Post-migration validation steps

Post-migration validation steps

1. User and Computer Account Checks

• Log in as migrated users (try a few from each OU and department).

• Make sure computer accounts have joined the new domain, appear in the right OUs, and can access mapped drives.


2. Group Membership and SIDHistory

• Check universal, domain, and nested group memberships for accuracy.

• Confirm users maintain access to their resources via SIDHistory (try legacy file shares and old apps).


3. Authentication and Logon

• Verify logon success for migrated users on different devices and network segments.

• Test logon scripts, home directories, and profile paths.


4. Resource Access Tests

• Attempt access to critical resources: file shares, printers, applications, email, and shared calendars.

• Validate permissions inheritance and group-policy-driven access controls.


5. DNS and Name Resolution

• Test DNS from client machines—ensure DCs and resources can be resolved in the new forest.

• Check replication status and health of DNS records.


6. Group Policy Objects (GPOs)

• Confirm GPOs are linked, applied, and processing (run gpresult /r and look for expected settings).

• Verify WMI filters, security group scoping, and scripts are correct.


7. Trust and Authentication Paths

• Ensure any necessary domain/forest trusts are operational and properly routing authentication requests.

• Confirm no stale or phantom trusts exist from the legacy forest.


8. Service Accounts and Application Integrations

• Test all migrated service accounts: scheduled tasks, application pools, database services, and printers.

• Verify enterprise apps (HR, line-of-business, print servers) work using accounts from the new forest.


9. Replication Health and AD Integrity

• Run repadmin /replsummary and look for errors or slow replication.

• Use dcdiag to run a comprehensive health report for each DC.


10. Audit, Security, and Monitoring

• Check event logs for errors, failed logins, and replication warnings.

• Confirm that auditing policies and SIEM integrations catch anomalies and report on migrated accounts.


11. User Communication and Support

• Ask a random sampling of real users, “Can you log in and access your stuff?” (It works!)

• Ensure the helpdesk is ready to assist and document any quick fixes, common questions, or leftover gremlins.


12. Cleanup

• Remove stale, disabled, or test accounts from both environments.

• Retire legacy domain controllers and domain trusts no longer needed.