Migrates user accounts and service accounts from a source domain that you specify to a target domain that you specify.
Admt user is a command-line tool that is available in the Active Directory Migration Tool (ADMT).
For examples of how this command can be used, see Examples.
Syntax
admt user /n "<UserName>"[ "<UserName2>"] /sd:<SourceDomain> /td:<TargetDomain> admt user /n "<UserName>"[ "<UserName2>"] /o:<OptionFilename>
Parameters
Parameter | Description | ||||
---|---|---|---|---|---|
/{o|optionfile}:"<OptionFilename>" |
Specifies to use an options file. You can specify the following value for this parameter:
|
||||
/{if|intraforest}:{yes|no} |
Specifies whether the migration is within a single forest. You can specify the following values for this parameter:
|
||||
/{sd|sourcedomain}:"<SourceDomain>" |
Specifies the NetBIOS or Domain Name System (DNS) name of the source domain from which to migrate objects. |
||||
/{sdc|sourcedomaincontroller}:"<SourceDomainControllerName>" |
Specifies the NetBIOS or DNS name of the domain controller in the source domain to use to migrate objects.
|
||||
/{so|sourceou}:"<OUName>" |
Specifies the name of organizational unit (OU) in the source domain. You use this parameter only for Active Directory source domains. |
||||
/{td|targetdomain}:"<TargetDomain>" |
Specifies the NetBIOS or DNS name of the target domain to which to migrate objects. |
||||
/{tdc|targetdomaincontroller}:"<TargetDomainControllerName>" |
Specifies the NetBIOS or DNS name of the domain controller in the target domain to use to migrate objects.
|
||||
/{to|targetou}:"<OUName>" |
Specifies the name of OU in the target domain. This parameter is required for both interforest and intraforest migrations. |
||||
/{po|passwordoption}: {complex|copy [+notexisting]} |
Determines how ADMT sets the password for the newly created account in the target domain.
You can specify the following values for this parameter:
|
||||
/{ps|passwordserver}:"<ServerName>" |
Specifies the name of the source domain controller that hosts the Password Export Server (PES) service. Enclose the server name in quotation marks. |
||||
/{pf|passwordfile}:"<FileName>" |
Specifies the path and name of the password file that ADMT creates. You specify this parameter only when you use the complex parameter with the /passwordoption parameter. Enclose the entire path in quotation marks. |
||||
/{dot|disableoption}:{[disablesource+] enabletarget|disabletarget|<targetsameassource>}] |
Determines which account, if any, to disable after migration. You can specify the following values for this parameter:
|
||||
/{sep|sourceexpiration}: {none|<Days>} |
Defines the number of days that the source user account is valid before it expires. You can specify the following values for this parameter:
|
||||
/{mss|migratesids}: {yes|no} |
Specifies whether the source user account security identifier (SID) migrates to the SID history of the target account. You can specify the following values for this parameter:
|
||||
/{trp|translateroamingprofile}: {yes|no} |
Specifies whether to translate the roaming profile from the source user account to the target user account. This parameter also associates the target user account with the roaming profile. You can specify the following values for this parameter:
|
||||
/{uur|updateuserrights}: {yes|no} |
Specifies whether to set the user rights of the target account to match the user rights of the source user account. You can specify the following values for this parameter:
|
||||
/{mgs|migrategroups}: {yes|no} |
Specifies whether to migrate to the target domain the groups of which the source user is a member. When ADMT uses this parameter to migrate a group, it does not migrate group members. You can specify the following values for this parameter:
|
||||
/{umo|updatepreviouslymigratedobjects}: {yes|no} |
Specifies whether to migrate groups again during this migration that ADMT migrated previously. ADMT performs this operation only when you specify the yes value with the /migrategroups parameter during subsequent migration operations. You can specify the following values for this parameter:
|
||||
/{fgm|fixgroupmembership}: {yes|no} |
Specifies whether to add migrated users to target domain groups if those users were members of groups that ADMT migrated from the source domain. You can specify the following values for this parameter:
|
||||
/{msa|migrateserviceaccounts}: {yes|no} |
Specifies whether user accounts that the Service Account Migration Wizard identifies as service accounts should also migrate. You can specify the following values for this parameter:
|
||||
/{co|conflictoptions}: {ignore|merge [+removeuserrights] [+removemembers]|[+movemergedaccounts]} |
Specifies an action for ADMT to take when it finds that an object name already exists in the target domain. You can specify the following values for this parameter:
|
||||
/{ux|userpropertiestoexclude}: {*|"Property"|"Property1 [,Property2]..."} |
Specifies properties to exclude when ADMT migrates a user account. You can specify the following value for this parameter:
|
||||
/{ix|inetorgpersonpropertiestoexclude}: {*|"Property"|"Property1 [,Property2]..."} |
Specifies properties to exclude when ADMT migrates an inetOrgPerson account. You can specify the following value for this parameter:
|
||||
/{gx|grouppropertiestoexclude}: {*|"Property"|"Property1 [,Property2]..."} |
Specifies properties to exclude when ADMT migrates a group account. You can specify the following value for this parameter:
|
||||
/{n|includename} "<UserName>" ["<UserName2>"] |
Specifies a user or a list of users to migrate. You can specify the following value for this parameter:
|
||||
/{f|includefile}: <FileName> |
Specifies the name of a file that contains a list of users to migrate. You can specify the following value for this parameter:
|
||||
/{d|includedomain}: [recurse [+{<flatten>|maintain}]] |
Specifies an entire source domain or OU of accounts. This parameter specifies to enumerate the source OU for service accounts or user accounts. If you do not specify the source OU, ADMT enumerates the entire source domain. You can specify the following values for this parameter:
|
||||
/{en|excludename} "<UserName>" ["<UserName2>"] |
Specifies which users to exclude from migration. You can specify the following value for this parameter:
|
||||
/{ef|excludefile}: <FileName> |
Specifies the name of a file that contains the list of users to exclude from the current migration operation. You can specify the following value for this parameter:
|
Remarks
In addition to the admt user command-line tool, you can use the User Account Migration Wizard to migrate users from a source domain that you specify to a target domain that you specify.
Examples
The following example migrates a user named JohnSmith from the CONTOSO domain to the TREYRESEARCH domain.
admt user /n "JohnSmith" /sd:CONTOSO /td:TREYRESEARCH
The following example migrates users using an include file that is located at C:\temp\MyListOfComputers.txt.
admt user /o:C:\temp\MyListOfUsers.txt