# &RQWHQWV## # 2YHUYLHZ#4 # ,QWURGXFWLRQ#WR#'HYHORSLQJ#D#'RPDLQ## 5HVWUXFWXUH#6WUDWHJ\#5 # ,GHQWLI\LQJ#'RPDLQ#3UH05HVWUXFWXULQJ## 7DVNV#6 # 'HWHUPLQLQJ#WKH#2UGHU#RI#5HVWUXFWXULQJ## :LWKLQ#D#'RPDLQ#4; # ,GHQWLI\LQJ#'RPDLQ#3RVW05HVWUXFWXULQJ## 7DVNV#4< # /DE#$=#3ODQQLQJ#D#'RPDLQ#5HVWUXFWXUH#57 # 5HYLHZ#73 # # Module 6: Developing a Domain Restructure Strategy # Information in this document is subject to change without notice. The names of companies, products, people, characters, and/or data mentioned herein are fictitious and are in no way intended to represent any real individual, company, product, or event, unless otherwise noted. Complying with all applicable copyright laws is the responsibility of the user. No part of this document may be reproduced or transmitted in any form or by any means, electronic or mechanical, for any purpose, without the express written permission of Microsoft Corporation. If, however, your only means of access is electronic, permission to print one copy is hereby granted. Microsoft may have patents, patent applications, trademarks, copyrights, or other intellectual property rights covering subject matter in this document. Except as expressly provided in any written license agreement from Microsoft, the furnishing of this document does not give you any license to these patents, trademarks, copyrights, or other intellectual property.  2000 Microsoft Corporation. All rights reserved. Microsoft, MS, Windows, Windows NT, Active Directory, and Windows 2000 are either registered trademarks or trademarks of Microsoft Corporation in the U.S.A. and/or other countries. The names of companies, products, people, characters, and/or data mentioned herein are fictitious and are in no way intended to represent any real individual, company, product, or event, unless otherwise noted. Other product and company names mentioned herein may be the trademarks of their respective owners. Project Lead/Instructional Designer: Sangeeta Garg (NIIT (USA) Inc.) Lead Program Manager: Angie Fultz Instructional Designer: Robert Deupree (S&T OnSite) Subject Matter Expert : Brian Komar (3947018 Manitoba Inc) Technical Contributors: John Pritchard, Greg Parsons, David Cross, Rodney Fournier, Tony de Freitas, Christoph Felix, Shaun Hayes, Megan Camp, Richard Maring, Glenn Pittaway, Anne Hopkins, Bob Heath, Jeff Newfeld, Jim Glynn, Paul Thompson (Mission Critical Software, Inc.), David Stern, Lyle Curry, Steve Tate, Bill Wade (Wadeware LLC). Testing Leads: Sid Benavente, Keith Cotton Testing Developer: Greg Stemp (S&T Onsite) Testers: Testing Testing 123 Instructional Design Consultants: Susan Greenberg, Paul Howard Instructional Design Contributor: Kathleen Norton Graphic Artist: Kirsten Larson (S&T OnSite) Editing Manager: Lynette Skinner Editors: Marilyn McCune (Sole Proprietor), Wendy Cleary (S&T OnSite), Jane Ellen Combelic (S&T OnSite) Copy Editor: Shawn Jackson ( S&T Consulting) Online Program Manager: Debbi Conger Online Publications Manager: Arlo Emerson (Aditi) Online Support: Eric Brandt (S&T Onsite) Multimedia Development: Kelly Renner (Entex) Testing Leads: Sid Benavente, Keith Cotton Testing Developer: Greg Stemp (S&T OnSite) Courseware Testing: Data Dimensions, Inc. Production Support: Lori Walker (S&T Consulting) Manufacturing Manager: Rick Terek (S&T Onsite) Manufacturing Support: Laura King (S&T Onsite) Lead Product Manager, Development Services: Bo Galford Lead Product Managers: Dean Murray, Ken Rosen Group Product Manager: Robert Stewart # 0RGXOH#9=#'HYHORSLQJ#D#'RPDLQ#5HVWUXFWXUH#6WUDWHJ\##LLL# ,QVWUXFWRU#1RWHV# This module provides students with the ability to successfully plan a restructure strategy. The module provides a step-by-step methodology for creating a restructure plan. At the end of this module, students will be able to: „# Identify and perform the domain pre-restructuring planning tasks. „# Determine the order of moving objects in a restructuring. „# Identify and perform the domain post-restructuring planning tasks. Lab A, Planning a Domain Restructure, is a scenario-based planning lab. The students review information on the current domain model, Domain Name System (DNS) infrastructure, and proposed site topology. They will then use this information to address design decisions when creating a restructure strategy. Students should work in small groups to complete this lab. If students are reluctant to work together, consider leading the class through the first exercise, encouraging discussion, and then have them work in teams for the remaining exercises. Each exercise maps to a step in the restructure planning process. Make sure that students understand that the scenario at the beginning of the lab applies to all exercises. The table of questions and answers in each exercise is additional information that they may require to address the design decisions for that exercise. Be sure to save 15 minutes at the end of the lab to review their design decisions and address any questions that they may have. 0DWHULDOV#DQG#3UHSDUDWLRQ# This section provides you with the materials and preparation tasks that are needed to teach this module. 5HTXLUHG#0DWHULDOV# To teach this module, you need the following materials: „# Microsoft ® PowerPoint ® file 2010A_06.ppt „# Module 6, “Developing a Domain Restructure Strategy” 3UHSDUDWLRQ#7DVNV# To prepare for this module, you should: „# Read all of the materials for this module. „# Read all of the delivery tips. „# Complete the lab. „# Read the technical white paper, Planning Migration from Microsoft Windows NT to Microsoft Windows 2000, on the Student Materials compact disc. 3UHVHQWDWLRQ=# 93#0LQXWHV# # /DE=# 93#0LQXWHV# LY##0RGXOH#9=#'HYHORSLQJ#D#'RPDLQ#5HVWUXFWXUH#6WUDWHJ\# „# Read chapter 9, “Planning the Active Directory Structure,” of the Windows 2000 Server Deployment Planning Guide on the Student Materials compact disc. „# Read chapter 10, "Determining Domain Migration Strategies,” of the Windows 2000 Server Deployment Planning Guide on the Student Materials compact disc. „# Read the Microsoft Excel spreadsheet, Migration Tool Comparison, on the Student Materials compact disc. 0RGXOH#6WUDWHJ\# Use the following strategy to present this module: „# Introduction to Developing a Domain Restructure Strategy Provide an overview of the restructure planning process. Use the slides and delivery tips to emphasize the planning steps involved in creating a basic domain restructure plan. Emphasize to students that if their migration path involves first upgrading and then restructuring, they must create two plans: one for the domains that will be upgraded, and one for the domains that will be restructured. Clarify for students that this module provides the foundational domain restructure plan. Organizations will likely add steps to their restructure plans based on the presence of specific services and applications in their environments. Postpone discussion of how to plan for these until the next module. Make the components of each planning step meaningful by relating them to example scenarios or by describing the impact if the planning step is not performed. Encourage interaction throughout the module by engaging students in discussion or asking them how a planning step applies to their environments or migration situations. „# Identifying Domain Pre-Restructuring Tasks Explain the components of the existing Microsoft Windows NT ® version 4.0 domain structure that should be documented prior to migration. Remind students that multiple resource domains are no longer needed to separate administrative control. Delegation can provide the same functionality. Multiple account domains are no longer needed to provide scalability because there is no practical limit to the number of accounts that a domain can hold. Discuss the methods of restructuring. Emphasize that within each method, there are many permutations to domain restructuring. Students may be confused by the different ways that they can perform domain restructuring. It is important to take the necessary time here to ensure comprehension. Emphasize that restructuring is possible between Windows NT 4.0 and Microsoft Windows ® 2000 domains, between Windows 2000 domains in separate forests, or between domains in the same Windows 2000 forest. Restructuring instead of upgrading has proven to be the most common among early adopters. # 0RGXOH#9=#'HYHORSLQJ#D#'RPDLQ#5HVWUXFWXUH#6WUDWHJ\##Y# Explain how to prepare to deploy the target environment. The assumption made throughout this course is that the Active Directory ™ directory service design has been completed in an earlier planning stage. This particular planning step is only applicable to organizations restructuring between a Windows NT 4.0 source environment and a Windows 2000 target. Make sure that students understand all of the components of creating a recovery plan that allows them to roll back to the pre-restructured Windows NT domain. Be sure to compare the differences between recovering a Windows NT environment and a Windows 2000 source environment. Explain the factors to consider when selecting an appropriate migration tool for your restructuring. Explain the security principal details that students must document. Make sure that students understand the impact if this information is not comprehensively recorded. This topic mentions several Resource Kit utilities that facilitate this documentation for smaller environments. Ask students about their knowledge of third-party tools that can help with this process in enterprise environments. „# Determining the Order of Restructuring Within a Domain Explain the recommended order of moving objects in a restructuring. Ask students what the impact will be if a different order is used. „# Identifying Domain Post-Restructuring Tasks Make sure that students understand why they may need to redefine resource discretionary access control lists (DACLs) and how they can avoid the unknown user problem. Be sure to mention how the Security Translation wizard of the Active Directory Migration Tool (ADMT) can be used to facilitate this process. They will use this wizard in the lab to redefine a resource DACL. You may also want to demonstrate this wizard during your lecture on this topic. Cleaning up sIDHistory is a post-domain restructure step that is applicable only to companies choosing to migrate security principals with their source security identifier (SID). Because most organizations are likely to adopt this process, make sure that students understand that the main reason for doing this is to minimize the size of access tokens. At this time, there is no tool to remove the value of the sIDHistory; a simple Active Directory Service Interfaces (ADSI) script can accomplish this. Remind students that retaining the sIDHistory is optional during migration. The process of sIDHistory cleanup is not required if accounts are not migrated with their original SIDs. Converting the target environment to production is one of the last steps in domain restructuring. Ensure that students understand the different ways in which the conversion can occur. Decommissioning the source environment is something that all organizations will do. Although this process is fairly straightforward, the key to planning domain decommissioning is making sure that all of the objects have been moved to the target environment. # 0RGXOH#9=#'HYHORSLQJ#D#'RPDLQ#5HVWUXFWXUH#6WUDWHJ\##4# 2YHUYLHZ# „ ,QWURGXFWLRQ#WR#'HYHORSLQJ#D#'RPDLQ#5HVWUXFWXUH# 6WUDWHJ\ „ ,GHQWLI\LQJ#'RPDLQ#3UH05HVWUXFWXULQJ#7DVNV „ 'HWHUPLQLQJ#WKH#2UGHU#RI#5HVWUXFWXULQJ#:LWKLQ#D#'RPDLQ „ ,GHQWLI\LQJ#'RPDLQ#3RVW05HVWUXFWXULQJ#7DVNV After you have determined the implications that restructuring domains has on security principals, you can begin planning for domain restructuring. This module provides a step-by-step methodology for creating a restructure strategy. At the end of this module, you will be able to: „# Identify and perform the domain pre-restructuring planning tasks. „# Determine the order of moving objects in a restructuring. „# Identify and perform the domain post-restructuring planning tasks. 6OLGH#2EMHFWLYH# 7R#SURYLGH#DQ#RYHUYLHZ#RI# WKH#PRGXOH#WRSLFV#DQG# REMHFWLYHV1# /HDG0LQ# ,Q#WKLV#PRGXOH/#\RX#ZLOO#OHDUQ# DERXW#WKH#VWHSV#IRU# GHYHORSLQJ#D#UHVWUXFWXUH# VWUDWHJ\1# 5# # 0RGXOH#9=#'HYHORSLQJ#D#'RPDLQ#5HVWUXFWXUH#6WUDWHJ\# ,QWURGXFWLRQ#WR#'HYHORSLQJ#D#'RPDLQ#5HVWUXFWXUH# 6WUDWHJ\# ,GHQWLI\#GRPDLQ#SUH0UHVWUXFWXULQJ#WDVNV ,GHQWLI\#GRPDLQ#SUH0UHVWUXFWXULQJ#WDVNV 'HWHUPLQH#WKH#RUGHU#RI#UHVWUXFWXULQJ#ZLWKLQ#D#GRPDLQ 'HWHUPLQH#WKH#RUGHU#RI#UHVWUXFWXULQJ#ZLWKLQ#D#GRPDLQ ,GHQWLI\#GRPDLQ#SRVW0UHVWUXFWXULQJ#WDVNV ,GHQWLI\#GRPDLQ#SRVW0UHVWUXFWXULQJ#WDVNV 1 1 1 2 2 2 3 3 3 The Microsoft ® Active Directory ™ directory service design defines the ideal Microsoft Windows ® 2000 domain hierarchy. How you achieve that goal is the point of restructure planning. When formulating a restructure strategy, the following are the basic planning steps that all organizations must complete for the most common restructure scenarios: 1. Identify and perform domain pre-restructure tasks to ensure that security principal information can be reconstructed after restructure (if necessary), to roll back to the source environment (if necessary), and to document and make decisions that will ensure a successful migration. 2. Determine the order of restructuring within a domain to ensure that the source group membership and resource discretionary access control lists (DACLs) are migrated intact. 3. Identify and perform domain post-restructure tasks to ensure that the users retain logon capability and access to resources after the restructure. Depending on the current network environment, additional planning steps may be required to ensure continuity in the availability of network services and applications. 6OLGH#2EMHFWLYH# 7R#LQWURGXFH#WKH#VWHSV#IRU# SODQQLQJ#D#UHVWUXFWXULQJ1# /HDG0LQ# :KHQ#\RX#SODQ#DQG#SUHSDUH# IRU#D#GRPDLQ#UHVWUXFWXULQJ/# \RX#KHOS#HQVXUH#WKDW#WKH# QHWZRUN#FRQWLQXHV#WR#ZRUN# SURSHUO\#DQG#WKDW#WKH#FKRVHQ# VWUXFWXUH#VDWLVILHV#WKH# EXVLQHVV#UHTXLUHPHQWV#RI# \RXU#RUJDQL]DWLRQ1# 3URYLGH#DQ#RYHUYLHZ#RI#WKH# RYHUDOO#UHVWUXFWXUH#SODQQLQJ# SURFHVV1#8VH#WKH#VOLGH#WR# H[SODLQ#WKH#SODQQLQJ#VWHSV# LQYROYHG#LQ#FUHDWLQJ#D#EDVLF# GRPDLQ#UHVWUXFWXUH#SODQ1# # 'HOLYHU\#7LS # 7KLV#PRGXOH#IRFXVHV#RQ#WKH# JHQHUDO#SODQQLQJ#VWHSV#WKDW# DSSO\#WR#DOO#UHVWUXFWXUH# VFHQDULRV1# # $GGLWLRQDO#SODQQLQJ#VWHSV# PD\#QHHG#WR#EH#DGGHG#WR# WKLV#EDVLF#UHVWUXFWXUH#SODQ1# )RU#PRUH#LQIRUPDWLRQ/#VHH# PRGXOH#:/#³0LQLPL]LQJ#WKH# ,PSDFW#RQ#1HWZRUN# 2SHUDWLRQV#'XULQJ#D#'RPDLQ# 5HVWUXFWXUH/´#LQ#FRXUVH# 5343$/#'HVLJQLQJ#D# 0LFURVRIW#:LQGRZV#5333# 0LJUDWLRQ#6WUDWHJ\1# # 0RGXOH#9=#'HYHORSLQJ#D#'RPDLQ#5HVWUXFWXUH#6WUDWHJ\##6# ‹‹ #,GHQWLI\LQJ#'RPDLQ#3UH05HVWUXFWXULQJ#7DVNV# ([DPLQLQJ#H[LVWLQJ#GRPDLQ#HQYLURQPHQW#IRU#UHVWUXFWXUH ([DPLQLQJ#H[LVWLQJ#GRPDLQ#HQYLURQPHQW#IRU#UHVWUXFWXUH &KRRVLQJ#D#GRPDLQ#UHVWUXFWXUH#PHWKRGRORJ\ &KRRVLQJ#D#GRPDLQ#UHVWUXFWXUH#PHWKRGRORJ\ 3UHSDULQJ#WR#GHSOR\#WKH#WDUJHW#HQYLURQPHQW 3UHSDULQJ#WR#GHSOR\#WKH#WDUJHW#HQYLURQPHQW 6HOHFWLQJ#DSSURSULDWH#PLJUDWLRQ#WRROV 6HOHFWLQJ#DSSURSULDWH#PLJUDWLRQ#WRROV ,GHQWLI\LQJ#DQG#GRFXPHQWLQJ#VRXUFH#VHFXULW\#SULQFLSDO#GHWDLOV ,GHQWLI\LQJ#DQG#GRFXPHQWLQJ#VRXUFH#VHFXULW\#SULQFLSDO#GHWDLOV 1 1 1 2 2 2 3 3 3 'HYHORSLQJ#D#UHFRYHU\#SODQ 'HYHORSLQJ#D#UHFRYHU\#SODQ 4 4 4 'HWHUPLQLQJ#KRZ#WR#PLJUDWH#VHFXULW\#SULQFLSDO#GHWDLOV 'HWHUPLQLQJ#KRZ#WR#PLJUDWH#VHFXULW\#SULQFLSDO#GHWDLOV 5 5 5 6 6 6 7 7 7 When planning a restructure strategy, you need to perform the following pre- restructuring tasks: 1. Examine the existing domain environment to identify obsolete components in the existing environment, help select a restructure methodology, and ensure that existing network services and resource access are maintained during the restructuring. 2. Choose a domain restructure methodology that meets your migration goals and your Active Directory design goals. 3. Prepare to deploy the target environment in case you select inter-forest restructuring as the methodology for your migration. 4. Develop a recovery plan to prevent accidental data loss during a restructure and to allow rollback to the pre-restructured Microsoft Windows NT ® domain. 5. Select appropriate migration tools for your restructuring. 6. Identify and document source security principal details to ensure that you can reconstruct them after migration if necessary. 7. Determine how to migrate security principal details. 6OLGH#2EMHFWLYH# 7R#LQWURGXFH#WKH#SUH0 UHVWUXFWXULQJ#WDVNV1# /HDG0LQ# 3UH0UHVWUXFWXULQJ#WDVNV# LQFOXGH111# %ULHIO\#H[SODLQ#WKH#SUH0 UHVWUXFWXULQJ#WDVNV1# 7# # 0RGXOH#9=#'HYHORSLQJ#D#'RPDLQ#5HVWUXFWXUH#6WUDWHJ\# ([DPLQLQJ#([LVWLQJ#'RPDLQ#(QYLURQPHQW#IRU#5HVWUXFWXUH# „ ,GHQWLI\#WKH#&XUUHQW#'RPDLQ#0RGHO „ ,GHQWLI\#DQG#'RFXPHQW#$OO#2QH0 DQG#7ZR0:D\#7UXVW# 5HODWLRQVKLSV „ ,GHQWLI\#$SSOLFDWLRQV#5XQQLQJ#RQ#'RPDLQ#&RQWUROOHUV „ ,GHQWLI\#6HUYLFHV#5XQQLQJ#RQ#'RPDLQ#&RQWUROOHUV# DQG#7KHLU#&RQILJXUDWLRQ Examining the current domain model serves the following three purposes: „# It assists in identifying obsolete components in the existing environment. Eliminating outdated domains and security principals will simplify domain management in the new environment. „# It helps select a restructure methodology. Achieving the ideal forest may require that existing account domains be upgraded to join a parallel environment while eliminating obsolete resource domains. Or, it may require abandoning the whole model and beginning again with an infrastructure that serves the requirements of the business that it supports. „# It helps ensure that existing network services remain intact and that resource access is maintained during the restructure. When examining the existing domain structure, include the following steps: „# Identify the current domain model. Document the number of domains and the function that they serve. Carefully examine the reasons that a domain was originally created. Companies that previously required multiple account domains for scalability, and multiple resource domains for segregating administrative access, may be able to eliminate those domains in favor of a single Active Directory domain. „# Identify and document all one- and two-way trust relationships. To ensure that migrated users retain access to resources in trusted domains, you must establish trusts on the target domain that mirror the trusts found on the resource domain. 6OLGH#2EMHFWLYH# 7R#H[SODLQ#WKH#FRPSRQHQWV# RI#WKH#H[LVWLQJ#GRPDLQ# PRGHO#WKDW#QHHG#WR#EH# GRFXPHQWHG#SULRU#WR# UHVWUXFWXUH1# /HDG0LQ# ([DPLQLQJ#\RXU#H[LVWLQJ# GRPDLQ#PRGHO#DOORZV#\RX#WR# LGHQWLI\#REVROHWH# FRPSRQHQWV#LQ#WKH#H[LVWLQJ# HQYLURQPHQW/#VHOHFW#D# UHVWUXFWXUH#PHWKRGRORJ\/# DQG#HQVXUH#WKDW#H[LVWLQJ# QHWZRUN#VHUYLFHV#DQG# UHVRXUFH#DFFHVV#DU H# PDLQWDLQHG#GXULQJ#WKH# UHVWUXFWXULQJ1# 8VH#WKH#VOLGH#WR#SRLQW#RXW# HDFK#FRPSRQHQW#RI#WKH# H[LVWLQJ#GRPDLQ# HQYLURQPHQW#WKDW#VKRXOG#EH# H[DPLQHG#SULRU#WR# UHVWUXFWXUH1# # 'HOLYHU\#7LS # $VN#VWXGHQWV#ZKHWKHU#WKH\# KDYH#GRPDLQ#HQYLURQPHQW# GRFXPHQWDWLRQ1# # .H\#3RLQWV# (PSKDVL]H#WKDW#WKH# LQIRUPDWLRQ#JDWKHUHG#DERXW# WKH#GRPDLQ#HQYLURQPHQW# KHOSV#HOLPLQDWH#LQHIILFLHQFLHV# LQ#WKH#QHZ#HQYLURQPHQW#DQG# VHOHFW#D#UHVWUXFWXUH# PHWKRGRORJ\1# [...]... Is spare hardware available? Yes Each domain is allocated five spare servers that contain the exact hardware configuration of the servers currently in use What is the connectivity and bandwidth availability between domains? All domains are located on a corporate local area network (LAN) and are connected by gigabit Ethernet At peak times, net available bandwidth averages 60% What is the Active Directory... Resource Domain NetBIOS Domain Name: Venus DNS Domain Name: Venus.contoso.msft Role: Account and Resource Domain NetBIOS Domain Name: Mars DNS Domain Name: Mars.contoso.msft Role: Account and Resource Domain NetBIOS Domain Name: Saturn DNS Domain Name: Saturn.contoso.msft Role: Account and Resource Domain NetBIOS Domain Name: Neptune DNS Domain Name: Neptune.contoso.msft Role: Account and Resource Domain. .. information, and Security Accounts Manager (SAM) database objects To ensure that a domain can be fully rolled back to its pre -restructure state, your recovery plan should, at a minimum, include the following steps: 1 Ensure that all source domains have at least two domain controllers to prevent a domain from becoming orphaned during the migration process 2 Document the configuration of any applications... Backup Backup It is important that you develop a recovery plan to prevent accidental data loss during restructure This plan should include details of how you will back up your domain controllers, applications, and other data before and during the upgrade Although a certain degree of recovery is possible by simply maintaining the source domain, having a recovery plan is important in migration scenarios... the Domain Admins, Domain Users, and Domain Guests accounts by using either the Group Mapping and Merging wizard in ADMT or the Sidhist.vbs ClonePrincipal script ,PSRUWDQW# If any security assignments that include the Domain Admins, Domain Users, or Domain Guests global groups are created in the target domain, you must add the target SID of each group to the sIDHistory for the matching group in the target... deploy the target environment: „# Ensure that sufficient hardware is available At a minimum, all domains that will ultimately hold migrated accounts or resources must be created, requiring more hardware than what is presently used in the current domain model Depending on the domain hierarchy proposed in the Active Directory design, this may require the creation of all domains Additionally, a sufficient... Microsoft® Exchange 5.5 Server and Microsoft SQL Server™ version 7.0 are installed on a member server in each domain Internet Information Services, providing Web services, is installed on a BDC in each domain .A BDC in the Saturn domain has a specialized line-of-business application installed that is incompatible with Windows 2000 'RPDLQ#&RQWUROOHU#6XPPDU\# Each domain has a single PDC Each domain has one Windows... migration goals Each tool varies in the migration features that it provides You should become familiar with each tool’s capabilities and limitations „# Administrative preferences Driven by graphical wizard interfaces, ADMT is easy to use and requires little preparation However, MoveTree and ClonePrincipal as command-line utilities are best used in scripts that enable user accounts, clean up or populate... users may be concentrated in a single container or separated in multiple containers according to the domain from which the accounts originated Verify that suitable OUs are defined so that migrated accounts do not have to be moved after migration „# Verify that the replication schedules between sites will facilitate domain controller redeployment This is particularly important where a single domain spans... source domain If the source domain is Windows 2000, you can also write a variety of ADSI scripts to collect the membership „# Identify global groups in source account domains that might be combined in the target domain When multiple account domains exist in a source environment, it is common for global groups of the same name or function to be defined in each domain; for example, domainA\SalesReps and domainb\SalesReps . Controller Applications Applications Data Data Backup Backup Backup Backup Backup Backup Backup Backup Backup 41#$GG#D#%'&#WR#D#'RPDLQ# &RQWDLQLQJ#D#6LQJOH#'RPDLQ# &RQWUROOHU 51#'RFXPHQW#WKH#&RQILJXUDWLRQ#RI# 6HUYLFHV#DQG#$SSOLFDWLRQV# 5XQQLQJ#RQ#WKH#3'&#DQG#%'&V# 61#%DFN#8S#6HUYLFHV#DQG# $SSOLFDWLRQV#WR#7DSH 71#%DFN#8S#$FFRXQW#'DWDEDVH#DQG# 3HUIRUP#D#7HVW#5HVWRUDWLRQ# . in each domain; for example, domainASalesReps and domainbSalesReps. You can merge groups of the same name or function in the target domain, allowing