サポートと今すぐチャット
サポートとのチャット

Reference Materials for Migration 8.15 - Tips and Tricks

Introduction Environment Assessment, Planning, and Testing Basic Migration Steps Considerations for Active Directory Migration and Resource Update Considerations for Exchange Migration Preferred Settings for the Directory Synchronization Agent Directory Synchronization Agent Placement Indexing Service Attributes Full Directory Resynchronization Conclusion Environment Preparation Checklist Exchange Migration without Trusts Active Directory Migration without Trusts

Step 8. Disable Source Accounts

It is good practice to disable the source accounts at this stage and thus make sure that all users are logging on with their target accounts. We recommend that before you take this step, you wait some time to make sure that all users are already using their target accounts.

Step 9. Enable SID filtering

After the distributed resources and BackOffice servers have been processed, enable SID filtering between the source and the target domains.

After SID filtering is enabled, wait some time to ensure that all target users can access the resources they used before the migration. If after enabling SID filtering some users cannot access the resources, turn SID filtering off, process any skipped resources, and turn it on again.

We recommend you enable SID filtering prior to SIDHistory cleanup to verify that all resources were re-permissioned correctly and users can access resources with their target accounts not using SIDHistory.

Refer to the SID Filtering topic for the procedures on how to enable SID filtering.

Step 10. Clean Up SIDHistory Attributes

SIDHistory cleanup is done by Active Directory Processing Wizard, which is started from Migration Manager.

CAUTION:  Changes have probably been made to permissions, service accounts, group membership, etc. on resources since resource processing was last executed. We recommend you update distributed resources and BackOffice servers one more time before you clean up SIDHistory to make sure that all permissions, service accounts, and group membership are up to date.

NOTE: If after SIDHistory cleanup some users cannot access the resources, SIDHistory can be re-applied back to the accounts that lost access only by re-migrating and merging the accounts. This will give you time to check whether the resources were processed correctly for these accounts, fix the problem, and clean up SIDHistory again.

However, by turning on SID filtering with users losing access to resources it is much easier to disable SID filtering and process resource skipped than it is to restore SIDHistory.

After SIDHistory is cleaned up, wait some time to ensure that all target users can access the resources they used before the migration.

Step 11. Clean Up Legacy Account Permissions

Cleanup of legacy account permissions is performed by the same wizards used to update resources.

Cleanup is hard to undo, so it is recommended that you clean up permissions only when you are sure that all users are using their target accounts for all applications and have no problems accessing resources.

関連ドキュメント

The document was helpful.

評価を選択

I easily found the information I needed.

評価を選択