Service Account Requirements
The following user account permissions and privileges to support Active Directory Migrations:
- One service account with read/write access to all organizational units (OUs) containing user, group, and computer objects in the source Active Directory to be migrated to the target environment.
- One service account with administrative rights on the target domain(s)
If administrative rights cannot be granted, the service account requires the following rights:The ability to create and modify user objects in the desired OUs in the target Active Directory environment.
Read Permissions to the configuration container in Active Directory
User credentials with the delegated migrateSIDHistory extended right.
A service account in each source and target domain with the ability to modify computer objects and add computers to the domain.