I am looking at doing a cross forest AD migration from SBS 2003 to SBS 2011. I have a new server that runs SBS 2011 with a new domain name and am looking at moving all the user profiles from say old.local to new.local.
There's only around 12 users so this is not a big move.
I was going forward with using ADMT, and upon setting up trusts between SBS 2003's forest and SBS 2011's forest I found out SBS 2003 does not support trusts with other domains. It therefore appears I cannot use ADMT as it tells me "ADMT is unable to connect to domain controller" "Access is denied. (0x80070005)" which I believe is due to cross forest trusts.
The reason I wanted to migrate AD was that I was under the assumption with migrating AD I can preserve the user's SIDs and therefore when they log on their PC in a new domain they will use the same user profile on the PC after a domain change. All of their Desktop/Documents/Settings/Etc will not have to be copied between profiles under C:\Users. I also don't like having profiles names under C:\Users\ such as 'account' and 'account.new' which you get when a users logs in with the same account name but new SID to my understanding.
I only need to copy users as the Security Groups have been completely redone, and Exchange mailboxes I can do manually between the servers with export/import (unless there's a faster way).
Is it possible for me to migrate all the users between the servers? Or should I simply recreate the user accounts on the new server and manually copy their profiles at all of their desktops?
I might suggest a migration of AD from SBS 2003 to SBS 2011 rather than just migrating security principals (retaining the existing AD domain rather than migrating to a new AD domain). Microsoft has documentation to assist in doing this, but I've found the SBS kits at www.sbsmigration.com are rather inexpensive and easier to follow than Microsoft's documentation.
User contributions licensed under CC BY-SA 3.0