Installing Password Export Server

      No Comments on Installing Password Export Server

The article is just a go through for Password Export Server installation and configuration for cross forest Active Directory users migration keeping the same password.

The Active Directory Migration Tool (ADMT) uses the Password Export Server service version 3.1 (PES v3.1) to help you migrate passwords when you perform an interferes migration.

Note: The PES service cannot be installed on read-only domain controllers (RODCs).

Because ADMT does not check all settings of the target domain password policy, users need to explicitly set their password after migration unless the Password never expires or Smartcard is required for interactive log on flags are set.

Setting up Account password policy

Make sure both the target and source domain has identical policies for Account password before you begin the installation of PES service on source domain.

Create an encryption key

The PES service installation in the source domain requires an encryption key. However, you must create the encryption key on the computer running the ADMT in the target domain. When you create the key, save it to a shared folder on your network or onto removable media so that you can copy it to the local drive of the source domain controller where the PES service is installed. Store it in a secure location that you can reformat after the migration is complete.

You can install the PES service after you install ADMT. The following procedures explain how to install and use the PES service on computers running Windows Server 2008 or later.

At a command line, type the following command, and then press ENTER:

admt key /option:create /sourcedomain:<SourceDomain> /keyfile:<KeyFilePath> /keypassword:{<password>|*}

Note After you create the encryption key, configure the PES service on a domain controller in the source domain.

Configure the PES service in the source domain

Download the password export server from https://connect.microsoft.com/site1164  and on the domain controller that runs the PES service in the source domain, insert the encryption key disk.

Reboot the PDC emulator server.

Leave a Reply

Your email address will not be published. Required fields are marked *