Upgrading a Windows 2000 domain to Windows Server 2003 is a relativley easy procedure however moving from an old domain to a new one is not as easy. Thankfully Microsoft offers the Active Directory Migration Toolkit to ease this process.
ADMT allows you to migrate users, computers, groups and other AD objects from one domain to another. ADMT can also be used to migrate ftom NT to 2000/2003 or to restructure current 2000 and 2003 domains. It also allows you to run an analysis before and after you run the migration and to roll back changes in the event something did not work correctly. One really cool feature is that ADMT calle sIDHistory allows users to retain their pre-migration access rights to files, shares, and other resources. In essence this keeps the old domains security structure in place in the new domain. ADMT is included on the Windows Server 2003 install media under i386\ADMT and needs to be installed on a member computer in either the source, or the target domain (target is recommended) that is running one fo the following operating systems.
- Windows 2000 Pro
- Windows XP Pro
- Windows 2000 Server
- Windows Server 2003
ADMT also has specific permissions requirements. The user performing the migration needs
- Domain Admin rights in the source domain
- Local Admin rights on all computers being migrated -C$ and Admin$ shares on each computer to be migrated
- Rights to create accounts in the target domain
Also, you must configure the source domain to trust the target, and configure the target to trust the source. The second trust is optional, but recommended. It is easiest to configure a two way trust from within the target Windows Server 2003 domain.
Finally, the target domain must be in Windows 2000 Native Mode or higher. Installing ADMT is pretty straight-forward, once the install is complete you can launch it from the Administrative Tools menu.
