Please let us know how useful you find this tip by rating it below. Do you have a useful Windows tip, timesaver or workaround to share? Submit it to our tip contest and you could win a prize!
The Windows 2000 Active Directory Migration Tool (ADMT) is usually the best option for moving users between forests because it also migrates passwords. If you require more flexibility than ADMT offers, you can use a Microsoft tool called ClonePrincipal (Clonepr), which is designed for inter-forest user and group copying. (You might already be aware of MoveTree, which is a tool used for intra-forest moves only, although it does maintain passwords.)
You can download ClonePrincipal here. The tool consists of several script files that you can modify and a DLL that contains much of the tool's logic.
ClonePrincipal copies user objects to the target forest instead of moving them, so the user object in the original forest is unaffected. ClonePrincipal can copy users from Windows NT 4.0 and Active Directory (AD) sources. It also populates the SIDHistory attribute, which helps maintain access to resources that the original account had, for example to files on a file server.
This was first published in June 2005