The Managed Service Account Options page of the Managed Service Account Migration Wizard specifies how the Active Directory Migration Tool (ADMT) handles managed service account migration.
The Managed Service Account Options page has the following options:
- Update account rights
Select this option to set the rights that are assigned to the new managed service account in the target domain to match the rights that are assigned to the managed service account in the source domain.
- Migrate associated account groups
Select this option to migrate the groups of which the migrated managed service accounts are members.
- Update previously migrated objects
Select this option to update the groups of which the migrated managed service accounts are members, even if you migrated those groups previously. This option is available only if you select the Migrate associated account groups check box.
- Fix accounts’ group memberships
Select this option to add migrated managed service accounts to target domain groups, if those managed service accounts were members of the target domain group in the source domain.
- Migrate account SIDs to target
domain
Select this option to add security identifiers (SIDs) from the source domain for migrated managed service accounts to the SID history of the new managed service accounts in the target domain. This option requires that TCP/IP client support is enabled on the primary domain controller (PDC) emulator operations master in the source domain and that auditing is enabled in both the source and target domains. For more information, see the ADMT Guide: Migrating and Restructuring Active Directory Domains (http://go.microsoft.com/fwlink/?LinkId=93678).