Seamless Transitions: Unlocking Workstation Migration with Identity Migration Service (IMS)

Workstation Migration with IMS

IMS offers workstation migration as part of the solution for migrating user accounts across domains. This service includes joining the machine to the target domain and translating your user profile on the workstation to the target domain.

Tool Leveraged for Migration:

IMS uses WMT (Workstation Migration Tool) service for performing the workstation migrations across the domains. The Workstation Migration Tool (WMT) Service is specifically designed to perform privileged workstation migration operations.

Prerequisites for a Workstation Migration

For a workstation to qualify for migration, The WMT Service must be installed and active on the system. This ensures that all migration tasks are executed securely and efficiently.

Computers objects must be pre-created by the synchronization service in order to migrate the user's computers. If they do not exist in the target, the migration will fail on the computer migration component.

Scope

Only enabled computers with a Windows client operating system, Windows 10 or greater, will be synchronized. All non-windows computers (such as Macs) and server computers will not be synchronized. IMS cannot be used to migrate servers and cannot migrate non-Windows clients.

How WMT Migrates a Machine's User Profiles

When one or more local User Profiles are in scope for migration from the source account ownership to the corresponding target account, they go through the following processing:

User profile in scope:

• Typically, the initial ownership of a user profile (the NTUSER.DAT file) belongs to the user's source domain account.
• There is a specialization that can be configured to restrict migrating only those user profiles where their corresponding accounts are already migrated.
• There is a specialization that can be configured to allow a secondary (non-primary) source account to migrate its profile to the corresponding target account.

User profile migration process:

• After rebooting, user account profile migrations are initiated.
• The size of the user profile will determine how much time is allocated to the user profile change ownership processing (which includes retries).
• The larger profiles will be allocated more time to process them.
• When a user profile ownership operation fails, it will not immediately retry; instead, the next profile on the list gets its chance to process first.
• The retries will be attempted in the subsequent processing cycle.

Key Features

• WMT can track the per user profile translation and not translate the source account's user profile again if it's already translated.
• Migration Over VPN: By default, support for self-service migration under the VPN mode using the IMS Portal Click Once user interface is enabled. When a user is under VPN mode, only the self-service Portal migration is allowed since the logged in migrating user can be prompted to cache his/her target user account so that he/she can log back in after reboot and before the VPN connection is established. (surrogate Portal migration or the unattended Auto Migration App can't prompt the appropriate user to cache the target account which preventing the user from logging back in and therefore these two migration types should be blocked under VPN). Learn more about IMS Migration methods 
• Migration Over VPN Without Target Domain Join: The WMT Package can be configured to skip joining the client machine to the target domain when migrating the machine over VPN. Under this mode, the target account is still validated and prompted to be cached so that after machine reboots the user can log back in with the migrated target account.
• WMT App Reregistration Processing and Progress UI: The WMT full-screen splash screen app is used for app reregistration progress UI and informing the user to log back in later due to the user profile change ownership task having not completed yet.
• The WMT Service has the option to run custom PowerShell external scripts at the following points in the WMT Service workflow.
  • Pre-Workstation Migration (Local System Context)
  • Post-Workstation Migration (Local System Context)
  • After Reboot, After User Profile Migration (Local System Context)
  • After Reboot, After Each User Login, After App Re-registration (Current User Context) IMPORTANT Note: The customer is responsible for maintaining the external script and monitor its logging. IMS only reports successful or unsuccessful execution.

Benefits of Workstation Migration Tool:

• User Profile Tracking: WMT can track per user profile translation and ensure that the source account's user profile is not translated again if it's already translated.
• Migration Over VPN: The WMT package can be configured to migrate the machine over VPN and also can be configured to skip joining the client machine to the target domain when migrating over VPN, allowing for seamless migration with and without domain join.
• App Reregistration: The WMT full-screen splash screen app provides a progress UI for app reregistration and informs the user to log back in later due to the user profile change ownership task.
• Preventing Extra Profiles: A login GPO can use a script to prevent a migrated source account from logging onto a machine where its profile is already migrated to the target account, preventing extra blank profiles.
• Custom Scripting: The WMT Service allows for custom PowerShell external scripts to be run at various points in the WMT Service workflow, providing flexibility and customization. - Reference blog Custom Scripting 

Conclusion

The Identity Migration Service (IMS) and its Workstation Migration Tool (WMT) offer a robust and efficient solution for migrating user profiles and workstations across domains.

Overall, IMS and WMT provide a comprehensive approach to workstation migration, enhancing the digital presence and customer engagement for organizations.

Learn more about IMS and explore its powerful migration capabilities today!

• Read our latest insights on the IMS blog
• Learn more about IMS and start hassle-free migrations and its capabilities today! On our YouTube Channel 
• Want to speak with an expert? Reach out to us at imssales@microsoft.com to connect with a sales representative. Let’s power the future of digital collaboration — together.