Authentication Wizard - Domain Change and Profile Migration

Two Source to Two Destination Local Admin-Authenticated Domain Migration Scenario

This document provides a step-by-step guide on how to use the Authentication Wizard to configure authentication roles for the Two Source to Two Destination Local Admin-Authenticated Domain Migration scenario. This scenario covers workstations and user profiles being moved from domain to domain. Source computer accounts are in a different domain than the source user accounts. Destination computers accounts will be in a different domain than the destination user accounts. Authentication is done using local accounts with admin access to all computers. All other settings should be configured using the Easy Setup Wizard.

Step-by-Step

1. If it is not already running, the Authentication Wizard can be launched as part of the Easy Setup Wizard or by clicking on the Authentication Wizard button on the Authentication tab on the main Console screen.
   
   
2. Select Domain Change and Profile Migration Only. Click Next >>.
   
   
3. Select Domain User -> Domain User migration. Click Next>>
   
   
4. Answer No when asked if all source user accounts and computer accounts are in the same domain. Click Next >>.
   
   
5. Answer No when asked if all destination user accounts and computer accounts will be in the same domain. Click Next >>.
   
   
6. Select Domain admin accounts with local admin access. Click Next >>.
   
   
7. Enter the Username and Password for a local user account which meets these criteria:
   • Must be a local administrator account.
   • Must be valid for ALL computers in the group.
   
   This account will be used for the Administrator A and Administrator B authentication roles. Click Next.
   
   
8. Enter the Username, Password, and Domain for a domain user account which meets these criteria:
   • Any active user account in source user domain.
   
   This account will be used for the Source SID Lookup authentication role. Click Next.
   
   
9. Enter the Username, Password, and Domain for a domain user account which meets these criteria:
   • Required privileges to join all computers to the domain.
   • Must be a domain account.
   
   A Note reminds you that regular Windows user accounts can only join 10 computers to a domain. It is highly recommended that the account specified has the Join Computers to Domain user right to avoid potential errors during the domain join. Administrator accounts have this privilege by default.(See Microsoft support article "You Have Exceeded the Maximum Number of Computer Accounts" Error Message When You Try to Join a Windows XP Computer to a Windows 2000 Domain (314462) for more information.)
   
   This account will be used for the Domain Join Privileges authentication role. Click Next.
   
   
10. Enter the Username, Password, and Domain for a domain user account which meets these criteria:
    • Any active user account in destination user domain.
    
    This account will be used for the Destination SID Lookup authentication role. Click Next.
    
    
11. The Authentication Wizard is complete. You are presented with the option to Override Settings if you choose, however this is not recommended as incorrect configuration of the authentication roles can result in failure of the migration on one or more clients. Click Finish to complete the wizard.