de-DEen-US
Language
Search
× Search
Sunday, September 26, 2021

CopyRight2 vs. ADMT

Learn more about CopyRight2's advantages over ADMT and how to easily migrate domain users (with passwords), groups, OUs, distribution lists, contacts and more.

CopyRight2 vs. ADMT

CopyRight2 is a product for the migration of Active Directory accounts and provides features that go beyond what Microsoft's Active Directory Migration Toolkit, shortly ADMT, has to offer. Opposed to Microsoft's ADMT, CopyRight2 does not require a trust between the two domains, neither any agents that have to be installed, nor does it require a SQL server instance. As it supports sidHistory-less migrations, there is no security risk attached to it.

Besides of functionality for account migrations between domains, member servers and workgroup enabled systems, it also integrates features to migrate Windows® server and NAS resources like file systems including file shares, share- and NTFS level permissions.
 

 

Migrated Active Directory Objects

Users

Migrate user account objects including passwords.

Groups

Migrate domain local, global and universal group objects including group members.

Distribution Lists

Migrate distribution lists including their members.

Contacts

Migrate contact objects.

OUs

Optionally migrate OUs and the OU hierarchy from the source to the target domain.

Object Permissions

Migrate object permissions along with the objects.


CopyRight2 Advantages over ADMT

CopyRight2 is a lot easier to use and does not have the complexity and overhead of other solutions. Watching the 12 minute video below, will explain all you need to know, to perform an AD domain migration. CopyRight2 does not require a trust relationship between source and target domains. Neither does it require any agents that have to be installed, nor does it require an SQL server instance.

Active Directory Migration With CopyRight2 Tutorial Video

Active Directory Migration Video Thumb

Supported Active Directory Versions

In addition to Windows Active Directory (Windows 2000 up to 2022), CopyRight2 supports Azure AD Connect, AWS Directory Service, Synology Active Directory Server and Univention's UCS Active Directory Domain Controller Appliance as source or target directory.
Windows 2019 Certification Logo
Windows 2016 Certification Logo
Windows 2012 Certification Logo
Windows 2008 Certification Logo
Windows 2003 Certification Logo
Windows 2000 Certification Logo

Migrate From Other Domains, Domain Members and Workgroup Systems

CopyRight2 supports all existing types of Active Directory groups, no matter if it is local, global, universal, security or distribution list groups. In opposition to ADMT, CopyRight2 can also migrate local accounts from domain member computers and workgroup configured systems to domains and vice versa.

Easy Deployment compared with ADMT

CopyRight2 can be installed on any computer, preferably on a domain controller of the source or the destination domain. Once the software is installed, it can be used right away to define and interactively run migration jobs or schedule jobs for background execution at a specified time. This is usually not the case with Microsoft's ADMT.

24/7 Support and 2 Years of Free Updates / Upgrades

The product price includes 24/7 support and 2 years of free maintenance updates & upgrades as available. In case there is a problem using the software, you can get in touch with Sys-Manage's support at any time. With CopyRight2 there is no additional costs for support contracts as it would be the case with ADMT. Our experienced support engineers have helped thousands of customers to complete their migrations successfully. Please contact us either by email or by telephone.

Multiple Account Selection Options

Select Objects To Migrate in High Resolution

Simply select the objects you want to migrate from the Active Directory tree of the source AD.

Alternatively you can migrate all existing objects, specify an input file in CSV format or specify an LDAP query defining a query root and a filter condition.

Define Active Directory Attributes to Migrate

CopyRight2 Active Directory Attribute Settings

As opposed to Microsoft's ADMT, CopyRight2's attribute in- and exclusion list allows you to define graphically which attributes you want to migrate by object class type. You can also provide an empty attribute list, in which case all class specific attributes defined in the Active Directory schema will be copied.

Migrate OU and Container Hierarchy

CopyRight2 Active Directory OU Settings in High Resolution

Using CopyRight2 you can migrate accounts to the default "Users" container or into a specified container, optionally while retaining the original OU and container hierarchy structure.

Transfer Active Directory Object Permissions

CopyRight2 Object Security Settings in High Resolution

CopyRight2 can migrate the permissions set on any AD objects, such as users, groups, contacts, distribution lists, organizational units and containers. It migrates the permissions (DACL), auditing information (SACL) and the owner.

Schedule Migrations For Background Execution

Copyright2 Task Scheduler Settings in High Resolution

You can schedule any AD migration jobs to run automatically in the background at specified intervals. Receive email notifications for the job in case of success and/or error.

Customize and Transform Migrated Objects

Copyright2 Active Scripting Settings in High Resolution

You can define scripts, based on the object class and executed for each migrated object, allowing you to very easily "transform" and make adjustments to any attribute values.

For example you could use the following line of VBScript code to add the prefix "PREFIX_" to migrated object's "samAccountName" attribute:

Destination("samAccountName")="PREFIX_" & Source("samAccountName")

Migrate Using Windows® SID-HISTORY Feature

CopyRight2 sidHistory Settings

Interforest migrations: Create a clone of each source account in the target domain, having sidHistory set to the corresponding SID of the source account.

Intraforest migrations: Accounts will be moved between the domains instead. The sidHistory attribute automatically gets set to the corresponding SID of the original account.

You can find more information about using the sidHistory attribute in the CopyRight2 Documentation.

Account and Data Migration Without sidHistory

It is, how ever, not a requirement to use the sidHistory attribute with CopyRight2. In contrast to Microsoft's ADMT, you can migrate user and group accounts directly and reassign NTFS and file share permissions of any data on-the-fly while being copied or by processing permissions without moving data. There are specific scenarios where the use of sidHistory is not recommended. Disabling SID filtering on the source domain, a requirement for resource access using sidHistory, implicitly grants admin accounts of the destination domain administrative access to the source domain, including any resources accessible to it. This may violate given security restrictions. The official ADMT documentation describes the impact of sidHistory using the following wording: "With SID Filtering disabled, a rogue domain administrator could clone a SID from the other domain and add it to their SID History, granting them unauthorized rights.". This could be an issue in case of company break ups, de-mergers or other Active Directory domain reorganization scenarios.

Frequently Asked Questions

What are the advantages of CopyRight2 over ADMT?


  • Much easier to use.
  • Doesn’t require a trust between source and target domain.
  • Can use but does not require Active Directory sidHistory.
  • Can also migrate local accounts from domain member or workgroup configured systems to the domain.

What types of AD objects does it migrate?

CopyRight2 migrates AD users, contacts, groups (global, local, universal), distribution lists, members, OUs and optionally object permissions (ACL). You can define which attributes to migrate per object type. Optionally you can define small scripts to transform objects during the migration.

Does it require sidHistory or a domain trust?

No, CopyRight2 does not require sidHistory or a domain trust. However, it supports sidHistory and also trusts between source and target domain. If using sidHistory there is a bunch of requirements that need to be fullfilled. Please check the documentation for those. However, you can also migrate without sidHistory and optionally migrate your data using a data migration job, replacing the original accounts with the accounts of the target domain.

Do You Have Any Questions or Suggestions?

In case of any questions or suggestions, please feel free to contact us at support@sys-manage.com. We like hearing from you.
Terms Of UsePrivacy StatementCopyright © Sys-Manage, 1998-2021. All Rights Reserved.
Back To Top