Windows Server 2008 and Windows Vista : Migrating GPOs (part 2) - Migration Tables

12/14/2012 3:32:01 AM
Migration tables are used to translate security principals and UNC paths from one domain to another. Because these objects and paths differ in different domains (either in the same forest or a different forest), the values must be updated when a GPO is migrated from the source domain to the target domain.

Migration tables can be updated manually, automatically, or by using the Migration Table Editor. The manual method is not suggested, because the migration table is stored in XML format and syntax is extremely important; one minor mistake could make the migration fail. Migration tables are saved with a .migtable extension and can be located anywhere on the system that you desire. However, users who want to use a migration table must have the appropriate permissions to the file during the migration process.

A migration table itself is simple, containing only three variables: source name, source type, and destination name. Figure 3 illustrates what a typical migration table looks like in the Migration Table Editor through the GPMC.

Figure 3. The Migration Table Editor allows you to add, delete, and update any of the three sources of information required to translate GPO references from one domain to another.

  • Source name The source name is the name of the security principal or UNC path in the source GPO. If the source name does not match the entry in the source GPO, the migration might fail. The syntax for the source name is important; Table 1 provides examples of what each source name would look like for the different source types.

    Table 1. Source Name Syntax
    Object TypeExample Syntax


    Domain Global GroupUPN: Domain

    SAM: FABRIKAM\Domain Admins

    DNS:\Domain Admins
    Domain Local GroupUPN:

    SAM: FABRIKAM\Administrators

    Universal GroupUPN: Enterprise

    SAM: FABRIKAM\Enterprise Admins

    DNS:\Enterprise Admins
    ComputerUPN: Client1$

    SAM: FABRIKAM\Client1

    UNC Path\\Server1\Data
    Free Text or SID“PilarA” “S-1-5-21-1473733259-1489586486-3363071491-1005”


    SIDs cannot be referenced in the destination name field.

  • Source type The source type depicts the type of entry that is in the table. This is either a security principal or UNC path. There are many source types that can be configured. The following are all of the source types that can be included in a migration table:

    • User

    • Computer

    • Domain Local Group

    • Domain Global Group

    • Universal Group

    • UNC Path

    • Free Text or SID

  • Destination name The destination name refers to the name that is used in the target domain for the source name translation. For example, there might be a group in the source domain named HRAdmins, whereas in the target domain it is named HRAdministrators. The source name would be HRAdmins and the destination name would be HRAdministrators. You have a few options in the destination name field, other than the explicit name of the destination object. Table 2 lists a few of the other entries and their meanings.

Table 2. Destination Name Entries
Destination Name EntryDescription
Same as sourceThis will not modify the security principal or UNC path during the migration.
NoneThis will remove the entry from the source GPO when it is migrated to the target GPO (cannot be used with UNC path).
Map by relative nameThis will be a translation based on name, such as DomainA\user1 to DomainB\user1 (cannot be used with UNC path).
Explicitly specify valueThis is where a name is typed into the destination name, providing the exact literal value.

To create a migration table, it is best to use the Migration Table Editor, which allows you to work with the migration entries directly. The most efficient solution is to populate the migration table directly from the GPO in production or a GPO that has been backed up. To populate the migration table from a GPO that is in production, follow these steps:

In the GPMC, right-click the Group Policy Objects node, and then click Open Migration Table Editor.

In the Migration Table Editor, click Tools, and then click Populate From GPO.

Select the domain in which the GPO resides from the Look In This Domain list.

Select the GPO from the Group Policy Objects list.


If you want to include the security permissions that are configured on the GPO itself, you must also select the check box labeled During Scan, Include Security Principals From The DACL On The GPO.

Click OK, and review the results from the scan in the Migration Table Editor, as shown in Figure 4.

Figure 4. After a scan of a GPO for security principals and UNC paths, the results are imported into the Migration Table Editor for further refinement and saved to a file.

You can save a migration table and validate its entries. You save the table like any other file—click File, and then click Save. To validate the file and entries, click Tools, and then click Validate Table. The Validation Results dialog box indicates whether there are any issues with the table, as shown in Figure 5.

Figure 5. Validating the migration table will help eliminate simple errors and ensure the migration of the GPO.

Video tutorials
- How To Install Windows 8

- How To Install Windows Server 2012

- How To Install Windows Server 2012 On VirtualBox

- How To Disable Windows 8 Metro UI

- How To Install Windows Store Apps From Windows 8 Classic Desktop

- How To Disable Windows Update in Windows 8

- How To Disable Windows 8 Metro UI

- How To Add Widgets To Windows 8 Lock Screen

- How to create your first Swimlane Diagram or Cross-Functional Flowchart Diagram by using Microsoft Visio 2010
programming4us programming4us
Top 10
Free Mobile And Desktop Apps For Accessing Restricted Websites
TOYOTA CAMRY 2; 2.5 : Camry now more comely
KIA SORENTO 2.2CRDi : Fuel-sipping slugger
How To Setup, Password Protect & Encrypt Wireless Internet Connection
Emulate And Run iPad Apps On Windows, Mac OS X & Linux With iPadian
Backup & Restore Game Progress From Any Game With SaveGameProgress
Generate A Facebook Timeline Cover Using A Free App
New App for Women ‘Remix’ Offers Fashion Advice & Style Tips
SG50 Ferrari F12berlinetta : Prancing Horse for Lion City's 50th
Popular Tags
Video Tutorail Microsoft Access Microsoft Excel Microsoft OneNote Microsoft PowerPoint Microsoft Project Microsoft Visio Microsoft Word Active Directory Exchange Server Sharepoint Sql Server Windows Server 2008 Windows Server 2012 Windows 7 Windows 8 Adobe Flash Professional Dreamweaver Adobe Illustrator Adobe Photoshop CorelDRAW X5 CorelDraw 10 windows Phone 7 windows Phone 8 Iphone