Exporting Password Key Information
The Password Export Server (PES) service is used to migrate passwords during interforest migrations. This service must be installed on the source domain and uses a password key generated previously.
A 128-bit encrypted password key must be installed from the target domain on a DC in the source domain. This key allows for the migration of password information from one domain to the next.
To create this key, follow these steps from the command prompt of the ADMT server in the target domain:
1. Insert a USB drive to store the key. (The key can be directed to the network, but for security reasons, directing to a USB drive is better.)
2. Open a command prompt.
3. Type admt key /option:create /sourcedomain:<SourceDomainName> ...
Get Windows Server® 2012 Unleashed now with the O’Reilly learning platform.
O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.
