Does IM support moving AD accounts between 2 domains

Document ID : KB000101397
Last Modified Date : 23/07/2018
Show Technical Document Details
Introduction:


 
Question:
Does Active Directory connector in Identity Manager support inter domain user movement in Active Directory.
We have two domain A and B.
Clients requirement is if user is transferred from one domain to another domain he should be physically moved in AD from one domain to another domain.
Is this can be done through Identity Manager.  ?
Answer:
Changing the domain should be considered as a normal change of the provisioning roles, i.e. 
- an existing provisioning role is removed, resulting in an account is removed from original AD domain 
- an new provisioning role is assigned, resulting in an account is created in new AD domain. 
As per design, Identity Manager does not support moving of AD accounts from one domain to other domain. 
you need check with Microsoft for a decent workaround 
Additional Information:
https://www.safaribooksonline.com/library/view/active-directory-cookbook/0596004648/ch04s19.html 
http://windowsitpro.com/windows-server/how-can-i-move-objects-between-domains 
https://social.technet.microsoft.com/Forums/windowsserver/en-US/e972cfe3-ad39-4756-b04c-d7ce783d47eb/best-way-to-move-users-between-domains?forum=winservergen 

There is a concern is that the SID will be changed when you move an account across the domains