Resolution
What is the Update Active Directory Connector Accounts (ADC Update) wizard, included with Domain Migration Administrator?
fact
Domain Migration Administrator 7.x
fix
Many network administrators use Microsoft Active Directory Connector (ADC) to migrate information held within an Exchange 5.5 mailbox to a new user account in Active Directory. This type of migration is efficient for maintaining the desired information, but can cause problems with Domain Migration Administrator (DMA). Prior to DMA 7.0, there were no tools to allow the merging of the source account and the ADC-created target account. In addition, the two accounts would have different names and it would not be possible to merge these accounts based on a naming conflict.
As a result of this scenario, NetIQ devised a tool within DMA that allows the accounts to be merged via the msExchMasterAccountSID attribute. This attribute is migrated by ADC and is the one dependable, common attribute between the source and target account, regardless of naming differences. The Update Active Directory Connector Accounts tool will compare the msExchMasterAccountSID attribute and create the mapping within DMA's internal database, and perform the following options if selected within the wizard:
- Copy Passwords
- Migrate account SIDs to target domain
- Migrate all NT 4 properties except full name, user comment, and comment
- Update group memberships
- Migrate source accounts' SamAccountName to the target domain
- Remove accounts from the ADC mapping and enable them
The tool is different from account migration, based on naming conflicts. Active Directory Connector Update will leave the attribute information alone and will, aside from the options selected, create a mapping within the DMA database. This mapping is necessary since it will be used for Security Translation operations performed by DMA.
note
The option to Migrate source accounts' SamAccountName to the target domain was first made available in DMA version 7.2.