The Security Translation Options page of the Computer Migration Wizard specifies how the Active Directory Migration Tool (ADMT) handles the security translation process.
The Security Translation Options page has the following options:
- Replace
Select this option to replace the security identifier (SID) for the account in the source domain with the SID for the account in the target domain in the access control lists (ACLs) and system access control lists (SACLs). This option gives the account in the target domain the same permissions on the selected objects that the account in the source domain has. This option also removes these permissions from the account in the source domain.
When you perform an intraforest migration, ADMT migrates the SID history and deletes the source object. Therefore, when you perform an intraforest migration, ADMT allows security translation only in Replace mode.
- Add
Select this option to add the SID for the account in the target domain to the ACLs and SACLs in the security descriptors of the selected objects that contain the SID for the account in the source domain. This option gives the account in the target domain the same permissions to the selected objects that the account in the source domain has.
- Remove
Select this option to remove the SID for the account in the source domain from the ACLs and SACLs in the security descriptors of the selected objects. This option removes the permissions to the selected objects from the account in the source domain.