Results of Moving Active Directory

Simple Restore

If you are doing a simple restore, UMove will load the Active Directory files (NTDS.DIT and EDB*.LOG) and the System Volume (SYSVOL). It will not load any other files.

Comprehensive Restore

If you are doing a comprehensive restore, UMove will load the following additional information from the staging folder into the operating system:

UMove will set the computer name and domain name to match the name of the source computer.

Network Settings

UMove will set the network settings to match the source computer's network interface card (NIC). This includes the following:

• Internet address (example: 192.168.0.1).
• Network mask (example: 255.255.255.0).
• Client DNS address. This is the address that the computer will contact to send DNS queries.
• Client settings for dynamic DNS registration.
• Client WINS address (if applicable). This is the address that the computer will contact to send WINS queries. (WINS is the legacy network naming system from Windows NT.)
• Client settings for DHCP.
• IPV6 settings (if installed).

To view the NIC network settings: Click on Start -> Control Panel -> Network Connections. Select the NIC and right-click on Properties. In the pop-up dialog scroll down and select Internet Protocol (TCP/IP) and click the button Properties.

DNS Server Database

UMove will move the DNS server database to the destination computer. This includes all DNS zones and all RR records. If the computer has a previous DNS database it will be replaced.

User Accounts and Passwords

UMove will replace all local user accounts and passwords on the destination computer. They will be replaced by the domain user accounts and passwords in Active Directory.

The destination computer's local (SAM) user account database will be replaced. It will be replaced by a stub that contains only one local account. The account is used to access the computer when Active Directory is not running. This is called Directory Services Restore Mode (DSRM). The password for the DSRM Administrator account will be set to the value you specified during the interview.

These steps are exactly the same as those executed by the DCPROMO utility when promoting a domain controller.

Cryptographic Keys

UMove will replace the computer's cryptographic keys with the keys from the source computer. This includes the master keys for the Encrypting File System (EFS) and Protected Storage. (Protected Storage stores passwords for e-mail, web, and dial-up access.)

File and Registry Security

The files in the operating system folders “\WINDOWS”, “\Program Files”, and “\Documents and Settings” will be changed to permit access by the domain administrators. The Access Control List (ACL) of each folder will be updated to allow access by the domain administrators.

In a similar fashion the ACLs of registry keys will be updated to allow access by the domain administrators.

These steps are exactly the same as those executed by the DCPROMO utility when promoting a domain controller.

Permissions for Shared Folders

UMove will copy the user and group permissions for shared folders from the source computer.

Security Identifier (SID) Prefix

UMove will copy the Security Identifier (SID) prefix from the source computer. The SID prefix is used to uniquely identify the computer on the network for security purposes.

When reloading AD onto the same computer the SID prefix is left unchanged.

UMove will adjust the permission settings on the destination computer for Windows Firewall (if necessary) to allow access to Active Directory from your member computers. (Windows Firewall is new on Window Server 2003.)

Advanced: You can tighten security by telling UMove to limit AD access to computers on the local subnet. See Advanced Options: Windows Firewall.

Applications

If you select Advanced Options, UMove will move the databases of certain Microsoft applications that are tightly coupled with Active Directory.