Authentication Wizard - Domain Change and Profile Migration

Basic Local-to-Resource Domain Migration Scenario

This document provides a step-by-step guide on how to use the Authentication Wizard to configure authentication roles for the Basic Local-to-Resource Domain Migration scenario. This scenario covers workstations and user profiles being moved from a workgroup to a domain configuration. User profiles change from local users to domain users. Workstation membership changes from a workgroup to a domain. Destination computer accounts are moved to a different domain than the users. Authentication is done using local accounts with admin access to their respective computers. All other settings should be configured using the Easy Setup Wizard.

Step-by-Step

1. If it is not already running, the Authentication Wizard can be launched as part of the Easy Setup Wizard or by clicking on the Authentication Wizard button on the Authentication tab on the main Console screen.
   
   
2. Select Domain Change and Profile Migration Only. Click Next >>.
   
   
3. Select Domain User -> Local User migration. Click Next>>
   
   
4. Enter the Username and Password for a local user account which meets these criteria:
   • Must be a local administrator account.
   • Must be valid for ALL computers in the group.
   
   This account will be used for the Administrator A, Administrator B, and Source SID Lookup authentication roles. Click Next.
   
   
5. Enter the Username, Password, and Domain for a domain user account which meets these criteria:
   • Any active user account in destination user domain.
   
   This account will be used for the Destination SID Lookup authentication role. Click Next.
   
   
6. Enter the Username, Password, and Domain for a domain user account which meets these criteria:
   • Required privileges to join all computers to the domain.
   • Must be a domain account.
   
   A Note reminds you that regular Windows user accounts can only join 10 computers to a domain. It is highly recommended that the account specified has the Join Computers to Domain user right to avoid potential errors during the domain join. Administrator accounts have this privilege by default.(See Microsoft support article "You Have Exceeded the Maximum Number of Computer Accounts" Error Message When You Try to Join a Windows XP Computer to a Windows 2000 Domain (314462) for more information.)
   
   This account will be used for the Domain Join Privileges authentication role. Click Next.
   
   
7. The Authentication Wizard is complete. You are presented with the option to Override Settings if you choose, however this is not recommended as incorrect configuration of the authentication roles can result in failure of the migration on one or more clients. Click Finish to complete the wizard.