Go Premium for a chance to win a PS4. Enter to Win

x
  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 2230
  • Last Modified:

ADMT password sync

Hi,

I'm currently in the progress of an AD migration from our current domain in Win2k3 to a new domain Win2008. We have scripted the user account migration. Migration is on-going and we noticed that at times after we have migrated the user and password, user has not logged in to the new domain but at the same time changed their password in the old domain. Thus when wanting to log in to the new domain, the passwords do not match.

I have searched for scripts to do this, but yet to find any. The only way so far is to remigrate the accounts as it will also migrate the password. Is there a way this can be scripted without doing it manually via the GUI.

Thanks in advance.
Arif
0
Ali_Junior
Asked:
Ali_Junior
  • 2
  • 2
1 Solution
 
dan_blagutCommented:
Hello

did you try to disable old account at the migration?

Dan
0
 
Ali_JuniorAuthor Commented:
Hi Dan,

We are not disabling the account at the old domain, as we are running it parallel for the moment as users are still accessing resources at both domains. We'll have a hard date for the actual cut over. But at the same time we'd like to sync up passwords for both domains. Is it possible to be done via a daily script recon job or something like that? Thanks
0
 
dan_blagutCommented:
I don't know how you can do the sync job, but when you migrate one account to the new domain you can use SSID history to go back in the old domain. We using same thing on ours multidomain to one migration plan and works excellent. Of course you can test that only on the new migrate accounts with this option.

Dan
0
 
Ali_JuniorAuthor Commented:
I'm not sure if this will actually help. What I'm trying to achieve is that we can sync the passwords only from the old domain to the new domain on a daily basis. This is to cater to any change of passwords of the accounts in the old domain, so that it can be the same as the new domain. So that when the final cut over is done, users' password will be same as the old domain.
What I found so far are only account migration, which will take up more resource. What I would like to achieve is something like the GUI version where it allows password migration, but instead of GUI, i'd like it via script so that I can schedule daily batch jobs that will do sync jobs for all accounts in the domain.
0
 
jrhelgesonCommented:
Do you have a Password Export Server created?
ADMT uses PES to sync accounts and passwords - below is info provided by Microsoft on this very question (Link):

I meant it was clumsy to keep passwords in sync using ADMT - basically you would have to run a complete ADMT user merge migration every day.

Forever.

ADMT is designed only to migrate accounts one time, and maybe merge those accounts once or twice if your migration is taking weeks and you need to fix up group memberships. Once a domain has all its accounts migrated, you get rid of ADMT.

The only way to use ADMT is to actually migrate accounts; i.e. you cannot sync passwords for an account that was not migrated at least once with ADMT. ADMT stores everything in a migration database that it references, so you cannot use it as an arbitrary password syncing tool without actually migrating the user first.

So, correct - you cannot synch accounts using PES unless ADMT is being used to migrate the accounts. They are linked tools.
0

Featured Post

Technology Partners: We Want Your Opinion!

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

  • 2
  • 2
Tackle projects and never again get stuck behind a technical roadblock.
Join Now