real world, these would have a name, right? The name of the company or whatever, maybe, you know, this is a scenario where one company is bought another company and they want to migrate their users into it.
So, you’ve got one company absorbing another company and that’s sort of the way you want to look at it. I’d say that’s one of the most common things that would that go on here. Obviously, both domains are going to have domain controllers. Right. And domain controllers are where Active Directory lives.
So, you’re going to have the little the little cylinder symbols here for your Active Directory database. And both domains are going to have that. All right. These two domain controllers will represent domain controllers for source domain. And these two will represent will say for the destination domain. All right. The other ingredient, of course, that every domain must have is they must have a DNS server. Right. And the DNS server is going to house the DNS database for that domain. Right. So, your source domain is going to have a DNS server that has a database on it. Right. And so will your destination. All right. So, both sides there are going to have a DNS database. And just to kind of color code database colors will make this one red. That database, and then we will make this other one blue. Right. So, the destination.com will be blue. We’ll just plug that in. All right.
The first thing, of course, it has to happen when you’re going to do a migration is the two domains must trust each other. And in order to see each other there, dance must see each other. The most common way that people will do this is they will make sure they have connectivity.
So, there does have to be connectivity between the domains, right? Some form of connectivity. Um. Connectivity. This could this could happen by a VPN connection. Across the internet there could be a telecommunications connection. It could be one of those things where, you know, the one company this person’s and the other company, they set up a telecommunications connection between the two buildings.
Somehow it doesn’t matter. You just got to establish connectivity. Basically, these two DNS servers need to be able to talk to each other and they need to be able to ping each other back and forth. All right. So, if we’re using a 192.168.1.100 for this one and then, maybe, this guy over here is like ten 006 or something. Then that’s fine. They just need to be able to ping each other. They need to be able to see each other. All right. Needs to be connectivity from there. What we can do is we can set up what’s called conditional forwarding. This is all stuff you should be aware of. You should already know how to do all of this stuff.
Sort of prerequisite for what we’re learning here. You should already know about DNS and you should already know how to make DNS servers talk to each other. But I’m just kind of refreshing your memory here. You would do what is called a conditional forwarder, so you would set up a conditional forwarder. Forwarder. That says for destination domain.com. Point 210.0.0.6. Right. And then over here on this DNS server, you would have a conditional forwarder. For source.com domain.com which would be 192.168.1.100. And that would be the most common way to do it. You could set up secondary databases. There’s other ways you could go about doing it, but essentially. These two DNS servers have to be able to see each other in order to make this work. They absolutely have to be able to see each other. I’m just going to move these out of the way because I am going to have to make some more room here. They’ve got to be able to see each other. By name. They’ve got to be able to ping each other. You got connectivity. Once that’s done, now you can officially set up a trust relationship, right? So I could do a trust relationship which is usually represented by a line. All right. And this is called a forest trust. Forest Trust. All right. Between the domains. All right. And you should already know how to do that as well. That’s all stuff that you should know. Coming into this course is how to establish a trust relationship. All right, so we establish a trust relationship, and then at that point, we are ready to get the Active Directory migration tool and all that go. And we do need I’m sorry, there was one other thing we need to do. We need to have domain admins. Domain admins, group. Needs to contain admin from destination domain. All right. And that needs to be done over here. And then same thing over here. Domain admins Group. Needs to contain an admin from the source domain. And that needs to be done over here. All right.
All that’s got to be done. That’s very easy stuff. You set the trust relationship up. You put the admin the group for each domain a way you go, the next thing it has to happen is you have to install on a server and most people will do this on a domain controller. You have to install SQL Server Express, so you go out to the internet. And you download. For free. Just do a Google search on SQL Server Express and install a database. You just run through the wizard. It’ll ask you what you want to call the database. You could call it something like migration DB or something, and you can install that on a server. ON Most people just put it on a domain controller and you’re going to do the same thing over here. You do it in source and destination. All right.
So, we’ll do it over here as well. There we go. And then we’re going to install the admin tool. And you can do that really in the source or destination domain. It does not matter which one you can go to. Google, do a search for download AT&T, That’s the Active Directory migration tool. And you’re going to install the Active Directory migration tool on a server. You’re going to point it. When you run through the wizard on it, you will point it to the database. It’ll ask you where the database is at. You’ll point it to the database. At that point, it’s very easy. You run through the wizard, it’ll ask you what is the name of the source domain, which is this one source domain.com. What is the what is the name of the destination domain destination.com. It will verify that the two DNS servers can see each other. It will ask you what you would like to migrate and it will allow you to migrate your objects from the source domain to the Active Directory of the destination domain. The user accounts from the source domain will begin populating into the destination domain. And if you wanted to shut this domain down, once all that happens, you could so again, imagine a scenario where this destination domain has purchased that source domain and the employees are no longer going to be part of that domain. You want them to be part of the destination., maybe, you’re dealing with like 4000 users. Obviously, you don’t want to create 4000 users over on the destination domain. Right.
So, the goal of using ADMT is to migrate it all over so that you’re not having to recreate all those user accounts and passwords and all that stuff. Right.
So, this is just going to make life a lot easier. And it’s a pretty easy strategy. The hardest part about it really is just making sure that the DNS servers can see each other. And that’s what I want you to remember. Establish that trust relationship. Make sure you have an admin from each domain there, and then you’re going to install SQL Server Express. From there you’ll have this. You’ll use the ADMT tool, the Active Directory migration tool, and then you can perform the migration. The wizard basically walks you through it step by step. All right. And so that is how we perform a migration of Active Directory Domain Services from one domain to another using the Microsoft ADMT.