How To Migrate User Accounts and Passwords in Active Directory

Contrary to popular belief, it’s possible to migrate Active Directory User Accounts and their passwords . This Document will provide you a detailed step by step guide for migrating Active Directory users and Passwords. This document has created based on below assumptions.

  • You have a working Active Directory in RUH1 (Considered to be the source AD).

  • You have another Active Directory with same specs in RUH2 (Considered to be destination AD).

  • Both AD can communicate together over Network.

Before you Begin

  • You have to setup conditional forwarders between Domains. You can refer to Microsoft Technet for understanding Conditional forwarding.

  • Once the conditional forwarders are in Place, you must setup a Two-Way Active Directory Trust in order to authenticate between the two domains. You can read about how to setup this in Microsoft Technet.

Download below Applications

  1. Active Directory Migration Tool (ADMT)

  2. Password Export Server (PES)

Install Both application in your Source AD

Start the Migration

Create an Encryption File to be used during the password . Run the Below in CMD / Powershell

admt key /option:create /sourcedomain:DOMAIN.local /keyfile:C:\ADMTKey /keypassword:Migration@123!

This will create the encryption key at the location you choose. Please be sure to also update Domain.local and Migration@123! with appropriate information.