Please let us know how useful you find this tip by rating it below. Do you have a useful Windows tip, timesaver or workaround to share? Submit it to our tip contest and you could win a prize!
By submitting your email address, you agree to receive emails regarding relevant topic offers from TechTarget and its partners. You can withdraw your consent at any time. Contact TechTarget at 275 Grove Street, Newton, MA.
The Windows 2000 Active Directory Migration Tool (ADMT) is usually the best option for moving users between forests because it also migrates passwords. If you require more flexibility than ADMT offers, you can use a Microsoft tool called ClonePrincipal (Clonepr), which is designed for inter-forest user and group copying. (You might already be aware of MoveTree, which is a tool used for intra-forest moves only, although it does maintain passwords.)
You can download ClonePrincipal here. The tool consists of several script files that you can modify and a DLL that contains much of the tool's logic.
ClonePrincipal copies user objects to the target forest instead of moving them, so the user object in the original forest is unaffected. ClonePrincipal can copy users from Windows NT 4.0 and Active Directory (AD) sources. It also populates the SIDHistory attribute, which helps maintain access to resources that the original account had, for example to files on a file server.