Hello, We are studying the usage of ADMT to move user accounts between domains in the same forest (Intra-Forest Migrations): Most questions I had about it have been answered but there are two things that are still open. The servers are Windows Server 2008, clients are on Windows 7 and CLM 2007 is used to manage Smart Cards. 1st - According to the ADMT guide, passwords are always retained on these migrations. The case is that 99% of the end users are on Smart Card and this is a concern considering the Smart Cards have the user's credentials saved on the chip and all the changes are made into Active Directory. If the migrations are performed during their off-hours, as it should be, how will it work out for the users when they arrive the morning after the migration and insert the Smart Card and PIN? Should we retire the Smart Card on the ID's old domain, remove the Smart Card requirement from the ID, have the user logging on with username and password, then personalize back the Smart Card on the new domain? Or is it as simple as moving the users and asking them to plug the Smart Card in and logon happily on the new domain? 2nd - What about BitLocker? They set it on their computers and it's used for encryption of their local profile. After the user is moved over, does the BitLocker remain the same? Will they simply use the same BitLocker key, logon to the new domain and all the encrypted data would be available for their use? This one sounds easier as local profiles seem to be moved over, not sure how the magic happens as we didn't start the lab tests but am eager to know any info on this subject. Thank you!

Hello, Thank you for your post. This is a quick note to let you know that we are performing research on this issue. Best Regards Elytis ChengElytis Cheng TechNet Community Support

Hi, Answer1:After we migrate the user objects to a new domain, the UPN value is changed to the new domain suffix during the course of the transition, and there does not appear to be any control mechanism in ADMT to avoid this transition. Since the SmartCard certificates are tied to the UPN value, this means that while we can migrate the user with their sid-history intact, the user cannot thereafter leverage the account using the same SmartCard until either the UPN is changed back to the original value or the SmartCard certificates are re-initialized to tie them to the new UPN value. Answer2: a. Backing Up BitLocker and TPM Recovery Information to Active Directory: http://technet.microsoft.com/en-us/library/cc766015.aspx b. Update ADMT to include Bitlocker Attributes and perform migration of the computer accounts to the new domain with the Schema Extended to support Bitlocker. Regards, Denny Please remember to click Mark as Answer on the post that helps you, and to click Unmark as Answer if a marked post does not actually answer your question. This can be beneficial to other community members reading the thread.

Hi, Answer1:After we migrate the user objects to a new domain, the UPN value is changed to the new domain suffix during the course of the transition, and there does not appear to be any control mechanism in ADMT to avoid this transition. Since the SmartCard certificates are tied to the UPN value, this means that while we can migrate the user with their sid-history intact, the user cannot thereafter leverage the account using the same SmartCard until either the UPN is changed back to the original value or the SmartCard certificates are re-initialized to tie them to the new UPN value. Answer2: a. Backing Up BitLocker and TPM Recovery Information to Active Directory: http://technet.microsoft.com/en-us/library/cc766015.aspx b. Update ADMT to include Bitlocker Attributes and perform migration of the computer accounts to the new domain with the Schema Extended to support Bitlocker. Regards, Denny Please remember to click Mark as Answer on the post that helps you, and to click Unmark as Answer if a marked post does not actually answer your question. This can be beneficial to other community members reading the thread.

Thanks, this really covers what I needed to know..