Options for AD Inter-forest and Intra-Forest Profiles
AS-IS means the objects will be created just as they currently exist in the source. If the account was disabled in Active Directory in the source, it will be disabled in Active Directory when created in the target. If the account was enabled in Active Directory in the source, it will be created as enabled in Active Directory in the target.
You can also choose to Active Directory enable all objects when they are created in the target, no matter their Active Directory account status in the source. Or, just the opposite, you can choose to have all objects created in an account disabled state in the target, no matter their status in the source.
For mail-enabled objects only, there is also the option is to convert all mail-enabled objects into contacts when they are created in the target.
Options for Exchange Inter-forest Profiles
AS-IS means the objects will be created just as they currently exist in the source. If the account was disabled in Active Directory in the source, it will be disabled in Active Directory when created in the target. If the account was enabled in Active Directory in the source, it will be created as enabled in Active Directory in the target.
You can also choose to enable all objects when they are created in the target, no matter their status in the source. Or, just the opposite, you can choose to have all objects created in an account disabled state in the target, no matter their status in the source.
You may also choose to convert all the mail-enabled objects into contacts when they are created in the target.
You would use this profile in conjunction with our Exchange Pro mailbox migration product.
Options for Exchange IntRA-forest Profiles
AS-IS means the objects will be created just as they currently exist in the source. If the account was disabled in Active Directory in the source, it will be disabled in Active Directory when created in the target. If the account was enabled in Active Directory in the source, it will be created as enabled in Active Directory in the target.
Note that All objects created will be Mail-Disabled, no matter what their Active Directory account status.
You can also choose to enable all objects when they are created in the target, no matter their status in the source. Or, just the opposite, you can choose to have all objects created in an account disabled state in the target, no matter their status in the source.
You may also choose to convert all the mail-enabled objects into contacts when they are created in the target.
User Conflicts
How do you want to handle any users conflicts? That is what should happen if (based on your matching criteria) that Directory Sync Pro for Active Directory finds a matching user already in the target? If you choose skip, Directory Sync Pro for Active Directory will not make an association between those objects, and an error will be noted in the log file.
With Update, Directory Sync Pro for Active Directory will consider those items the same. This means that any changes made to the source will update that matched item in the target, if you have set updates to occur. No new object will be created.
With Rename, a new object will be created in the target. You will need to distinguish this from the matched target object by giving it a new name. You can manually add a prefix or suffix of your choice, or, you choose any existing AD attribute to be prepended or appended to the name. Remember that if you choose rename, when you update the object in the source, it will be the Renamed object in the target that gets updated during a synchronization.
User SID History
You have the option to include an object's SID history during the migration. This will help prevent issues with some software, and network shared printers. We suggest this option. Consider however, that in a large enterprise, this might cause the Kerberos token to exceed the max token size for users that belong to many groups. You could mitigate that issue with a GPO that is set to accept larger tokens.
If you do choose to migrate SID History, all Domain Controllers that you have listed in the Target DC's tab will need access to the Domain Controller that holds the PDC Emulator FSMO role in the source.