Results of Moving Active Directory
U-Move will load Active Directory into the destination computer. It will copy the files from the staging folder into the operating system.
Simple Restore
If you are doing a simple restore, U-Move will load the Active Directory files (NTDS.DIT and EDB*.LOG) and the System Volume (SYSVOL). It will not load any other files.
Comprehensive Restore
If you are doing a comprehensive restore, U-Move will load the following additional information from the staging folder into the operating system:
Computer Name
U-Move will set the computer name and domain name to match the name of the source computer.
Network Settings
Unless otherwise instructed, U-Move will copy the network settings to match the source computer's network interface connection (NIC). This includes the following information:
- Internet address for IP Version 4 (Example: 11.22.33.44)
- Internet address for IP Version 6 (Example: 2001:db8:f9c2::48e7)
- Default gateway network address
- Client DNS addresses and settings. This information helps the computer locate a DNS server to find other computers on your network.
- Client DHCP settings
- Subnet masks (IPv4), network prefix lengths (IPv6), and interface metrics
- Registration of each connection's address in DNS (yes/no)
- Static network routes, if any, including metrics. (To view type route print at a command prompt)
- Hosts and lmhosts text files (C:\Windows\system32\drivers\etc\*)
To view the NIC network settings: Open the Control Panel and select Network and Internet -> Network and Sharing Center. Click on Change adapter settings (upper-left). Select the NIC and right-click on Properties. In the pop-up dialog scroll down and select Internet Protocol (TCP/IP) and click the button Properties.
DNS Server Database
U-Move will move the DNS server database to the destination computer. This includes all DNS zones and all RR records. If the destination computer had a prior DNS database configured it will be replaced.
Other Databases
If requested U-Move will move certain databases that are closely connected with Active Directory. These databases include the Active Directory Federation Services (AD FS) database, the DHCP database, the WINS database, the Certificate Services database, the Windows Server Update Services database, and other databases.
User Accounts and Passwords
U-Move will replace all local user accounts and passwords on the destination computer. They will be replaced by the domain user accounts and passwords in Active Directory.
The destination computer's local (SAM) user account database will be replaced. It will be replaced by a stub that contains only one local account. The account is used to access the computer when Active Directory is not running. This is called Directory Services Restore Mode (DSRM). The password for the DSRM Administrator account will be set to the value you specified during the interview.
These steps are exactly the same as those executed by the DCPROMO utility when promoting a domain controller.
Cryptographic Keys
U-Move will replace the computer's cryptographic keys with the keys from the source computer. This includes the master keys for the Encrypting File System (EFS), DPAPI, and Protected Storage. (Protected Storage stores user passwords for e-mail, web, and VPN access.) All private certificate keys are loaded, including those marked non-exportable.
File and Registry Security
The security settings of the files in the \Windows folder will be changed to permit access by the domain administrator.
In a similar fashion the ACLs of registry keys will be updated to allow access by the domain administrators.
These steps are exactly the same as those executed by the DCPROMO utility when promoting a domain controller.
Permissions for Shared Folders
U-Move will copy the user and group permissions for shared folders from the source computer.
Security Identifier (SID) Prefix
U-Move will copy the Security Identifier (SID) prefix from the source computer. The SID prefix is used to uniquely identify the computer on the network for security purposes.
When reloading AD onto the same computer, the SID prefix is left unchanged. U-Move runs faster because fewer changes are required.
Windows Firewall
U-Move will copy the Windows Firewall settings from the source computer.
U-Move will adjust the permission settings on the destination computer for Windows Firewall to allow access to Active Directory from your member computers (if needed).
Advanced: You can tighten security by telling U-Move to limit AD access to computers on the local subnet. See Advanced Options: Windows Firewall.
U-Move for Active Directory |