Introduction
Directory Sync Pro supports sIDHistory migration when migrating users and groups in an inter-forest migration scenario. However, by default, Microsoft does not support the migration of sIDHistory in an intra-forest configuration. Migrating sIDHistory in an intra-forest environment is not possible as duplicate ObjectSID cannot exist in the same forest. The recommended process involves moving the objects from the source domain to the target domain within the same forest. However, this approach may not be ideal when device migration is part of the scope as it often necessitates simultaneous cutover of both users and devices.
To address this limitation, Quest has developed a process that enables sIDHistory migration using a staged migration concept. This step-by-step guide provides instructions on how to perform sIDHistory migration in an intra-forest environment by utilizing a staging forest.
Topics
This guide covers the following topics:
Requirements
Following are the high-level requirements needed to configure the sIDHistory Intra-Forest Staged Migration using Directory Sync Pro. For details and a complete list of requirements, please refer to the requirement documents of the product found at Product Support - Migrator Pro for Active Directory (quest.com).
General
Accounts
Staging Domain Forest
Intra-Forest sIDHistory Migration High-Level Process
By default, Microsoft does not support the migration of sIDHistory in an intra-forest configuration. The recommended process involves moving the objects from the source domain to the target domain within the same forest. However, this approach may not be ideal when device migration is part of the scope as it often necessitates simultaneous cutover of both users and devices.
For the above reason, a staged migration approach should be used for Intra-Forest sIDHistory Migration. Migration Process:
-
Objects from the source domain should be synchronized to the target domain, but sIDHistory migration should not be enabled.
-
Objects from the source domain should be synchronized to the staged forest with sIDHistory migration enabled. For the Groups Synchronization, membership syncing should be disabled as we do not need to migrate the membership to the staged forest.
-
Objects from the staged forest should be synchronized to the existing objects in the target domain (created by Directory Sync) with sIDHistory migration enabled. For the Groups Synchronization, membership syncing should be disabled as we do not need to migrate the membership for sIDHistory.