EPFL > VPSI > IT > EXAPP - Site d'information: WinAD (Windows Active Directory)
 

  Affiche tous les articles

 Mode d'emploi du moteur de recherche  Rechercher : 
Moteur de recherche
Home page
Accréditation
Activation MS
AD c'est quoi ?
AD PowerShell
Authentifications
Autorisations DHCP
bugs
Conseils AD
DCs Sécurité
Délégations OUs
Domaine SC
Gaspar
GPO
Grp-Staff
KMS
Migrations
Outils
· Enable the Disk Cleanup tool 2012R2
· Rearming Sysprep
· Apply Images Using DISM
· Désactiver la couche 6to4 (IPV6) sur Windows 7 ,8 ,2008 ,2012
· Check MachineConf
· AD Users & Computers : afficher l'onglet "additional account info" sur OS 64 bits
· CMD for AD 2000/3/8 Dsget
· ShellRunas for VISTA
· Déléguer la gestion des services
· Mise à jour automatique avec Software Update Services pour Windows 2000, XP et 2003
· SUBINACL modifier les permissions & permuter les SID
· ADMT-V2 (Active Directory Migration Toll)
· How-to Migration NT4-2000 with ADMT V2 by Philippe Chammartin(IC-ISC)
· Outils pour la gestion de l'Active Directory (support tools)
· "Replication Access Was Denied"
· LES INDISPENSABLES Outils de support Active Directory
· commandes de Windows 2000
· NETDOM Déplacer des comptes machines d'un domaine à un autre
· MOVETREE pour déplacer des USERS d'un domaine2000 à un autre
· Installation des outils de support de Windows 2000 sur un ordinateur Windows 2000 Server
· Outils de migration de Domaines et OU
Procès verbaux
Profiles Itinérants
PWAD
Règles de nommage
Restaurations DC Fac
ServerAD2003
ServerAD2008
Seven
Students
synchro
toto1
Trucs et Astuces
Win 8.1
WinAD
Windows 10
Windows 8
Windows Server
Wins
Work Shop
  Afficher une version imprimable de ce document dans une nouvelle fenêtre
 
MOVETREE pour déplacer des USERS d'un domaine2000 à un autre
 

ATTENTION : Le serveurs DCs source et de destination ne peuvent pas être choisi aléatoirement. Ils doivent avoir le rôle FSMO RID, de plus les domaines d'échanges windows2000 doivent être en mode NATIF, cela permet que le même SID soit toujours associé aux comptes dans l'AD après déplacement d'un domaine à un autre

PS: L'OU destinataire ne doit pas être créé à l'avance,c'est movetree qui l'a génère


How to Use the MoveTree Utility to Move Objects Between Domains in a Single Forest

The information in this article applies to:
  • Microsoft Windows 2000 Advanced Server
  • Microsoft Windows 2000 Server

SUMMARY

MoveTree.exe is a command-line utility that enables administrators to move Active Directory objects such as organizational units, users, and so on, between domains in a single forest. These types of operations support domain reconsolidation or organizational restructuring.

MORE INFORMATION

Although MoveTree moves Active Directory objects between domains, there are some Active Directory objects that cannot be moved between domains. There may also be associated data outside the Active Directory that also is not moved. Computer objects are not moved during a MoveTree operation.

When objects are moved, they are initially copied to the Lost and Found container in the source domain, and then they are moved to the destination domain. All objects that are moved are recorded in the MoveTree.log file, and all error messages are recorded in the MoveTree.err file. Objects that cannot be moved remain in an orphancontainer in the Lost and Found container in the source domain. Local and domain global groups are not moved during a MoveTree operation. However, group memberships remain intact; therefore, security is not compromised.

Associated data that is not moved during MoveTree operations includes profiles, logon scripts, and users' personal data. Additional scripts or management tools need to be used in conjunction with MoveTree to perform these additional steps. MoveTree enables an organizational unit to be moved with all of the linked Group Policy objects in the source domain intact. Although the Group Policy object link moves and continues to work, clients receive their group policy settings from the source domain. Due to this potential performance degradation, you are strongly recommended to re-create the Group Policy objects for the moved organizational unit in the destination domain, and then delete the old Group Policy objects in the source domain.

MoveTree Syntax

   MoveTree [/start | /continue | /check] [/s SrcDSA] [/d DstDSA]
   [/sdn SrcDN] [/ddn DstDN] [/u Domain\Username] [/p Password] [/quiet]

   /start	: Start a MoveTree operation with /check option by default.
   	: Instead, you could be able use /startnocheck to start a
         : MoveTree operation without a check.

   /continue : Continue a failed MoveTree operation.

   /check	  : Check the whole tree before actually moving any object.

   /s <SrcDSA>  : Source domain DSA name. Required. 

   /d <DstDSA>  : Destination domain DSA name. Required.

   /sdn <SrcDN> : Source subtree's root domain name.
                : Required in Start and Check case.
                : Optional in Continue case.

   /ddn <DstDN> : Destination subtree's root domain name. Required.

   /u <Domain\UserName> : Domain name and user account name. Optional.

   /p <Password> : Password. Optional.

   /quiet : Quiet mode. Without any display. Optional.

Examples

  • MoveTree /check /s Server1 /d Server2 /sdn OU=SourceOU,DC=Dom1 /ddn OU=DestOU,DC=Dom2 /u Dom1\administrator /p *
  • MoveTree /start /s Server1 /d Server2 /sdn OU=SourceOU,DC=Dom1 /ddn OU=DestOU,DC=Dom2 /u Dom1\administrator /p MySecretPwd
  • MoveTree /startnocheck /s Server1 /d Server2 /sdn OU=SourceOU,DC=Dom1 /ddn OU=DestOU,DC=Dom2 /u Dom1\administrator /p MySecretPwd
  • MoveTree /continue /s Server1 /d Server2 /ddn OU=DestOU,DC=Dom1 /u Dom1\administrator /p * /quiet

Key Guidelines for Using MoveTree

  • Ensure Domain Name Server (DNS) name resolution is working correctly.
  • Ensure that you have permissions on the source and destination domains to complete the move. The following error message is logged in the MoveTree.err file if you have insufficient permissions:
    Error: 0x2098 Insufficient Access Rights to perform the operation.
    MoveTree cross domain move failed. The extended error is 00002098: SrcErr:DSID-0031B02E2, problem 5003 (WILL_NOT_PERFORM), data 0
  • Use quotation marks for parameters with spaces.
  • Use all lowercase letters when designating the source and destination subtree root domain names. If you use uppercase letters, the following error message is logged in the MoveTree.err file:
    Error: 0x20e4 The Naming Context could not be found.
    MoveTree cross domain move failed.
    The extended error is 0000020e4: SvcErr: DSID-031B02E2, problem 5003 (WILL_NOT_PERFORM), data 0

MoveTree moves the computer accounts, but the accounts are not valid in the new domain. Active Directory Users and Computers in the new domain show all the computer accounts that MoveTree moved, but the individual computers are not able to log into the new domain. Netdom must be used to move the computer accounts.

NOTE: Movetree requires that the destination domain be in Native mode.

NOTE: The command has to be run on the Rid Master of the src domain against the Rid master of the dst domain, otherwise you will see following error:


ERROR: 0x2012 The requested operation could not be performed because the directory service is not the master for that type of operation.

Article N° 29, du 12.08.2002, par Alain Gremaud
URL de cet article : http://winad.epfl.ch/?article=29

© 2017 VPSI - EXAPP - TC