Solved

How to move user from a child domain to a parent domain

Posted on 2007-11-21
15
526 Views
Last Modified: 2008-02-01
Hi!
I need to move a user from one of our child domain (Windows Server 2003 Std) to the parent domain (Windows Server 2003 std).  Domain Functional Level is Windows 2003.  What is the best way to do that???
Thanks!
0
Comment
Question by:polycorjsp
  • 8
  • 4
  • 3
15 Comments
 
LVL 30

Expert Comment

by:LauraEHunterMVP
Comment Utility
For a single user, use the Active Directory Migration Toolkit, free download from MS available here: http://www.microsoft.com/downloads/details.aspx?FamilyID=6f86937b-533a-466d-a8e8-aff85ad3d212
0
 
LVL 51

Expert Comment

by:Netman66
Comment Utility
Right-click>Move?

0
 
LVL 30

Expert Comment

by:LauraEHunterMVP
Comment Utility
Does the ADUC Move option function in-between domains?  I thought it would only move within the OU structure of a single domain.
0
 

Author Comment

by:polycorjsp
Comment Utility
Do I install the Active Directory Migration tools on the Child Domain or the Parent domain?
0
 
LVL 51

Expert Comment

by:Netman66
Comment Utility
Sure does.

You must have the right to create users on both domains and it must be done from the source domain to the destination domain.

The destination domain should be in Native mode - that's covered according to the question.


See:

http://www.microsoft.com/technet/scriptcenter/guide/sas_usr_aznz.mspx?mfr=true
0
 
LVL 51

Expert Comment

by:Netman66
Comment Utility
Hmm..perhaps I was a bit hasty - you can't load up both domains in ADUC.....

I think this should be done using the scripts on that link.

I need a coffee..... :o(

0
 
LVL 51

Expert Comment

by:Netman66
Comment Utility
Moveuser.exe this should do it.

0
Comprehensive Backup Solutions for Microsoft

Acronis protects the complete Microsoft technology stack: Windows Server, Windows PC, laptop and Surface data; Microsoft business applications; Microsoft Hyper-V; Azure VMs; Microsoft Windows Server 2016; Microsoft Exchange 2016 and SQL Server 2016.

 

Author Comment

by:polycorjsp
Comment Utility
I've tried this and it dosen't work; i've never used scripting... :(

Set objOU = GetObject("LDAP://ou=move,cn=mroy,dc=child,dc=domain,dc=com")

objOU.MoveHere _
 "LDAP://cn=mroy,ou=move,dc=domain,dc=com", _
 vbNullString
0
 
LVL 51

Expert Comment

by:Netman66
Comment Utility
Man.....I'm smoking some serious crack today!  I should have to re-write my exam for being so brain dead....

Okay - my apologies for all the crappy advice I've given previously.  Bad day today.

Install the Reskit - it's free.

Use the Movetree utility to move the user.

movetree /start /s sourcedomain /d destination domain /sdn
CN=username,CN=users,DC=source,DC=com /ddn
CN=username,OU=users,DC=target,DC=com

you may need to add this at the end:

/u domain\adminuser

0
 
LVL 51

Expert Comment

by:Netman66
Comment Utility
To get the exact directory path (if you don't know it), install the Support Tools and use this command to get the syntax:

dsquery user -name "Sam Spade"

It should return a directory path to the object - this is the way you need to enter it in Movetree.

0
 
LVL 30

Accepted Solution

by:
LauraEHunterMVP earned 500 total points
Comment Utility
Movetree was for 2000, though.  2003 recommends ADMT except for objects that ADMT can't handle like contacts: http://technet2.microsoft.com/windowsserver/en/library/7ebf19b3-f395-425e-ad20-6c0a98af04c31033.mspx?mfr=true
0
 
LVL 51

Expert Comment

by:Netman66
Comment Utility
Damn.....batting a thousand today. :o)

I can't imagine why they included it in the 2003 Reskit if it's that ugly - but, hey, today it seems I have some serious issues...... :o)

0
 

Author Comment

by:polycorjsp
Comment Utility
Ok; the ADMT is downloaded on my child domain.
The user "mroy" is in the ou "move".  It should be move the the ou "Move" on the parent server. Can you help me on the syntax to be sure I don't mess everyting?
Thanks!
0
 

Author Comment

by:polycorjsp
Comment Utility
Is this the correct syntax:

movetree /check /s servername.childdomain.parentdomain.com /d servername.parentdomain.com /sdn OU=Move,dc=childdomain,dc=parentdomain,dc=com /ddn OU=Move,DC=partendomain,dc=com /u Partendomain\Administrator /p *
0
 
LVL 51

Expert Comment

by:Netman66
Comment Utility
You're missing the user object.

As Laura states, it's likely not wise to use this method but rather ADMT.

0

Featured Post

Free Trending Threat Insights Every Day

Enhance your security with threat intelligence from the web. Get trending threat insights on hackers, exploits, and suspicious IP addresses delivered to your inbox with our free Cyber Daily.

Join & Write a Comment

Scenerio: You have a server running Server 2003 and have applied a retail pack of Terminal Server Licenses.  You want to change servers or your server has crashed and you need to reapply the Terminal Server Licenses. When you enter the 16-digit lic…
Restoring deleted objects in Active Directory has been a standard feature in Active Directory for many years, yet some admins may not know what is available.
This video explains how to create simple products associated to Magento configurable product and offers fast way of their generation with Store Manager for Magento tool.
You have products, that come in variants and want to set different prices for them? Watch this micro tutorial that describes how to configure prices for Magento super attributes. Assigning simple products to configurable: We assigned simple products…

762 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

12 Experts available now in Live!

Get 1:1 Help Now