You can configure the following using the Create Processing Task wizard:
On the Task Action step, select the action you want to perform:
|
NOTE: The Leave source accounts' permissions check box allows you to add newly created users and groups from the target domain to object DACLs and SACLs, rather than replace the entries with the current source account SIDs. |
|
NOTE: If two source users were merged to one target user, and if only one of them had permissions on some objects, then, after resource update and reverting the permissions, both users would have common permissions on these objects. |
If you select the Reassign local group membership, user rights, and object permissions to target users option, the next step will be Account Matching. On this step, you have the following options:
If you select to match accounts by SID history data, the Vmover.exe utility will be used automatically for that. You only need to specify the target domain where to examine SID history data.
For access to the domain, the utility will use the credentials configured for the project (Project | Manage Domain Credentials in the main menu) or for the particular collection or category (the Manage Domain Credentials button in the toolbar when the collection or category is selected). Make sure that valid credentials are specified.
|
Notes: If you use the Create Processing Task wizard for the purpose, SID history matching behaves as follows:
If you need different behavior, consider using Vmover.exe manually, as described in SIDHistory Mapping. Also note that the password for domain access is stored in plain text in the ldapPsw parameter of the configuration file for Vmover.exe. Because of this, it is recommended that you run the task remotely—that is, the Perform the task remotely (without agents) option is enabled on the Advanced Options step. |
On the Handling Rights and Resources step, select what accounts should be updated:
|
NOTE:
|
|
NOTE:
|
Then select the check boxes next to the objects whose permissions should be re-assigned to target users. Permissions on the following objects can be updated:
If you select the IIS check box, Resource Updating Manager will update the permissions of the Internet Information Services (IIS) if it is installed on the selected computers. The following IIS properties are processed by default:
For the full list of processed IIS properties, see the IIS section of Vmover Processing Options.
|
NOTE: To process any other IIS properties, you need to use the Vmover utility in manual mode. First, prepare the configuration file, Vmover.ini. The properties you need should be included in the [IIS Identifiers] section of the file as follows: [IIS Identifiers] UNCUserName=yes;1 The number at the end of the string specifies the property type:
If the property type is not specified, the property will be skipped during processing. Next, run Vmover remotely on the IIS servers you need to process using the edited configuration file, as follows:
|
|
Caution: After processing printers, if some of them were processed via the registry (this can be verified by scanning the log file), the spooler should be restarted. |
On the Advanced Options step, you can configure additional options for the task:
|
NOTE: In this case only several types of objects will be processed, for example, shares. This option is needed for NAS processing. |
|
NOTE: Resource Updating Manager agent is a 32-bit application. So, when Resource Updating Manager agent runs scripts on a processed computer running a 64-bit operating system, all scripts will be launched in 32-bit mode. |
IMPORTANT: Before you begin: For executing Move tasks remotely and if you have NetBIOS protocol disabled in your network (see Working in a Network Configuration with NetBIOS Protocol Disabled section), make sure you have the SCMApiConnectionParam value combined in with the mask value 0x80000000 in HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control registry key of machine, where the Migration Manager or Resource Updating Manager console are installed, otherwise changing RUM agent service account during move task execution may cause an “Access denied” error (see https://docs.microsoft.com/en-us/windows/win32/services/services-and-rpc-tcp for more detailed information). The change takes effect after restarting the QsRUMController service. |
Once you have completed the migration of users and collections, you can choose to move the source computers to another target domain. Actions that must be performed in these cases are described in the related topics:
Follow these steps to move computers to another domain in Resource Updating Manager:
|
NOTE: If you are not using agents (the Perform the task remotely (without agents) option is selected on the Advanced Options step), the same step lets you specify the pending timeout for the task operation in case some computers are not accessible at the task start time (some computers may be turned off, or behind the firewall, or you just deploy an agent to the host via Group Policy, Systems Management Server or manually). If the task is not able to start before the deadline you set, then Resource Updating Manager will cancel this task and all subsequent queued tasks for the inaccessible computers. |
You can review and edit the schedule and other settings for any task that has not started. For that, right-click the task and select Edit Properties. In addition, you can run any task immediately, regardless of its schedule (see the Running Tasks Immediately topic).
If there are any shared folders or printers published in Active Directory on the computer being moved to the target domain, they should first be migrated to the target domain along with the computer account they are pointing to using Migration Manager. This will allow Resource Updating Manager to automatically update the resources that reside in the source and target domains after moving the computer to point to the target computer account.
|
NOTES:
|
On the Move Options page, select the target domain from the list and the target organizational unit (optional). In addition, you have the following options:
|
NOTE: If you do not use the Resource Updating Manager console when moving computers with the Resource Updating agent installed between domains, please consider the following:
|
On the Computer Restart Options page, the following additional settings are available:
If you select not to restart the computers after they join a different domain, you will need to tell the users to restart manually.
© ALL RIGHTS RESERVED. Terms of Use Privacy Cookie Preference Center