ADMT Domain Group Migration
There is a sequence for doing this though, they have been migrated in the correct order;
- First: Universal Groups
- Second: Global Groups
- Third: Domain Local Groups
To locate what types of groups you have, and what they are called, run the following commands;
PowerShell Display all Universal Groups
----------
import-module activedirectory
Get-ADGroup –LDAPFilter "(&(objectCategory=group)(groupType:1.2.840.113556.1.4.803:=-2147483640))"
----------
PowerShell Display all Global Groups
----------
import-module activedirectory
Get-ADGroup –LDAPFilter "(&(objectCategory=group)(groupType:1.2.840.113556.1.4.803:=-2147483646))"
----------
PowerShell Display all Domain Local Groups
----------
import-module activedirectory
Get-ADGroup –LDAPFilter "(&(objectCategory=group)(groupType:1.2.840.113556.1.4.803:=-2147483644))"
----------
ADMT Migrating Groups
How about Distribution Groups? These are created by Microsoft Exchange, if you need to migrate Distribution groups then you can convert them to domain local security groups, then migrate them with ADMT. Note: You may need to fix their Email address manually, that depends on your new email deployment in newdomain.com
Converting Distribution Groups to Security Groups
Run the following commands
----------
$dlGrps = Get-AdGroup -Filter { name -like "GROUP-NAME -AND GroupCategory -eq "Distribution"} | select -exp SamAccountName
foreach ($dl in $dlGrps) { Set-AdGroup $dl -GroupCategory Security }
----------