By default, groups will retain their current group scope when they are migrated. You have the option to change that here, so that you can transform a group's scope as it is migrated. For example, if the new target does not have multiple domains, you may choose to convert your Universal Groups into Domain Local groups. Or you can choose not to migrate a particular group scope at all. There are some limitations on changing the scope of nested groups, so you may want to refer to the following TechNet link.
https://technet.microsoft.com/en-us/library/cc755692(v=ws.10).aspx
By default, your mail-enabled groups will retain their current group scope when they are migrated. You have the option to change that here, so that you can transform a group's scope as it is migrated. You can also change the group to a contact, or you can choose not to migrate a particular group scope at all.
How do you want to handle any group conflicts? That is, what should happen if (based on your matching criteria) that Directory Sync Pro for Active Directory finds a matching group already in the target?
If you choose skip, Directory Sync Pro for Active Directory will not make an association between those objects, and an error will be noted in the log file.
If you choose Merge, Directory Sync Pro for Active Directory will consider those items the same. This means that any members of the source group will be added to the membership list of the target group, if you have set updates to occur. No new object will be created.
With Rename, a new Active Directory group object will be created in the target. You will need to distinguish this from the matched target object by giving it a new name. You can manually add a prefix or suffix of your choice, or, you choose any existing AD attribute to be prepended or appended to the name. Remember that if you choose rename, when you update the object in the source such as adding another member, it will be the Renamed group object in the target that gets updated during a synchronization.
When you migrate a user, you can also have Directory Sync Pro for Active Directory migrate any groups in which they are a directly a member. Just check the Synchronize Accompanying Groups box. If they are member of a group, that is itself a member of another group, you can choose to include the entire nested chain of groups by checking the Include Parent Groups box also.
However, the group objects themselves must also be included within the scope of this profile, or another profile, or this setting will have no immediate effect. If you later fixed the issue by including those particular groups within a profile, the user's membership would then be included automatically at that time.
To avoid this issue, if you plan to use this option, you may want to first make a profile that includes all the groups, and only groups, in the entire domain. You would then run only a push synchronization, to get these items into the SQL database without pulling them into the target. Then this option would always behave as expected.
By default, the Active Directory account status of device is maintained when the object is created in the target. If a device was Active Directory enabled in the source, it will be enabled in the target, and vice-versa. Or, choose enabled, to make all migrated devices immediately Active Directory enabled, no matter what their status was in the source.
Maybe you want to ensure that these devices should not be available until a later time even after the device has been cutover. In that case, you can choose disabled, which will cause all migrated devices to be Active Directory disabled, no matter what the status in the source.
© ALL RIGHTS RESERVED. Feedback Terms of Use Privacy Cookie Preference Center
