A. To move objects within the same domain, open the Microsoft Management Console (MMC) Active Directory Users and Computers snap-in (go to Start, Programs, Administrative Tools, and click Active Directory Users and Computers), right-click the object, then select Move from the context menu (or in Windows Server 2003, you can simply drag objects to their new location). Unfortunately, you can't use the snap-in to move objects between domains.

To move objects between domains, you can use the movetree.exe command-line tool. As the name suggests, Movetree lets you move trees containing objects from one domain to another in the same forest (you can't move objects between forests). For example, to move organizational unit (OU) texas from savilltech.com to child1.savilltech.com, I would type the command

movetree /check /s omega.savilltech.com /d
vmsrv2003dc1.child1.savilltech.com /sdn OU=texas,DC=savilltech,DC=com /ddn
OU=texas,DC=child1,DC=savilltech,DC=com

Unless you place the distinguished names (DNs) in double quotes, make sure that you don't add spaces in the DNs; otherwise, the command will result in an error. The components from the command above are

  • /check--Instructs Movetree to perform a test to determine whether it can move the tree without actually moving it.
  • /s <server>--Identifies the source domain controller (DC) to use.
  • /d <server>--Identifies the destination DC to use.
  • /sdn <source DN>--Identifies the source DN of the tree to be moved.
  • /ddn <destination DN>--Identifies the destination DN.

You can optionally use the /u and /p switches to pass a username and password, if necessary. After I was satisfied with the results of the /check run, I performed the actual move by replacing /check with /start and typing

movetree /start /s omega.savilltech.com /d
vmsrv2003dc1.child1.savilltech.com /sdn OU=texas,DC=savilltech,DC=com /ddn
OU=texas,DC=child1,DC=savilltech,DC=com

At this point, the specified OU will no longer be in the original domain and will have been moved to the destination domain, including all the OU's contents (e.g., users, other OUs).

When you use the Movetree tool, keep the following conditions in mind:

  • The destination domain must be in Win2K Native mode or later.
  • You can use Movetree to move computer accounts, but they won't work in the destination domain; use the Netdom command to move these accounts as described in the FAQ "How can I move a computer account from one domain to another?".
  • You must lowercase the source and destination DNs.

For a full description of the Movetree tool, from the command line type

movetree /?