Dela via


Movetree Remarks

Applies To: Windows Server 2003, Windows Server 2003 R2, Windows Server 2003 with SP1, Windows Server 2003 with SP2

MoveTree Remarks

Before Using MoveTree

Before using MoveTree take the following steps to maintain peak performance:

  1. Review all Group Policy objects that apply to a particular organizational unit, and make a note of the Group Policy settings they contain.

  2. Recreate the Group Policy objects, linked to the moved organizational unit in the new domain, with the desired settings.

  3. Make sure to remove the Group Policy objects linked from the old domain.

MoveTree Limitations

While MoveTree can move some Active Directory objects between domains, certain objects cannot be moved. MoveTree is also unable to move certain associated data that may exist externally to Active Directory. For details about limitations, see the following sections.

Local and Domain Global Group Limitations

Local and Domain Global groups are moved during a MoveTree operation, but their members are not. This is because of group membership rules. Therefore, it is important to save and recreate the memberships of Domain Local and Global groups to maintain the existing resource access permissions.

Universal Group Limitations

Universal groups including their members, are moved during a MoveTree operation.

Computer Objects Limitations

Computer objects are not moved during a MoveTree operation. Use Netdom Overview, another Windows Support Tool, to move computer accounts between domains and to join computers to domains.

Associated Data

Associated data that is not moved during a MoveTree operation includes policies, profiles, logon scripts, and users' personal data. Use additional scripts or management tools, such as the Remote Administration Scripts (included in the Windows 2000 Resource Kit), in conjunction with MoveTree to perform these additional steps.

Important

  • Remote Administration Scripts in the Windows 2000 Resource Kit are examples only. They might require code modification to be used with Windows Server 2003 operating systems. Use this feature only with the assistance of Microsoft Product Support professionals.

MoveTree cannot move the following objects:

  • System objects (identified by the objectClass being marked as systemOnly)

  • Objects in the configuration or schema naming contexts

  • Objects in the special containers in the domain: Builtin, ForeignSecurityPrincipal, System, LostAndFound

  • Domain controllers or any object whose parent is a domain controller

  • Any object with the same name as an object that already exists in the target domain

MoveTree can fail because of some of the following error conditions:

  • The source domain controller cannot transfer the RID role owner.

  • The source object is locked due to another operation in progress. (For example, if another user is currently creating child objects under the source object that is selected for the move operation.)

  • Either the source or destination domain have invalid credentials.

  • The destination knows the source object is deleted but the source does not. (For example, the source object had been deleted on a different domain controller, but because of replication latency the source domain controller has not yet received the deletion event.)

  • There is a failure at the destination domain controller (for example, Disk Full).

  • A Security Accounts Manager (SAM) constraint is met. (For example, Duplicate SAM Account Name or source object password length does not meet the password restrictions in the target domain.)

  • The source and destination have a schema mismatch.

When a MoveTree Operation Is Paused or Halted

During a MoveTree operation, if the process is paused or halted, then any objects that have yet to be moved remain in an orphan container in the Lost And Found container in the source domain. The Lost And Found container can be viewed in the Active Directory Users and Computers snap-in (a Windows administrative tool) when the Advanced View menu option is selected. The orphan container is named using the globally unique identifier (GUID) of the parent container being moved and can be readily identified; it will contain the objects that were selected for the MoveTree operation.

For example, if you are moving the organizational unit Sales, which has an object GUID of {123-abc}, and the MoveTree operation is halted, then the tree structure looks like this:

Lost + Found
         {123-abc}
               Sales

MoveTree ErrorLevels

MoveTree returns ErrorLevel 0 for success and ErrorLevels 1 through 5 for different kinds of failure. These values can be used as criteria for branching when the tool is used in a batch file; see Movetree Examples in the MoveTree Examples topic.

The following table describes MoveTree error levels.

Error Level Meaning

0

Success

1

Error – command-line syntax

2

Error – directory conflict (duplicate names, insufficient privilege, name conflict, immovable object)

3

Error - network error (DC unavailable)

4

Error – system resource (Low VM, disk space)

5

Error – internal processing error

See Also

Concepts

Movetree.exe
Movetree Syntax
Movetree Examples
Alphabetical List of Tools
Search Overview
Replmon Overview
Repadmin Overview
Ldp Overview
Dsastat Overview
Clonepr Overview
ADSI Edit (adsiedit.msc)
Acldiag Overview
Spcheck Overview
Nltest Overview
Netdom Overview
Netdiag Overview
Netcap Overview
Httpcfg Overview
Dnslint Overview
Dnscmd Overview
Dhcploc Overview
Dcdiag Overview
Browstat Overview