This article describes how Migration Manager for Active Directory handles the processing of encrypted files during resource updating.
Encrypted files have the same NTFS ACLs as non-encrypted files, so VMover will process them properly. The problem is that users will loose their ability to decrypt the files once they start logging into the target domain. This is because encryption certificates are used to give access to encrypted NTFS files. The certificates can be managed from the Certificates mmc snap-in (on the desktops).
If the source account certificate is not migrated to the target account the user will loose the corresponding capabilities such as access to the encrypted file system.
Certificates marked as exportable (which is the default option) can be migrated. The certificate migration can be done manually by each user by exporting and then importing the certificate from the Certificates snap-in.
Alternatively, the CertMgr utility can be used to automate the procedure. It needs to be run for all source users in the export mode, and then for all target users in the import mode. This utility can be found in the Migration Manager Resource Kit.
