Understanding Active Directory Migration
Active Directory migration is one of the most complex IT operations an organization can undertake. Whether you are consolidating two company domains after a merger, restructuring your OU layout, or moving to a new forest, user profiles must follow the users. ProfWiz makes the profile migration component of AD migration manageable, reliable, and repeatable.
Migration Scenarios ProfWiz Handles
- Single forest, domain rename: The domain DNS name changes but the SID history is preserved
- Single forest, domain restructure: Users move from a child domain to the forest root or vice versa
- Cross-forest migration: Users move from one AD forest to an entirely separate one (new SIDs, no SID history)
- Workgroup to domain: PCs that were never domain-joined get incorporated into AD
Pre-Migration Checklist
- Confirm Active Directory is healthy (run
dcdiagon all DCs) - Verify DNS is resolving both source and target domains from all workstations
- Create all target domain accounts before migrating any profiles
- Export a mapping of source accounts to target accounts
- Test ProfWiz on 5 pilot machines across different user roles
- Communicate the migration timeline to end users
- Schedule migrations outside business hours where possible
Single-Forest Migration Steps
In a single-forest migration, SID history can be enabled, which means some profile associations may carry over automatically. However, running ProfWiz still ensures the profile is cleanly associated with the new account and that all ACLs are updated.
- Run the Active Directory Migration Tool (ADMT) to copy accounts to the target domain
- After ADMT completes, join workstations to the target domain
- Run ProfWiz on each workstation specifying the target domain account
- Verify profile access, then remove or disable the source domain accounts
Cross-Forest Migration Steps
Cross-forest migrations are more complex because SID history is not available. ProfWiz handles this cleanly:
- Establish a trust between source and target forests (or complete all preparation before dissolving the source)
- Provision target accounts in the new forest
- Join workstations to the target forest domain
- Run ProfWiz specifying the new forest account:
ProfWiz.exe /domain:NEWFOREST /user:username /MigrateLocalProfile /Silent - ProfWiz remaps the old SID to the new forest SID throughout the profile registry and ACLs
Group Policy Considerations
After migrating profiles, users will receive new Group Policy from the target domain. Review these areas:
- Mapped drives (GPP Drive Maps) β verify connection to correct shares
- Printer deployments β GPP Printers should deploy automatically to migrated users
- Software deployments β ensure target-domain GPOs are equivalent to source
- Folder redirection β if enabled in the source domain, plan the redirection path for the target
Handling Roaming Profiles
If users have roaming profiles stored on a file server, the migration involves two steps:
- Move the roaming profile folders to a path accessible to the target domain
- Update the user's profile path attribute in Active Directory for the target account
- Run ProfWiz to remap SID references within the roaming profile
Post-Migration Validation
After migrating a workstation, have the user log in and verify:
- Desktop, Documents, and Downloads folders are intact
- Outlook connects to Exchange without credential prompts
- Mapped drives are accessible
- Printers are available
- Business-critical applications launch and function correctly
Rollback Plan
If a migrated workstation has severe issues, the rollback procedure is:
- Rejoin the machine to the source domain
- Restore the profile backup made before migration
- Update the
ProfileListregistry key to point to the restored profile - Log in as the original account to confirm data is intact
Conclusion
Active Directory migration is complex, but the user profile component does not have to be. ProfWiz handles the most difficult part β SID remapping and ACL updates β automatically and reliably. By planning carefully, piloting thoroughly, and following the steps above, you can complete your AD migration with minimal disruption to end users.