Domain Controller Cross Forest migration Part 3 (ADMT Installation)

ADMT 3.2 installation

Requirements

1. SQL express/full 2008 sp2
2. Windows 2012/R2 / Windows 2008 R2 for ADMT
3. Install PES on Source DC for Migrating Passwords

http://blogs.technet.com/b/askds/archive/2010/07/09/admt-3-2-common-installation-issues.aspx

• The server where you install ADMT can run any supported version of Windows Server, including Windows Server 2012 R2 and Windows Server 2012.
• The source and destination domain controllers must be writeable, but they can run any supported version of Windows Server with a user interface (not Server Core), including Windows Server 2012 R2 and Windows Server 2012.
• The source and destination domains must be at Windows Server 2003 domain functional level or higher.
• The computers that can be migrated can run any supported version of Windows, including Windows 8.1.
• You can use any version of SQL Server for the ADMT database.

From <https://technet.microsoft.com/en-us/library/active-directory-migration-tool-versions-and-supported-environments(v=ws.10).aspx>

ADMT user permissions:

From <https://social.technet.microsoft.com/Forums/windowsserver/en-US/fe44cdd4-ef11-4d73-801d-f37939d756bd/minimum-permissions-needed-for-admt-32-when-doing-an-interforest-migration-with-sid-history?forum=winserverMigration>

ADMT Migration Account

The account you run ADMT under will need to have administrative rights in both the source and destination domain. You may decide to create a user specifically for the ADMT Migration, or you may use an existing user e.g. the default administrator account. I will create a user called ADMT and assign this user the correct permissions. This is the account we will use for the entire migration.

It is recommended that you make the user account in the destination domain and make it a member of the domain administrators group.

destination Domain:

In the source domain add the same user to the builtin administrators group (you will be unable to add it to the domain administrators group).

Source Domain:

Installing ADMT

You should install ADMT and SQL onto a member server in the destination forest. Use the ADMT service account explained in the previous post to install SQL and ADMT.

ADMT requires a preconfigured instance of SQL Server for its underlying data store, so we’ll go ahead and install SQL 2008 SP1 Express on ADMT.contoso.com

Installing SQL Express 2008 SP2

SQL Express download here: https://www.microsoft.com/en-us/download/details.aspx?id=30438

Cause

This error is purely within SQL Express 2008 and is not really to do with ADMT 3.2. The issue is fixed in “Cumulative update package 4 for SQL Server 2008”.

Unhelpfully, this error is identified in KB975055 as being only for Windows 7 and that it was fixed by SP1 – both incorrect. The issue does affect Win2008 R2 and is only fixed by the cumulative update.

Resolution

Before installing SQL Server Express 2008 with SP1 (which will fail), first install:

Cumulative update package 4 for SQL Server 2008 

http://support.microsoft.com/kb/963036

Set an account for the SQL service to run under (use your ADMT Service Account).

Set a SQL administrator, choose the user account you plan to run ADMT under- be aware that this user account will need to have local administrative rights in the source domain (this will be discussed further in the series).

Download ADMT 3.2

https://onedrive.live.com/redir?resid=82488EABA4ACDB15!33497&authkey=!AF3kLtU8fl2_B0I&ithint=file%2cexe

Installing ADMT

For this series I will be using ADMT 3.2, which is the supported version for Server 2008 R2. Use ADMT 3.1 for installation on a Server 2008 non-R2 server, or ADMT 3.0 for Server 2003. If you need to migrate a 2000 Domain Server, you will need to use ADMT version 3.1 or earlier.

Update Junes 2014 – ADMT 3.2 now supports Windows Server 2012 / 2012 R2.

Next you can leave the default value be used for the SQL installation. 

Since this is a new installation then I won’t need to be importing any data from a previous database and will continue with the normal options.

 The Installation of the ADMT tool is finished and next we’ll be preparing Permission in the next series and starting migration of users, Groups, Computers  and i’ll talk about the issues that I had during the migration.