Solved

ADMT password sync

Posted on 2014-04-07
7
2,102 Views
Last Modified: 2014-05-06
Hi,

I'm currently in the progress of an AD migration from our current domain in Win2k3 to a new domain Win2008. We have scripted the user account migration. Migration is on-going and we noticed that at times after we have migrated the user and password, user has not logged in to the new domain but at the same time changed their password in the old domain. Thus when wanting to log in to the new domain, the passwords do not match.

I have searched for scripts to do this, but yet to find any. The only way so far is to remigrate the accounts as it will also migrate the password. Is there a way this can be scripted without doing it manually via the GUI.

Thanks in advance.
Arif
0
Comment
Question by:Ali_Junior
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 2
  • 2
7 Comments
 
LVL 22

Expert Comment

by:dan_blagut
ID: 39986931
Hello

did you try to disable old account at the migration?

Dan
0
 

Author Comment

by:Ali_Junior
ID: 39987807
Hi Dan,

We are not disabling the account at the old domain, as we are running it parallel for the moment as users are still accessing resources at both domains. We'll have a hard date for the actual cut over. But at the same time we'd like to sync up passwords for both domains. Is it possible to be done via a daily script recon job or something like that? Thanks
0
 
LVL 22

Expert Comment

by:dan_blagut
ID: 39987954
I don't know how you can do the sync job, but when you migrate one account to the new domain you can use SSID history to go back in the old domain. We using same thing on ours multidomain to one migration plan and works excellent. Of course you can test that only on the new migrate accounts with this option.

Dan
0
 

Author Comment

by:Ali_Junior
ID: 39988029
I'm not sure if this will actually help. What I'm trying to achieve is that we can sync the passwords only from the old domain to the new domain on a daily basis. This is to cater to any change of passwords of the accounts in the old domain, so that it can be the same as the new domain. So that when the final cut over is done, users' password will be same as the old domain.
What I found so far are only account migration, which will take up more resource. What I would like to achieve is something like the GUI version where it allows password migration, but instead of GUI, i'd like it via script so that I can schedule daily batch jobs that will do sync jobs for all accounts in the domain.
0
 
LVL 15

Accepted Solution

by:
jrhelgeson earned 500 total points
ID: 40027587
Do you have a Password Export Server created?
ADMT uses PES to sync accounts and passwords - below is info provided by Microsoft on this very question (Link):

I meant it was clumsy to keep passwords in sync using ADMT - basically you would have to run a complete ADMT user merge migration every day.

Forever.

ADMT is designed only to migrate accounts one time, and maybe merge those accounts once or twice if your migration is taking weeks and you need to fix up group memberships. Once a domain has all its accounts migrated, you get rid of ADMT.

The only way to use ADMT is to actually migrate accounts; i.e. you cannot sync passwords for an account that was not migrated at least once with ADMT. ADMT stores everything in a migration database that it references, so you cannot use it as an arbitrary password syncing tool without actually migrating the user first.

So, correct - you cannot synch accounts using PES unless ADMT is being used to migrate the accounts. They are linked tools.
0

Featured Post

Visualize your virtual and backup environments

Create well-organized and polished visualizations of your virtual and backup environments when planning VMware vSphere, Microsoft Hyper-V or Veeam deployments. It helps you to gain better visibility and valuable business insights.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Always backup Domain, SYSVOL etc.using processes according to Microsoft Best Practices. This is meant as a disaster recovery process for small environments that did not implement backup processes and did not run a secondary domain controller that ne…
Auditing domain password hashes is a commonly overlooked but critical requirement to ensuring secure passwords practices are followed. Methods exist to extract hashes directly for a live domain however this article describes a process to extract u…
To efficiently enable the rotation of USB drives for backups, storage pools need to be created. This way no matter which USB drive is installed, the backups will successfully write without any administrative intervention. Multiple USB devices need t…
This tutorial will show how to configure a new Backup Exec 2012 server and move an existing database to that server with the use of the BEUtility. Install Backup Exec 2012 on the new server and apply all of the latest hotfixes and service packs. The…

630 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question