Domain fusion W2003R2 et ADMT

Similar Messages

• Same internal and external domain names - AGAIN!

  Hi all-
  Like many of you, I am confronting the problem of having the same FQDN for both my Active Directory domain and Internet domain.  For the sake of discussion, let's call the domain rlh.com.
  I need to access an externally-hosted website on the rlh.com domain.  The site is coded exclusively to use rlh.com and NOT
  www.rlh.com.  Therefore, the old trick of adding a static www A record on my internal DNS server will not work.
  It looks like another option is to install IIS on my DC and then configure some type of forwarding to the external site.  While this might work, frankly, I don't want IIS on my DC.  It's a DC, not a web server.
  Yet a third option, correct me if I'm wrong, looks to be using some type of "split DNS."  Though I have not read the particulars (yet) of this solution, I am suspicious of it causing DNS inefficiencies.
  All of these solutions look to me to be workarounds.  I am preparing to install a new DC (upgrading from 2003 to 2008 R2) and want to FIX the problem, not work around it.  That said, it looks like I have two options:
  1.  Rename my existing 2003 AD domain using rendom
  2.  Install the new 2008 R2 DC with the new domain name, setup domain trust between the old and new domains, and then use ADMT.
  Can someone please comment on my logic here?  Does anyone have experience with both of the two options?  Is one less painful than the other?
  As I preparatory step, I have migrated from my onsite Exchange 2003 server to Office 365.  Exchange is no longer present in my organization, though some slight "remnants" may remain in Active Directory.  Other than Exchange, I have a
  Hyper-V host, 2 SQL Servers, and 3 RDS servers present in my environment.
  Thanks.

  I realized this was answered, but I would like to add the following comprehensive blog on this subject.
  Can't Access Website with Same Name (Split Zone or no Split Brain)
  Published by Ace Fekay, MCT, MVP DS on Sep 4, 2009 at 12:11 AM  1278  0
  Note - In an AD same name as the external name (split zone) scenario, if you don't want to use WWW in front of URL, such as to access it by
  http://domain.com, then scroll down to "So you don't want to use WWW in front of the domain name"
  http://blogs.msmvps.com/acefekay/2009/09/03/split-zone-or-no-split-zone-can-t-access-internal-website-with-external-name/
  Ace Fekay
  MVP, MCT, MCSE 2012, MCITP EA & MCTS Windows 2008/R2, Exchange 2013, 2010 EA & 2007, MCSE & MCSA 2003/2000, MCSA Messaging 2003
  Microsoft Certified Trainer
  Microsoft MVP - Directory Services
  Complete List of Technical Blogs: http://www.delawarecountycomputerconsulting.com/technicalblogs.php
  This posting is provided AS-IS with no warranties or guarantees and confers no rights.

• Migrating multiple domains with same name - how? Rename? Migrate through temporary domain?

  Hi,
  we have acquired another company, and they have multiple, separate domains with the same name (every site has a domain with NetBIOS name "COMPANY" and DNS name "company.local"). Now we want to migrate all these domains into ours using
  ADMT.
  Unfortunately, we did not manage to migrate one of these domains completely, so the trust must remain established for some time. But we have to continue with the second domain - which normally would require a trust, but of course we can't establish a trust
  to two domains with the same name at the same time.
  I found two potential solutions for the dilemma, but I'm not sure if both are reasonable:
  1) Rename the domain with RENDOM.EXE to COMPANY2 and company2.local and then migrate with ADMT
  2) Migrate COMPANY to a temporary domain such as COMPANYTEMP and then migrate from COMPANYTEMP to our domain
  Given that there are roughly 100 users, 2 domain controllers and 8 other servers, what would be the better approach? Is option 2 possible at all, so would I be able to use the sidHistory attribute migrated from the original COMPANY domain in our domain at
  all?
  There is also an Exchange 2007 server, which seems to make option 1 impossible unless we find another way to migrate it (like, export all mailboxes to PST before migration) ...

  Ok, that's what I expected. Still, I have servers in the old domain, so if I do these steps:
  first create a new temporary domain i.e COMPANYTEMP and
  create trust between COMPANYTEMP -
  COMPANY(Right)
  then do the migration with sidHistory from COMPANY(right) --> COMPANYTEMP ,
  disconnect the domain COMPANY(right) ,
  users will lose connectivity to any servers in the domain. I understand that it does not work with all domains connected? Of course I can't make OURCOMPANY's domain controllers see the DCs of COMPANY (right) in DNS (though I could achieve it the other way
  round).
  My original plan was:
  first create a new temporary domain i.e COMPANYTEMP and
  create trust between COMPANYTEMP -
  COMPANY(Right)
  then do the migration with sidHistory from COMPANY(right) --> COMPANYTEMP ,
  create trust between OURDOMAIN and COMPANYTEMP
  then do the migration with sidHistory from
  COMPANYTEMP --> OURDOMAIN,
  Migrate users
  Migrate computers
  Migrate servers
  remove trusts and old domain
  But I see that this will not work out, right? So, my only option would be:
  first create a new temporary domain i.e COMPANYTEMP and
  create trust between COMPANYTEMP -
  COMPANY(Right)
  then do the migration with sidHistory from COMPANY(right) --> COMPANYTEMP ,
  Migrate computers and servers to COMPANYTEMP
  Install new Exchange server in COMPANYTEMP
  migrate mailboxes to COMPANYTEMP
  disconnect / abandon COMPANY(right)
  create trust between OURDOMAIN and COMPANYTEMP
  then do the migration with sidHistory from COMPANYTEMP
  --> OURDOMAIN,
  Migrate users
  Migrate computers
  Migrate servers
  Migrate mailboxes
  remove trusts and old domain
  And to minimize user impact, all this would have to be done in one go (over night), which is hardly possible .........................

• Important information about setting up DNS for ADMT

  Hi guys,
  For a couple of days now, I've been trying to solve a problem in a test environment simulating the migration of a Windows 2003 domain into another Windows 2003 domain.
  The two domains are in different IP subnets.
  Both domains are on Windows 2003 functional level and they have DNS integrated zones, so it's a straightforward configuration.
  In order to do the test, I've created a secondary DNS zone for each domain in the other domain and setup DNS in the primary zones on both domains to transfer the zones to the secondary ones. I've also configured WINS on both domains to push/pull information from the other domain.
  Until now, all is great and name resolution works fine.
  I've established a two way trust and did all the necessary steps to begin the migration like setting up the Password Export and enabling SID History and auditing...
  Now when I tried a test migration for a group with admt 3.0, I recieved multiple kinds of errors:
  ERR2: 7449 SID History cannot be updated for .... The tool could not locate a domain controller for the source domain
  WRN1: 7392 SIDHistory could not be updated due to configuration or permissions problem
  ERR2: 7816 Cannot determine if source object 'LDAP://groupname' matches an object in the target forest or domain
  etc...
  I tried many troubleshooting steps but nothing worked until I removed all the secondary zones and created forwarders in place. So each domain now forwards DNS queries to the other domain. I tried ADMT and everything worked like charm.
  So I wanted to share this information with you in case there are out there someone with the same problem.
  Hope this will help.
  Cheers

  So, i did as everyone was told. 
  Removed all the secondary zones on source domain controller and added the forwarders for target domain on the source domain controller's DNS. 
  Still i keep getting the error, "The specified domain either does not exist or could not be contacted (Error code=1355, domain=target_domain)" while doing user migration. 
  Any help?

• Active Directory migration from domain X to Y

  Hey Guys 
  Planning to migrate Child domain to another child domain inter forest with ADMT 
  we do have a small environment with Active directory integrated DNS, I do have a rough knowledge of migrating domains but still if there is any checklist kind of thing on priority (i.e migrate users first then do groups then computers then GPO) and let me
  know how much time it will take for 500 users 800 machines and 400 groups approximately .
  We do not have techinical Architecture guys to plan up , Please list out any excel sheets for migration if any
  Went through n number of blogs but still did not get any proper info about this , Thank you in advance

  1) I would recommend you first run a test of the steps in test before you do this in production.  Otherwise your production becomes test.
  2) By doing in test, you have taken a large amount of the risk out of the upgrade since, in test you should be able to look for any unforseen issues.  The easiest way to test is to build a virtual fence from production and clone the DC's and member
  servers that you want to test against (This is assuming you are running in a virtual environment).  Ensure that you production environment is error free.
  http://blogs.dirteam.com/blogs/paulbergson/archive/2009/01/26/troubleshooting-active-directory-issues.aspx
  3) There should be no downtime at all, you can just extend the schema and then promote a new 2012 DC (I would recommend R2 if you can).
  4) Before you do the schema extension you should take 2 backups on two different DC's.  Taking two gives you less of a chance of a problem if one of the backups fails.
  5)
  Take a backup
  Extend the schema
  Join the 2012 R2 servers to the domain
  Add the ADDS role to the 2012 R2 member servers
  Promote the 2012 R2 DC's
  Transfer the FSMO roles to the 2012 R2 DC's (Not required but recommended)
  If you want to retire the 2003 DC's, then you will need to make sure that any clients pointing to the 2003 DC's for DNS are pointing to other DC's.
  If you do retire the 2003 then you can think about updating the DFL and FFL of the domain and forest.
  Paul Bergson
  MVP - Directory Services
  MCITP: Enterprise Administrator
  MCTS, MCT, MCSE, MCSA, Security, BS CSci
  2012, 2008, Vista, 2003, 2000 (Early Achiever), NT4
  Twitter @pbbergs http://blogs.dirteam.com/blogs/paulbergson
  Please no e-mails, any questions should be posted in the NewsGroup.
  This posting is provided AS IS with no warranties, and confers no rights.

• Migration domain

  I have domain controller ABC.local windows server 2012 R2 I need to migrate to another domain in another forest DEF.lab windows server 2012 R2 and i have VDI services what the best Practices to do that........ 

  Establish a trust between the domains/forests and use ADMT - Active Directory Migration Tool to migrate users, groups, computers and member servers over to the other forest.
  Establish forest trust:
  http://technet.microsoft.com/en-us/library/cc778851(v=ws.10).aspx
  Guide
  http://www.microsoft.com/en-us/download/details.aspx?id=19188
  Download
  http://connect.microsoft.com/site1164/content/content.aspx?ContentID=22983
  Enfo Zipper
  Christoffer Andersson – Principal Advisor
  http://blogs.chrisse.se - Directory Services Blog

• File server migration software, what is out there?

  I'll be migrating about 9Tb of files from 10 file servers from the 'old' domain where we have limited rights to our new domain where we will be having to re-create (rather than migrate) users and security groups. We cannot set up a two way trust between
  the domains. (one way may be possible).
  The files are user shares, department shares and (unfortunately) PST files.
  I was wondering if someone has experience or know about software that could help with this. I've found the
  http://www.varonis.com/products/data-transport-engine/ Varonis data transport engine which seems to do what I need. (although I'm not sure if a trust is needed or not).
  What would seem especially important is some functionality that 'maps' security groups form the source domain to the target domain groups.
  I was hoping you might know of other tools that do the same thing? Any experience with a similar challenge?
  Regards, Paul www.servercare.nl

  Hi,
  From the description, you would like to migrate data to a server in a different domain
  with permission. 
  Copy files with permission is easy - robocopy could help with using /copyall. However the copied permissions will not be recognized as it is a different domain. 
  Thus if data need to be copied with permission, which means the same users and groups in domainA should be recognized in domainB. This leads us using ADMT (Active Directory Migration Tool) to do the user/group migration first.
  However you need a Trust between the 2 domains to do the ADMT. If "limited rights" stopped you from creating a one-way trust (source domain trusts the target domain), you may not able to copy files with permissions.
  FYI:
  ADMT Guide: Migrating and Restructuring Active Directory Domains
  http://technet.microsoft.com/en-us/library/cc974332(v=ws.10).aspx
  If you have any feedback on our support, please send to [email protected]

• ADMT 3.2 Migrate users to the same organizational unit in the Target Domain as they are in the Source Domain?

  Hi,
  I am in the middle of a inter forest migration and have created the target domain (TargetDomain.local) 2008R2 and Source Domain (SourceDomain.Local) 2008R2 with a two way trust. I have installed ADMT 3.2 on a server in the Target Domain. I am able to migrate
  users form the source domain to the target domain. I have copied the OU Structure from the source domain to the target domain. The issue I am currently facing is that I would like to find a way to migrate all users from the source domain to the target domain
  and the users migrate to the same OU as the source. I have looked at the include file option but cannot find a way of specifying the source and target OU's.
  Please could someone help me with this, Thanks.

  Hi,
  You need to create the same OU on target domain, then do the user account migration.
  On Organizational Unit Selection page, select Browse and select target OU, then click OK.
  For the more and detail information, please refer to this article:
  http://social.technet.microsoft.com/wiki/contents/articles/16621.interforest-migration-with-admt-3-2-part-3.aspx#Group_Account_Migration
  Regards.
  Vivian Wang

• Fusion middleware OID cluster installation with weblogic domain

  Hi,
  I am trying to install/configure fusion middleware OID 11.1.1.2 cluster with two nodes.
  Installed Databse, Weblogic, Ran RCU for schema creation.
  I installed OID by selecting Create new Domain
  selected clustered check box while installtion.
  Selected OID and DIP for installation and configuration.
  Create domain was sucessfull.
  Deploy oracle directory server was Sucessfull.
  Got Error when deploying Directory Integration platform.
  Error: An internal operation has failed error in configuring DIP-00004 error in connecting to oracle internet directory server.
  I thing apply patch will solve this issue.
  I am able to login to weblogic
  Admin Server, Node manager and manager server are in running state.
  I am able launch enterprise manager.
  OID1 is up.
  I am not able to launch /odsm. any idea?? (tried with different browsers its the same)
  I am applying patch now..hope solves the issue.
  So now OID is deployed on one manager server and i have to add one more server in this cluster.
  I am thinking to do basic weblogic installation on other cluster server then copy the domain from machine1 to machine2.
  Not sure how to setup the other managed server with machine 2 details??
  Please correct me if i followed any wrong step.
  I need steps for Clustering.
  Any idea please help??

  when click on Next button it says "Weblogic server must already be installed".Please see if ("TypeError: unsupported operand type(s) for +: 'NoneType' and 'str'" Signaled When Creating ODI Domain On WebLogic Server [ID 1220075.1]) helps.
  In this configured with EBS instance? If yes, what is the document you have followed to configure it?
  Thanks,
  Hussein

• Weblogic- Fusion Middleware 11g domain JPS security issue.

  Hello All,
  I'm not very familar with the extensive Security "JPS" managembnt inside weblogic including fusion middleware and the domain security policy.
  I just wanted to remove the below line from my "Reports Engine" configuration and now I'm stuck with the further below error constantly.
  As far as I can tell the Domain security provide is configure to OID (which I don't even use). All teh files .sso, system_jazn... are all available and have never been deleted or changed.
  Fusion Report Engine config (want to remove the security )
  =======================================
  <engine minEngine="3" maxIdle="30" maxEngine="8" id="rwEng" engLife="50" defaultEnvId="GICQA" class="oracle.reports.engine.EngineImpl"/>
      <!--engine minEngine="3" maxEngine="11" id="rwURLEng" engLife="50" class="oracle.reports.urlengine.URLEngineImpl"/-->
      <!--security id="rwJaznSec" class="oracle.reports.server.RWJAZNSecurity"/-->JPS security errors
  ============
  [2012-08-20T13:49:57.567-04:00] [reports] [TRACE:32] [REP-56025] [oracle.reports.server] [tid: 10] [ecid: 0000J_59wD2Fc5WFLzINOA1GCbZ5000001,0] [SRC_CLASS: oracle.reports.utility.RWLogger] [SRC_METHOD: writeln] RWServer:startServer  Reports Server is starting up.
  [2012-08-20T13:49:58.098-04:00] [reports] [WARNING] [] [oracle.reports.server] [tid: 10] [ecid: 0000J_59wD2Fc5WFLzINOA1GCbZ5000001,0] Multicast:init  java.net.SocketException: Unrecognized Windows Sockets error: 0: no Inet4Address associated with interface
  [2012-08-20T13:49:58.098-04:00] [reports] [WARNING] [] [oracle.reports.server] [tid: 10] [ecid: 0000J_59wD2Fc5WFLzINOA1GCbZ5000001,0] Multicast:init  java.net.SocketException: Unrecognized Windows Sockets error: 0: no Inet4Address associated with interface
  [2012-08-20T13:49:58.113-04:00] [reports] [NOTIFICATION:16] [REP-65000] [oracle.reports.server] [tid: 10] [ecid: 0000J_59wD2Fc5WFLzINOA1GCbZ5000001,0] Multicast:init  Communication channel is initialized.
  [2012-08-20T13:49:58.113-04:00] [reports] [TRACE:16] [] [oracle.reports.server] [tid: 10] [ecid: 0000J_59wD2Fc5WFLzINOA1GCbZ5000001,0] [SRC_CLASS: oracle.reports.utility.RWLogger] [SRC_METHOD: writeln] Multicast:registerReceiver  Packet handler registered
  [2012-08-20T13:49:58.113-04:00] [reports] [NOTIFICATION:16] [] [oracle.reports.server] [tid: 10] [ecid: 0000J_59wD2Fc5WFLzINOA1GCbZ5000001,0] ServerPacketHandler:start  ServerPacketHandler started successfully
  [2012-08-20T13:50:00.219-04:00] [reports] [NOTIFICATION:16] [] [oracle.reports.server] [tid: 10] [ecid: 0000J_59wD2Fc5WFLzINOA1GCbZ5000001,0] SecurityHelper:start  Security system rwJaznSec successfully started.
  [2012-08-20T13:50:00.531-04:00] [reports] [TRACE:16] [] [oracle.reports.server] [tid: 10] [ecid: 0000J_59wD2Fc5WFLzINOA1GCbZ5000001,0] [SRC_CLASS: oracle.reports.utility.RWLogger] [SRC_METHOD: writeln] ReportsCacheHandler:init  JOC is initialized
  [2012-08-20T13:50:00.578-04:00] [reports] [TRACE:16] [] [oracle.reports.server] [tid: 10] [ecid: 0000J_59wD2Fc5WFLzINOA1GCbZ5000001,0] [SRC_CLASS: oracle.reports.utility.RWLogger] [SRC_METHOD: writeln] JobManager:start  Job id sequence = null
  [2012-08-20T13:50:00.594-04:00] [reports] [NOTIFICATION] [] [oracle.reports.server] [tid: 10] [ecid: 0000J_59wD2Fc5WFLzINOA1GCbZ5000001,0] Failed initializing JPS  D:\Oracle\Middleware\asinst_1\config\ReportsServerComponent\RptSvr_GICPHXAP11_asinst_1\rwserver.conforacle.security.jps.service.credstore.CredStoreException: Could not find the key specified
  [2012-08-20T13:50:00.594-04:00] [reports] [INCIDENT_ERROR] [REP-50125] [oracle.reports.server] [tid: 10] [ecid: 0000J_59wD2Fc5WFLzINOA1GCbZ5000001,0] REP-50125 : An internal exception occurred: oracle.security.jps.service.credstore.CredStoreException: Could not find the key specified.  [[
  oracle.reports.RWException: IDL:oracle/reports/RWException:1.0
       at oracle.reports.utility.Utility.newRWException(Utility.java:1053)
       at oracle.reports.utility.Utility.newRWException(Utility.java:1066)
       at oracle.reports.server.ServerConfig.getValueFromCSF(ServerConfig.java:1354)
       at oracle.reports.server.ServerConfig.getElementProperties(ServerConfig.java:1294)
       at oracle.reports.server.ServerConfig.getElementProperties(ServerConfig.java:1038)
       at oracle.reports.server.JobStoreDB.start(JobStoreDB.java:77)
       at oracle.reports.server.RWServer.startServer(RWServer.java:1038)
       at oracle.reports.server.RWServer.jniMain(RWServer.java:305)
  ]]Can anybody assist.
  Thanks in advance
  Jan S.

  Hello Kalyan,
  I looked at the bug you mentioned and this seem to be related to JSP files as opposed to JPS security. I've searche metalink and may have found some similar and possibly the exact error.
  *Error PKI-02002: Unable to open the wallet. Check password When Starting a Reports Server [ID 1316651.1]*
  Thanks
  Jan S.

• After migrating a windows 7 machine using ADMT Group policy shows the the computer is from the new domain but user is from old domain

  We have migrated machines using ADMT tool but we have found some window 7 machines Group policy issues.  We see that the computer GP is getting from the new domain but the users profile still has the old domain GP information.  Any help on
  removing the old GP objects and forcing the new domain User policy would be great.  We have tried the basic troubleshooting gpupdate /force reboot etc.
  Thanks

  Hi,
  Sorry for the delayed response.
  First, please verify whether these domain users you mentioned belong to old domain or new domain.
  If they belong to old domain the GP is right with no problem. If they belong to new, try following suggestions.
  Please test these steps in one of the problematic computer. If it worked, then go on for others.
  To avoid unexpected problems, please backup your register keys before following steps:
  Open regedit.exe, and delete following keys:
  HKLM\Software\Policies\Microsoft Key (looks like a folder).
  HKCU\Software\Policies\Microsoft Key.
  HKCU\Software\Microsoft\Windows\CurrentVersion\Group Policy Objects Key.
  HKCU\Software\Microsoft\Windows\CurrentVersion\Policies key
  Exit the registry and restart.
  Note: HKLM = HKEY_LOCAL_MACHINE & HKCU = HKEY_CURRENT_USER
  If you have any feedback on our support, please click
  here
  Keep post.
  Kate Li
  TechNet Community Support

• Weblogic domain status always down from Fusion Middleware Console

  Hi Guys
  Weblogic domain status always down from Fusion Middleware Console but however my Webdomain is Up and running.
  At another level, I have the same problem with applications status. These applications are Up and running but visible status down too.
  Platform: AIX 5.3 TL8
  Weblogic Server: 10.3.2
  Fusion Middleware Controle: 11.1.1.2.0
  Any idea ?
  bests regards
  Denis Jeanneret

  Hi,
  I have similar setup and the WebTier component shows as down.
  After some research I have come to the conclusion that some files have been missed in the EM packaging with the Web Center and OHS components.
  Am following up with iAS development on this issue..
  Check
  http://<adminHost>:<adminPort>/dms
  Click on Aggregate Metrics > scroll down to opmn_response and opmn_response_component. See if the instance is registered.
  In my case, the opmn_response does not have the componentname in it but opmn_response_component seems to be fine.
  Regards
  Kotti

• ADMT share domain local groups access denied

  Hi,
   I have encountered strange behavior when migrating share with permissions. This is the situation:
  1) We have migrated groups from source domain(these groups are used for defining access to shares, users are directly members of these, no nested groups), groups are domain local
  2) We have migrated share and reapplied and verified ACLs, ok so far
  The problem is that users from source domain cannot access share migrated to new domain, accordin to ACL they have access BUT when they try access the share it only shows access denied. But when the groups are converted to Global in source domain(no need
  to convert in target domain) access is permitted according to ALC).
  Can someone explain that please? Thank you.
  Pete
  sfs

  Hi,
  Member permissions in domain local group can be assigned only within the same domain as the parent domain local group.
  Domain local groups can contain users from any domain. They are used to assign permissions to resources. When you restructure domains, you must migrate domain local groups when you migrate the resources to which they provide access, or you must change the
  group type to universal group.
  For more detail information, you could refer to:
  http://blog.thesysadmins.co.uk/admt-series-7-group-account-migration-wizard.html
  Regards.
  Please remember to mark the replies as answers if they help and unmark them if they provide no help. If you have feedback for TechNet Support, contact [email protected]

• All components of fusion middleware in one domain - is this better approach

  Pls advise, is this better approach to have all the components of Fusion Middleware (SOA, B2B, BPM, WebCenter, Content server) in one domain itself in cluster environment for production. If not, pls advise the better architecture for production environment..
  Regards,
  Suneel Jakka

  Suneel,
  It's a good idea to use split domain approach (multiple domains in one MW Home) for large enterprise deployments as it makes maintenance very easy. Lot of customers have been using this approach and they are quite happy about it. Following benefits you get while using split domain approach -
  1. Patching becomes flexible where patching of one component will not affect other
  2. System downtime will decrease as because of issue with one component, only one domain will be affected
  3. Reduced risk of incompatibility or classpath issues which arise because of different components (jars and third party utilities) being used in each product
  4. Modular integration and more layers of security
  If you are using all SOA, B2B, BPM, WebCenter, Content server and they have significant load then better have below domains -
  1. Dedicated domain for B2B (as it is a gateway product and will be having communication over internet)
  2. Shared domain for BPM and SOA (if load is high on both then better have separate domain for each)
  3. Shared domain for WebCenter & Content server (if load is high on both then better have separate domain for each)
  I also recommend to install Webcenter and SOA products in separate middleware home itself so that you may also upgrade them independently.
  Regards,
  Anuj

• Can we install ADMT tool in source domain?

  I am novice in AD migrations, The ADMT guide downloaded from MS instructs to install ADMT tool in Target domain, as do a lot of other blogs & discussion threads. Is there any reason that we should install it on Target domain only? Can we not install
  this tool in source domain and still migrate everything or are there any limitations to this or is it not supported by MS? I am just trying to understand if this is a must to be installed on target domain and if so why. Thank you in advance.

  In addition,
  1. Need to setup the DNS
  DNS
  Secondary       zone
  Conditional       forwarder
  ADI       Conditional forwarder
  Stub       zone
  You can go one of above.
  2. Need to create the Trust
  How to Create Two way Transitive Trust – Windows Server 2008 R2
  http://social.technet.microsoft.com/wiki/contents/articles/13906.how-to-create-two-way-transitive-trust-windows-server-2008-r2-en-us.aspx
  3.Use ADMT for users, Groups,password, computer migration, User profiles
  http://blog.thesysadmins.co.uk/category/admt
  ADMT Ver 3 for 2003
  ADMT Ver  3.1 2008
  ADMT Ver 3.2 2008R2
  As of now Windows 2012 does not support the ADMT. However there is some other work arrround.
  4. Permission is required for ADMT
  http://portal.sivarajan.com/2010/04/admt-service-account-permission-and.html
  You will get lots of stuffs on ADMT.
  http://social.technet.microsoft.com/Forums/windowsserver/en-US/2a3c69ec-faea-457e-b088-fcc694365054/advice-needed-on-company-merger-migration?forum=winserverMigration
  Regards~Biswajit
  Disclaimer: This posting is provided & with no warranties or guarantees and confers no rights.
  MCP 2003,MCSA 2003, MCSA:M 2003, CCNA, MCTS, Enterprise Admin
  MY BLOG
  Domain Controllers inventory-Quest Powershell
  Generate Report for Bulk Servers-LastBootUpTime,SerialNumber,InstallDate
  Generate a Report for installed Hotfix for Bulk Servers