Solved

How to move user from a child domain to a parent domain

Posted on 2007-11-21
15
528 Views
Last Modified: 2008-02-01
Hi!
I need to move a user from one of our child domain (Windows Server 2003 Std) to the parent domain (Windows Server 2003 std).  Domain Functional Level is Windows 2003.  What is the best way to do that???
Thanks!
0
Comment
Question by:polycorjsp
  • 8
  • 4
  • 3
15 Comments
 
LVL 30

Expert Comment

by:LauraEHunterMVP
ID: 20329412
For a single user, use the Active Directory Migration Toolkit, free download from MS available here: http://www.microsoft.com/downloads/details.aspx?FamilyID=6f86937b-533a-466d-a8e8-aff85ad3d212
0
 
LVL 51

Expert Comment

by:Netman66
ID: 20329416
Right-click>Move?

0
 
LVL 30

Expert Comment

by:LauraEHunterMVP
ID: 20329431
Does the ADUC Move option function in-between domains?  I thought it would only move within the OU structure of a single domain.
0
Best Practices: Disaster Recovery Testing

Besides backup, any IT division should have a disaster recovery plan. You will find a few tips below relating to the development of such a plan and to what issues one should pay special attention in the course of backup planning.

 

Author Comment

by:polycorjsp
ID: 20329454
Do I install the Active Directory Migration tools on the Child Domain or the Parent domain?
0
 
LVL 51

Expert Comment

by:Netman66
ID: 20329455
Sure does.

You must have the right to create users on both domains and it must be done from the source domain to the destination domain.

The destination domain should be in Native mode - that's covered according to the question.


See:

http://www.microsoft.com/technet/scriptcenter/guide/sas_usr_aznz.mspx?mfr=true
0
 
LVL 51

Expert Comment

by:Netman66
ID: 20329475
Hmm..perhaps I was a bit hasty - you can't load up both domains in ADUC.....

I think this should be done using the scripts on that link.

I need a coffee..... :o(

0
 
LVL 51

Expert Comment

by:Netman66
ID: 20329493
Moveuser.exe this should do it.

0
 

Author Comment

by:polycorjsp
ID: 20329553
I've tried this and it dosen't work; i've never used scripting... :(

Set objOU = GetObject("LDAP://ou=move,cn=mroy,dc=child,dc=domain,dc=com")

objOU.MoveHere _
 "LDAP://cn=mroy,ou=move,dc=domain,dc=com", _
 vbNullString
0
 
LVL 51

Expert Comment

by:Netman66
ID: 20329618
Man.....I'm smoking some serious crack today!  I should have to re-write my exam for being so brain dead....

Okay - my apologies for all the crappy advice I've given previously.  Bad day today.

Install the Reskit - it's free.

Use the Movetree utility to move the user.

movetree /start /s sourcedomain /d destination domain /sdn
CN=username,CN=users,DC=source,DC=com /ddn
CN=username,OU=users,DC=target,DC=com

you may need to add this at the end:

/u domain\adminuser

0
 
LVL 51

Expert Comment

by:Netman66
ID: 20329637
To get the exact directory path (if you don't know it), install the Support Tools and use this command to get the syntax:

dsquery user -name "Sam Spade"

It should return a directory path to the object - this is the way you need to enter it in Movetree.

0
 
LVL 30

Accepted Solution

by:
LauraEHunterMVP earned 500 total points
ID: 20329641
Movetree was for 2000, though.  2003 recommends ADMT except for objects that ADMT can't handle like contacts: http://technet2.microsoft.com/windowsserver/en/library/7ebf19b3-f395-425e-ad20-6c0a98af04c31033.mspx?mfr=true
0
 
LVL 51

Expert Comment

by:Netman66
ID: 20329682
Damn.....batting a thousand today. :o)

I can't imagine why they included it in the 2003 Reskit if it's that ugly - but, hey, today it seems I have some serious issues...... :o)

0
 

Author Comment

by:polycorjsp
ID: 20329764
Ok; the ADMT is downloaded on my child domain.
The user "mroy" is in the ou "move".  It should be move the the ou "Move" on the parent server. Can you help me on the syntax to be sure I don't mess everyting?
Thanks!
0
 

Author Comment

by:polycorjsp
ID: 20329820
Is this the correct syntax:

movetree /check /s servername.childdomain.parentdomain.com /d servername.parentdomain.com /sdn OU=Move,dc=childdomain,dc=parentdomain,dc=com /ddn OU=Move,DC=partendomain,dc=com /u Partendomain\Administrator /p *
0
 
LVL 51

Expert Comment

by:Netman66
ID: 20330415
You're missing the user object.

As Laura states, it's likely not wise to use this method but rather ADMT.

0

Featured Post

Comprehensive Backup Solutions for Microsoft

Acronis protects the complete Microsoft technology stack: Windows Server, Windows PC, laptop and Surface data; Microsoft business applications; Microsoft Hyper-V; Azure VMs; Microsoft Windows Server 2016; Microsoft Exchange 2016 and SQL Server 2016.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

The HP utility "HP Lights-Out Online Configuration Utility for Windows Server 2003/2008" could be of great use when it comes to remotely configure a HP servers ILO WITHOUT rebooting the server. We would only need to create and run scripts using thi…
by Batuhan Cetin Within the dynamic life of an IT administrator, we hold many information in our minds like user names, passwords, IDs, phone numbers, incomes, service tags, bills and the order from our wives to buy milk when coming back to home.…
Email security requires an ever evolving service that stays up to date with counter-evolving threats. The Email Laundry perform Research and Development to ensure their email security service evolves faster than cyber criminals. We apply our Threat…
Finds all prime numbers in a range requested and places them in a public primes() array. I've demostrated a template size of 30 (2 * 3 * 5) but larger templates can be built such 210  (2 * 3 * 5 * 7) or 2310  (2 * 3 * 5 * 7 * 11). The larger templa…

773 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question