Solved

ADMT password sync

Posted on 2014-04-07
7
1,903 Views
Last Modified: 2014-05-06
Hi,

I'm currently in the progress of an AD migration from our current domain in Win2k3 to a new domain Win2008. We have scripted the user account migration. Migration is on-going and we noticed that at times after we have migrated the user and password, user has not logged in to the new domain but at the same time changed their password in the old domain. Thus when wanting to log in to the new domain, the passwords do not match.

I have searched for scripts to do this, but yet to find any. The only way so far is to remigrate the accounts as it will also migrate the password. Is there a way this can be scripted without doing it manually via the GUI.

Thanks in advance.
Arif
0
Comment
Question by:Ali_Junior
  • 2
  • 2
7 Comments
 
LVL 21

Expert Comment

by:dan_blagut
ID: 39986931
Hello

did you try to disable old account at the migration?

Dan
0
 

Author Comment

by:Ali_Junior
ID: 39987807
Hi Dan,

We are not disabling the account at the old domain, as we are running it parallel for the moment as users are still accessing resources at both domains. We'll have a hard date for the actual cut over. But at the same time we'd like to sync up passwords for both domains. Is it possible to be done via a daily script recon job or something like that? Thanks
0
 
LVL 21

Expert Comment

by:dan_blagut
ID: 39987954
I don't know how you can do the sync job, but when you migrate one account to the new domain you can use SSID history to go back in the old domain. We using same thing on ours multidomain to one migration plan and works excellent. Of course you can test that only on the new migrate accounts with this option.

Dan
0
 

Author Comment

by:Ali_Junior
ID: 39988029
I'm not sure if this will actually help. What I'm trying to achieve is that we can sync the passwords only from the old domain to the new domain on a daily basis. This is to cater to any change of passwords of the accounts in the old domain, so that it can be the same as the new domain. So that when the final cut over is done, users' password will be same as the old domain.
What I found so far are only account migration, which will take up more resource. What I would like to achieve is something like the GUI version where it allows password migration, but instead of GUI, i'd like it via script so that I can schedule daily batch jobs that will do sync jobs for all accounts in the domain.
0
 
LVL 15

Accepted Solution

by:
jrhelgeson earned 500 total points
ID: 40027587
Do you have a Password Export Server created?
ADMT uses PES to sync accounts and passwords - below is info provided by Microsoft on this very question (Link):

I meant it was clumsy to keep passwords in sync using ADMT - basically you would have to run a complete ADMT user merge migration every day.

Forever.

ADMT is designed only to migrate accounts one time, and maybe merge those accounts once or twice if your migration is taking weeks and you need to fix up group memberships. Once a domain has all its accounts migrated, you get rid of ADMT.

The only way to use ADMT is to actually migrate accounts; i.e. you cannot sync passwords for an account that was not migrated at least once with ADMT. ADMT stores everything in a migration database that it references, so you cannot use it as an arbitrary password syncing tool without actually migrating the user first.

So, correct - you cannot synch accounts using PES unless ADMT is being used to migrate the accounts. They are linked tools.
0

Join & Write a Comment

Synchronize a new Active Directory domain with an existing Office 365 tenant
ADCs have gained traction within the last decade, largely due to increased demand for legacy load balancing appliances to handle more advanced application delivery requirements and improve application performance.
This tutorial will walk an individual through the steps necessary to configure their installation of BackupExec 2012 to use network shared disk space. Verify that the path to the shared storage is valid and that data can be written to that location:…
With the advent of Windows 10, Microsoft is pushing a Get Windows 10 icon into the notification area (system tray) of qualifying computers. There are many reasons for wanting to remove this icon. This two-part Experts Exchange video Micro Tutorial s…

746 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

9 Experts available now in Live!

Get 1:1 Help Now