There is no best practice for this process but here are some recommendations for a scenario where the source domain is going to be decommissioned (collapsed):
1. Use the Active Directory Processing Wizard to remove the SID history.
It is a good idea to do this first for some users, not for all of them. For example, if you select 20 users (using "Select Objects" option) and run the Active Directory Processing Wizard then the SID history will be removed for selected users only.
2. Wait for a feedback. If there are no reports from users about non-accessible resources then you can be assured the users do not rely on SID history anymore and you can proceed with cleaning up the SID history attribute for another "batch" of migrated user.
Should there be a complaint or a problem the SID history can be quickly added back (for single users or for all of them) by remigrating these and merging these users. The selection can be exported to a file and the file can be used as import file during migration. After re-migrating and adding the SID history back there will be enough time for troubleshooting.
3. When SID history has been removed then cleaning up of resources can take place. Use RUM to perform the clean up of workstations and (file) servers, the process is the same as when updating resources, the only difference is - the option "Clean up legacy local group membership, user rights, and object permissions of migrated users" has to be selected.
Remove the Agents (Vmover.exe file) from all workstations and examine the system32 folder to find and remove possible "leftovers" like Vmover.log and another files (depending on the settings which have been used during re-permissioning)
4. If Exchange Processing Wizard has been used and source account permissions were preserved you can use the same wizard to clean up permissions for source users.
5. If during user migration the security descriptor setting was set to "merge" (this is the default setting) then Active Directory Processing Wizard should be used and to process the target domain to clean up (remove) permissions for source users.
6. Clean up the Service attributes used by the DSA during the matching process.
Review solution 9980:https://support.quest.com/SUPPORT/index?page=solution&id=SOL9980, which says: For a large number of Object Service Attributes the task can be accomplished in bulk using the ADCleanup Utility. The "Migration Manager - Active Directory Cleanup Utility" can be downloaded from the Quest website.
7. EMWProf utility creates a backup when processing Outlook profiles, see the EMWProf documentation how to remove these backup files.
8. Use the Agent Installation Wizard to uninstall all agents from involved servers, examine the directory and remove possible leftovers (folders, log files, archived data)
9. Examine the target domain controllers and remove the Quest agents if they are still present.
The Migration Manager User Guide has dedicated section entitled "Post-Migration Activities" which also contains valuable suggestions and should be reviewed before attempting the cleanup.
© 2024 Quest Software Inc. ALL RIGHTS RESERVED. 이용 약관 개인정보 보호정책 Cookie Preference Center