How to Set Up ADMT for a Windows NT 4.0-to-Windows Server 2003 Migration?
MS KB 326480 has more info:
This article describes how to set up the Active Directory Migration Tool (ADMT) to perform a migration from a Windows NT 4.0-based domain to a Windows Server 2003-based domain.
You can use the ADMT to migrate users, groups, and computers from one domain to another, and to analyze the migration impact before and after the actual migration process. Make sure that you run ADMT from the primary domain controller (PDC) that is the Flexible Single Master Operation (FSMO) role holder in the target domain.
How to Set Up ADMT for a Windows NT 4.0-to-Windows Server 2003 Migration
Before you upgrade a Windows NT 4.0 domain to a Windows Server 2003-based domain, the following domain and security configurations are required.
Note: This article assumes that the source domain is running Windows NT 4.0 Service Pack 4 (SP4) or later with 128-Bit encryption, and that the target domain is a Windows Server 2003-based domain in native mode. Also, the Windows Server 2003 must have 128-Bit encryption (which comes as a default setting in Windows 2003).
- Configure the source domain to trust the target domain.
- Configure the target domain to trust the source domain.
- Add the Domain Admins global group from the source domain to the Administrators local group in the target domain.
- Add the Domain Admins global group from the target domain to the Administrators local group in the source domain.
- Create a new local group in the source domain called Source Domain$$$.
Note: There must be no members in this group.
- Enable auditing for the success and failure of user and group management on the source domain.
- Enable auditing for the success and failure of Audit account management on the target domain in the Default Domain Controllers policy.
- On the PDC in the source domain, add the TcpipClientSupport:REG_DWORD:0x1 value to the following registry key:
- Administrative shares must exist on the domain controller in the target domain on which you run ADMT, and on any computers on which an agent must be dispatched.
- You must log on to the computer on which you run ADMT with an account that has the following permissions:
- Domain Administrator rights in the target domain.
- A member of the Administrators group in the source domain.
- Administrator rights on each computer that you migrate.
- Administrator rights on each computer on which you translate security.
- You will have the appropriate rights when you log on to the PDC that is the FSMO role holder in the target domain with the Source Domain\Administrator account, assuming that the Source Domain\Domain Administrators group is a member of the Administrators group on each computer.
Download Active Directory Migration Tool v2.0 (4.7mb)
For more information about how to use ADMT to perform a migration, see ADMT Help. Start the Active Directory Migration Tool, click Help Topics on the Help menu, click the Contents tab, and then click Active Directory Migration Tool.
Active Directory Migration Tool Overview
How to use Active Directory Migration Tool version 2 to migrate from Windows 2000 to Windows Server 2003 – 326480
HOW TO: Set Up ADMT for a Windows NT 4.0-to-Windows Server 2003 Migration – 325851
More in Active Directory
How to Fix the "An Active Directory Domain Controller for the Domain Could Not Be Contacted" Error
Jun 20, 2022 | Michael Reinders
How to Delete a Protected OU in Active Directory
Jun 8, 2022 | Michael Reinders
Learn How Organizations Are Using Semperis Purple Knight to Secure Active Directory
Jun 7, 2022 | Russell Smith
Microsoft Announces Entra, A New Identity and Access Management Suite
May 31, 2022 | Rabia Noureen
Microsoft Releases Out-Of-Band Patches to Fix Windows AD Authentication Issues
May 20, 2022 | Rabia Noureen
Cloud Conversations – Ståle Hansen on Digital Wellbeing and Viva Explorers
May 19, 2022 | Laurent Giret
Most popular on petri