Windows Server 2008 and Windows Vista : Migrating GPOs (part 2) - Migration Tables

- How To Install Windows Server 2012 On VirtualBox
- How To Bypass Torrent Connection Blocking By Your ISP
- How To Install Actual Facebook App On Kindle Fire
Migration tables are used to translate security principals and UNC paths from one domain to another. Because these objects and paths differ in different domains (either in the same forest or a different forest), the values must be updated when a GPO is migrated from the source domain to the target domain.

Migration tables can be updated manually, automatically, or by using the Migration Table Editor. The manual method is not suggested, because the migration table is stored in XML format and syntax is extremely important; one minor mistake could make the migration fail. Migration tables are saved with a .migtable extension and can be located anywhere on the system that you desire. However, users who want to use a migration table must have the appropriate permissions to the file during the migration process.

A migration table itself is simple, containing only three variables: source name, source type, and destination name. Figure 3 illustrates what a typical migration table looks like in the Migration Table Editor through the GPMC.

Figure 3. The Migration Table Editor allows you to add, delete, and update any of the three sources of information required to translate GPO references from one domain to another.

  • Source name The source name is the name of the security principal or UNC path in the source GPO. If the source name does not match the entry in the source GPO, the migration might fail. The syntax for the source name is important; Table 1 provides examples of what each source name would look like for the different source types.

    Table 1. Source Name Syntax
    Object TypeExample Syntax


    Domain Global GroupUPN: Domain

    SAM: FABRIKAM\Domain Admins

    DNS:\Domain Admins
    Domain Local GroupUPN:

    SAM: FABRIKAM\Administrators

    Universal GroupUPN: Enterprise

    SAM: FABRIKAM\Enterprise Admins

    DNS:\Enterprise Admins
    ComputerUPN: Client1$

    SAM: FABRIKAM\Client1

    UNC Path\\Server1\Data
    Free Text or SID“PilarA” “S-1-5-21-1473733259-1489586486-3363071491-1005”


    SIDs cannot be referenced in the destination name field.

  • Source type The source type depicts the type of entry that is in the table. This is either a security principal or UNC path. There are many source types that can be configured. The following are all of the source types that can be included in a migration table:

    • User

    • Computer

    • Domain Local Group

    • Domain Global Group

    • Universal Group

    • UNC Path

    • Free Text or SID

  • Destination name The destination name refers to the name that is used in the target domain for the source name translation. For example, there might be a group in the source domain named HRAdmins, whereas in the target domain it is named HRAdministrators. The source name would be HRAdmins and the destination name would be HRAdministrators. You have a few options in the destination name field, other than the explicit name of the destination object. Table 2 lists a few of the other entries and their meanings.

Table 2. Destination Name Entries
Destination Name EntryDescription
Same as sourceThis will not modify the security principal or UNC path during the migration.
NoneThis will remove the entry from the source GPO when it is migrated to the target GPO (cannot be used with UNC path).
Map by relative nameThis will be a translation based on name, such as DomainA\user1 to DomainB\user1 (cannot be used with UNC path).
Explicitly specify valueThis is where a name is typed into the destination name, providing the exact literal value.

To create a migration table, it is best to use the Migration Table Editor, which allows you to work with the migration entries directly. The most efficient solution is to populate the migration table directly from the GPO in production or a GPO that has been backed up. To populate the migration table from a GPO that is in production, follow these steps:

In the GPMC, right-click the Group Policy Objects node, and then click Open Migration Table Editor.

In the Migration Table Editor, click Tools, and then click Populate From GPO.

Select the domain in which the GPO resides from the Look In This Domain list.

Select the GPO from the Group Policy Objects list.


If you want to include the security permissions that are configured on the GPO itself, you must also select the check box labeled During Scan, Include Security Principals From The DACL On The GPO.

Click OK, and review the results from the scan in the Migration Table Editor, as shown in Figure 4.

Figure 4. After a scan of a GPO for security principals and UNC paths, the results are imported into the Migration Table Editor for further refinement and saved to a file.

You can save a migration table and validate its entries. You save the table like any other file—click File, and then click Save. To validate the file and entries, click Tools, and then click Validate Table. The Validation Results dialog box indicates whether there are any issues with the table, as shown in Figure 5.

Figure 5. Validating the migration table will help eliminate simple errors and ensure the migration of the GPO.

Soccer Highlights
- VIDEO Lyon 4 – 0 Apollon Limassol (Europa League) Highlights
- VIDEO Everton 1 – 5 Atalanta (Europa League) Highlights
- VIDEO AC Milan 5 – 1 Austria Wien (Europa League) Highlights
- VIDEO FC Cologne 1 – 0 Arsenal (Europa League) Highlights
- VIDEO Nice 3 – 1 Zulte-Waregem (Europa League) Highlights
- VIDEO Braga 3 – 1 Hoffenheim (Europa League) Highlights
- VIDEO Lazio 1 – 1 Vitesse (Europa League) Highlights
- VIDEO Konyaspor 1 – 1 Marseille (Europa League) Highlights
- VIDEO Athletic Bilbao 3 – 2 Hertha Berlin (Europa League) Highlights
- VIDEO Salzburg 3 – 0 Vitoria de Guimaraes (Europa League) Highlights
- VIDEO Ludogorets Razgrad 1 – 2 Istanbul Basaksehir (Europa League) Highlights
- VIDEO FC Astana 2 – 3 Villarreal (Europa League) Highlights
- First look: Apple Watch

- 3 Tips for Maintaining Your Cell Phone Battery (part 1)

- 3 Tips for Maintaining Your Cell Phone Battery (part 2)
programming4us programming4us