Installation of PES
In order to migrate the passwords between the two forests, we will need to configure and install PES.
On the server where ADMT is installed, create a shared folder in which we will put the encryption key of the passwords.
Open a command prompt in Administrator and enter the following command, adapting to your situation:
admt key /option:create /sourcedomain:old.lan /keyfile:D:\Passwords\migpwd.pes /keypassword:password
Check that the migpwd.pes is present in the output folder.
Run the pwdmig file on the source domain controller (old.lan), launch the installation wizard, click Next 1 .
Accept license 1 and click Next 2 .
Indicate the location of the encryption key 1 and click Next 2 .
Enter the password 1 and click OK 2 .
Click on Install 1 .
Configure the service with Local System Account 1 and click OK 2 .
The installation is complete, close the wizard by clicking Finish 1 .
PES asks to restart, click Yes 1 .
After the restart, find the Password Export Server Service service and start it.
Resolve the error during installation
It is possible that the password verification fails with the following message:
The supplied password does not match this encryption key’s password.
ADMT’s Password Migration Filter DLL will not install without a valid encryption key.
Close the installation wizard, open a command window in Administrator and enter the following command to adapt according to the location of the pwdmig.msi file:
msiexec -i C:\Apps\pwdmig.msi