Solved

ADMT password sync

Posted on 2014-04-07
7
1,987 Views
Last Modified: 2014-05-06
Hi,

I'm currently in the progress of an AD migration from our current domain in Win2k3 to a new domain Win2008. We have scripted the user account migration. Migration is on-going and we noticed that at times after we have migrated the user and password, user has not logged in to the new domain but at the same time changed their password in the old domain. Thus when wanting to log in to the new domain, the passwords do not match.

I have searched for scripts to do this, but yet to find any. The only way so far is to remigrate the accounts as it will also migrate the password. Is there a way this can be scripted without doing it manually via the GUI.

Thanks in advance.
Arif
0
Comment
Question by:Ali_Junior
  • 2
  • 2
7 Comments
 
LVL 21

Expert Comment

by:dan_blagut
ID: 39986931
Hello

did you try to disable old account at the migration?

Dan
0
 

Author Comment

by:Ali_Junior
ID: 39987807
Hi Dan,

We are not disabling the account at the old domain, as we are running it parallel for the moment as users are still accessing resources at both domains. We'll have a hard date for the actual cut over. But at the same time we'd like to sync up passwords for both domains. Is it possible to be done via a daily script recon job or something like that? Thanks
0
 
LVL 21

Expert Comment

by:dan_blagut
ID: 39987954
I don't know how you can do the sync job, but when you migrate one account to the new domain you can use SSID history to go back in the old domain. We using same thing on ours multidomain to one migration plan and works excellent. Of course you can test that only on the new migrate accounts with this option.

Dan
0
 

Author Comment

by:Ali_Junior
ID: 39988029
I'm not sure if this will actually help. What I'm trying to achieve is that we can sync the passwords only from the old domain to the new domain on a daily basis. This is to cater to any change of passwords of the accounts in the old domain, so that it can be the same as the new domain. So that when the final cut over is done, users' password will be same as the old domain.
What I found so far are only account migration, which will take up more resource. What I would like to achieve is something like the GUI version where it allows password migration, but instead of GUI, i'd like it via script so that I can schedule daily batch jobs that will do sync jobs for all accounts in the domain.
0
 
LVL 15

Accepted Solution

by:
jrhelgeson earned 500 total points
ID: 40027587
Do you have a Password Export Server created?
ADMT uses PES to sync accounts and passwords - below is info provided by Microsoft on this very question (Link):

I meant it was clumsy to keep passwords in sync using ADMT - basically you would have to run a complete ADMT user merge migration every day.

Forever.

ADMT is designed only to migrate accounts one time, and maybe merge those accounts once or twice if your migration is taking weeks and you need to fix up group memberships. Once a domain has all its accounts migrated, you get rid of ADMT.

The only way to use ADMT is to actually migrate accounts; i.e. you cannot sync passwords for an account that was not migrated at least once with ADMT. ADMT stores everything in a migration database that it references, so you cannot use it as an arbitrary password syncing tool without actually migrating the user first.

So, correct - you cannot synch accounts using PES unless ADMT is being used to migrate the accounts. They are linked tools.
0

Featured Post

Free Tool: Postgres Monitoring System

A PHP and Perl based system to collect and display usage statistics from PostgreSQL databases.

One of a set of tools we are providing to everyone as a way of saying thank you for being a part of the community.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Last week, our Skyport webinar on “How to secure your Active Directory” (https://www.experts-exchange.com/videos/5810/Webinar-Is-Your-Active-Directory-as-Secure-as-You-Think.html?cid=Gene_Skyport) provided 218 attendees with a step-by-step guide for…
In-place Upgrading Dirsync to Azure AD Connect
This tutorial will walk an individual through the process of configuring their Windows Server 2012 domain controller to synchronize its time with a trusted, external resource. Use Google, Bing, or other preferred search engine to locate trusted NTP …
Windows 8 came with a dramatically different user interface known as Metro. Notably missing from that interface was a Start button and Start Menu. Microsoft responded to negative user feedback of the Metro interface, bringing back the Start button a…

821 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question