Online Manual: "User Management Resource Adminstrator"
Go to: User Management Resource Administrator homepage
Script Action: Move cross-domain (AD)
Function
Moves an existing user object (users and computer accounts) from an
OU in one domain to an OU in another domain.
Deployment
When moving a user object to another
domain, several script actions are needed. The actual move operation
is done using the Move cross domain (AD) script action. The other script
actions are used to set up the right primary group membership of the account
to move.
1. Get
User (AD) - UMRA binds to the user account in order to obtain
the SAM account name. The SAM account name is used to setup the new primary
group membership.
2. Set
Primary Group (non AD) - The action configures an universal
group as the primary group of the user account. This action is required
in order to be able to remove the group membership of the current primary
group which is usually the global group Domain Users.
3. Delete
a specific variable - The user object information regarding
the primary group needs to be refreshed internally. In order to do this,
the application must release the user account object and rebind to the
account. Therefore, the variable that holds the user account object %UserObject%
must be deleted.
4. Get
User (AD) - This action is identical to the first Get user
(AD) action. Now, the UMRA Console application binds to the same user
account with an updated primary group account.
5. Rermove
user group memberships (AD) - The global groups can now be
removed successfully.
6. Move cross domain (AD) - See properties
in the table below
Properties
The
script action Move cross domain
(AD) has the following properties:
|
Property Name |
Description |
Typical setting |
Remarks |
|
Source object |
The Source object property is the LDAP name
of the object to be moved in the original location (before the move). |
|
Important: In case the source
domain has multiple domain controllers, the domain controller with the
role of RID master must be used to access the source account. Access to
the source account is controlled by specifying a binding string as part
of the LDAP name:
LDAP://server_rid_master.mydomain.com/
CN=<AccountToMove>, OU=<SourceOU>, DC=<mydomain>.DC=com. |
|
Target container |
The Target container property is used to specify
the full LDAP name of the destination of the object. The container can
be an organizational unit, domain or general container (e.g. Users). The
container must be specified using a server binding string in DNS format:
goldfish.marketing.TheFirm.com. This type of specification enforces the
move operation to use Kerberos authentication instead of NTLM. |
|
|
|
New name |
New name only has to be specified if the (common)
name of the user account changes. If not, it can be left unspecified. |
|
|
See also:
Examples
- Move cross domain (AD)
| 
