Follow the instructions outlined in the documentation and in the SOL14630 to specify a preferred DC and GC.
Then follow the instructions outlined in the QMM Installation Guide:
Step 4: Open the Required Ports on Servers, Routers, and Firewalls
Since the Migration Manager agents are installed and updated from the console over RPC and the agents transfer data directly between source and target servers over RPC as well, RPC traffic must be allowed over the routers separating the subnets.
Make sure that ports 135, 137, 138, and 139 are open on the following machines:
• Source and target servers
• Routers separating the subnets
Step 5: Configure Windows Server 2008 Firewall
Windows Server 2008 has built-in firewall that is enabled by default. To migrate passwords and SIDHistory, you need to modify the firewall settings on a target domain controller and create a new inbound rule. This is also required for proper operation of the Undo Wizard and for SIDHistory Cleanup using the Active Directory Processing Wizard.
• To create a new rule on an x86 target domain controller, run the following command:
netsh advfirewall firewall add rule name="Quest Migration Manager Agent" dir=in action=allow program="%SystemRoot%\System32\AelAgentMS.exe"
• To create a new rule on an x64 target domain controller, run the following command:
netsh advfirewall firewall add rule name="Quest Migration Manager Agent" dir=in action=allow program="%SystemRoot%\System32\AelAgentMS64.exe"
Alternatively, you can create a new rule using the New Inbound Rule Wizard. To run the wizard:
1. Open the Server Manager console on a target domain controller.
2. Navigate to Configuration | Windows Firewall with Advanced security | Inbound Rules in the console tree.
3. Click New Rule…
In case of two-way directory synchronization, you should perform the same actions on the source domain controller.
Disable McAfee on-access protection.