JSI Tip 3219. Using the MoveTree utility to move objects between domains in a forest?

When you reorganize, you may want to move objects from one domain to another within your forest.

The MoveTree utility from the support tools can assist.

Install the Windows 2000 Support Tools from the Support\Tools folder on the Windows 2000 Professional or Windows 2000 Server CD-ROM.

MoveTree initially moves objects to the Lost and Found container in the source domain, and from there to the destination domain. Objects that can NOT be moved are placed in an orphancontainer in the Lost and Found container. All objects that are moved are logged in the MoveTree.log file and errors are recorded in the MoveTree.err file.

MoveTree does NOT move profiles, logon scripts, and the users' personal data.

MoveTree will move an OU with all the linked GPOs, but clients will still receive the Group Policy settings from the source domain, so you should re-create the GPOs for the moved OUs in the destination domain, and delete the old GPOs in the source domain.

The MoveTree syntax is:

   MoveTree \[/start | /continue | /check\] \[/s SrcDSA\] \[/d DstDSA\]
   \[/sdn SrcDN\] \[/ddn DstDN\] \[/u Domain\Username\] \[/p Password\] \[/quiet\]

   /start               : Start a MoveTree operation with /check option by default, or use the /startnocheck switch.

   /continue            : Continue a failed MoveTree operation.

   /check               :Check the whole tree before actually moving any object.

   /s <SrcDSA>          : Source domain DSA name. Required. 

   /d <DstDSA>          : Destination domain DSA name. Required.

   /sdn <SrcDN>         : Source subtree's root domain name,
                          required for /Start and /check, optional for /continue.

   /ddn <DstDN>         : Destination subtree's root domain name. Required.

   /u <Domain\UserName> : Domain name and user account name. Optional.

   /p <Password>        : Password. Optional.

   /quiet               : Quiet mode. Without any display. Optional.


MoveTree /check /s Server1 /d Server2 /sdn OU=SourceOU,DC=Dom1 /ddn OU=DestOU,DC=Dom2 /u Dom1\administrator /p *

MoveTree /start /s Server1 /d Server2 /sdn OU=SourceOU,DC=Dom1 /ddn OU=DestOU,DC=Dom2 /u Dom1\administrator /p AdminPassword

MoveTree /startnocheck /s Server1 /d Server2 /sdn OU=SourceOU,DC=Dom1 /ddn OU=DestOU,DC=Dom2 /u Dom1\administrator /p AdminPassword

MoveTree /continue /s Server1 /d Server2 /ddn OU=DestOU,DC=Dom1 /u Dom1\administrator /p * /quiet

Guidelines for Using MoveTree

DNS must be working properly.

You must be a member of the Enterprise Admins group.

Use all lower case letters for the source an destination, or you will receive a 0x20e4 The Naming Context error.

The destination domain must be in Native mode.

Even though MoveTree moves the computer accounts, they are invalid and unusable until you run NETDOM to move the computer accounts.

Hide comments


  • Allowed HTML tags: <em> <strong> <blockquote> <br> <p>

Plain text

  • No HTML tags allowed.
  • Web page addresses and e-mail addresses turn into links automatically.
  • Lines and paragraphs break automatically.