ADMT: Active Directory Domain Migration Tool

Windows Server 2012R2  Windows Server 2016  Windows Server 2019

Installation of PES

In order to migrate the passwords between the two forests, we will need to configure and install PES.

On the server where ADMT is installed, create a shared folder in which we will put the encryption key of the passwords.

dossier partagé / shared folder

Open a command prompt in Administrator and enter the following command, adapting to your situation:

Check that the migpwd.pes is present in the output folder.

PES file

Run the pwdmig file on the source domain controller (old.lan), launch the installation wizard, click Next 1 .

PES - Install

Accept license 1 and click Next 2 .

Accepte license

Indicate the location of the encryption key 1 and click Next 2 .

key encrypt

Enter the password 1 and click OK 2 .


Click on Install 1 .

Click on Install

Configure the service with Local System Account 1 and click OK 2 .

PES - Account service

The installation is complete, close the wizard by clicking Finish 1 .

PES - installed

PES asks to restart, click Yes 1 .

Restart server

After the restart, find the Password Export Server Service service and start it.

Start service

Resolve the error during installation

It is possible that the password verification fails with the following message:

The supplied password does not match this encryption key’s password.
ADMT’s Password Migration Filter DLL will not install without a valid encryption key.

PES - Error install

Close the installation wizard, open a command window in Administrator and enter the following command to adapt according to the location of the pwdmig.msi file:

Related Posts

Active Directory: authentication policy

Table Of ContentsPresentation of authentication policiesPrerequisites for using authentication policiesManagement of authentication policiesAuthentication strategy: limit the connection on computer /

Active Directory : password policy – PSO

SommaireIntroductionCreate a password policyCreate a second strategyIdentify the password strategy that appliesIdentify a user's password policyIdentify a group password policyAssign an existing passw

Rename a domain controller

Intro In this tutorial, we will see how to rename domain controller in the "rules of the art". The name change happens in several times, here is a summary: Add a secondary name to the DCPermutation of

Scroll to Top