Quest Migration Manager FAQ

#1 What Is the Quest Migration Manager for Active Directory?

The Quest Migration Manager for Active Directory is a tool that helps restructure and consolidate Active Directory with zero impact. It provides streamlined project management, business-critical support, as well as coexistence capabilities.

It ensures that the end-users can maintain access to their workstations, emails, and resources throughout the migration process. What’s more, it promises to help migrate AD with no downtime and no data loss.

#2 What Are the Main Features of the Quest Migration Manager for Active Directory?

With the Quest Migration Manager, customers can plan their migrations by staging users, updating permissions, and scheduling workstation moves. This tool allows users to easily mirror their production environment to a test lab, thus ensuring that all processes are both safe and effective.

Another feature of the tool is the ability to migrate using a robust project management interface. The Quest Migration Manager for AD also has advanced delegation capabilities, full rollback, reporting options, multi-agent architecture, and distributed resource processing.

By automatically updating their permissions and resources, users can save time and reduce risk. These include Exchange, SharePoint, AD, IIS, SQL server, and the System Management server from Microsoft.

Another popular feature of the Quest Migration Manager is the secure execution. Using test modes allows users to verify the accuracy and security of their migration plan. Then, using this Microsoft Entra ID migration tool, users can optimize their post-migration environment. They can also preserve passwords, as well as remove source accounts and related references.

#3 Is There a Free Trial for the Quest Migration Manager for Active Directory?

Yes, there is a free trial to try out the Migration Manager for Active Directory. It’s a 30-day trial that gives users the ability to restructure Active Directory during business hours to reduce administrator workload. It also maintains access to all servers, has a test mode, enables parallel processing time, and mirrors the production AD environment.

 #4 What Is the Quest Migration Manager for Exchange?

The Quest Migration Manager for Exchange is a tool to help eliminate the risk of migrating and consolidating to new Office 365 or Exchange 2019 on-premises environments.

The mailbox migration tool allows users to synchronize mailboxes, calendar information, and public folders. It also helps maintain coexistence throughout the entire project.

#5 What Are the Main Features of the Quest Migration Manager for Exchange?

The Migration Manager for Exchange from Quest enables users to have continuous access to their workstations without disruption. That allows for business continuity and zero-impact migration.

Another feature of the tool is that it offers direct synchronization for mailboxes, distribution groups, public folders, and calendars. Speaking of public folders, with the Migration Manager for Exchange tool, there’s total coexistence and complete migration for on-premises folders. It creates a recycle bin for those folders to minimize problems that might occur during migration.

As part of the tool, users have access to the live reporting feature. It provides the real-time status of the migration so users can troubleshoot issues as they happen. There are also automated updates, as well as 24/7 product support from Quest.

The Migration Manager for Exchange helps reduce network bandwidth requirements to ensure a smoother synchronization process using a distributed structure. All data is routed between the source and target servers and it doesn’t go through the main console.

#6 Is There a Free Trial for the Quest Migration Manager for Exchange?

Yes, there is a 30-day free trial that users can get access to. It provides coexistence between applications and uses less network bandwidth. The Migration Manager for Exchange also preserves offline folders during the migration and eliminates toggling between applications. What’s more, the tool promises to deliver coexistence between both the migrated and non-migrated users.

#7 Do I Need to Install Quest Migration Manager in the Source or Target Domain?

A good practice is installing the Quest Migration Manager Console in the target domain.

#8 Do I Need a Trust Between Domains?

You don’t absolutely require a trust between domains. However, without it, there will be certain limitations to the functionality if it isn’t in place. That is to say, migration of SID History wouldn’t be possible without a trust.

Here are the restrictions you might encounter if no trusts are established:

  1. You will have to switch resources and users at the same time. When a user begins using their target account, all resources must be updated to have the same access to the same resources as the corresponding source user. 
  2. You won’t be able to use a single administrative account for migration.
  3. The console establishes net use connections automatically when working with remote Exchange servers. So if there are trusts between the machine with Quest Migration Manager installed and the console, there’s a need for the installation at all Exchange servers where the synchronization agents are. But if there is an established net use connection between the remote Exchange server and the console machine, users might have to manually manage the connection.  
  4. When switched to the target server, users will have to specify the target security account. Without trusts, their source accounts won’t have the permissions for the target mailboxes.
  5. Users who migrate Exchange first and set the source user’s account to be the Associated External Account for the corresponding Exchange mailbox won’t be able to log into the target mailboxes with their source accounts.
  6. Users who have Windows 2000 or Windows Server 2003-based cluster servers in the target and source domains will need trusts to be established between them. That means that the computer where the Quest Migration Manager is installed has to be a member of the domain in which either the Windows Server 2003 or Windows 2000 Exchange cluster servers reside.

#9 How to Utilize Real-Time RSS Feeds to Stay Updated on Quest Microsoft Platform Management Products

A Really Simple Syndication (RSS) feed is an efficient way to immediately distribute published content directly to subscribers. The Quest product RSS feeds allows customers who are subscribed to receive timely notifications for:

  • Software releases
  • Updated product documentation
  • Newly published KB articles
  • Changes to the Product Life Cycles

To utilize the real-time RSS feeds, visit the Product Page of your choosing on the Quest Support Portal. Then, under the Self-Service Tools dropdown menu, select RSS Feed.

On the RSS Feed/What’s New page, users will be able to view past and present notifications. They can also filter the displayed notifications by Month and Category, and see an option to Subscribe to the RSS feed.

Clicking on that subscribe link will bring users to the XML that’s required by all RSS aggregators to read and display the RSS feed. Those using a browser with a built-in RSS reader will be prompted to subscribe. However, users using an external web-based aggregator can simply copy and paste the URL for this XML into their aggregators.

#10 RPC Server Is Unavailable Message

If you’ve encountered the “0x800706ba: RPC Server is Unavailable” error, there could be a couple of causes for it. This message usually appears when trying to add a new OS connection or validate an existing one.

The first cause can be because of a firewall. RPC Server Unavailable usually means that the FglAM was able to connect on port 135/445. However, the ephemeral port connection back to the FglAM server hasn’t been successful. At first, Windows RPC connections connect on 135/445 and the server selects a port above 1024 to connect back to the FglAM server at random.

The second cause is that either the remote registry or RPC services on the monitored host aren’t running. Next, the third cause could be because a NAT is in place. Windows RPC/DCOM connection can have an issue with NAT ones.

Moreover, a fourth cause could be a time sync between the Monitored Host and Agent Manager. Lastly, if there is an IPSec setting that only allows connections to the monitored from the designated hosts, there could be a fifth cause.

Resolutions to the RPC Server Is Unavailable Error 

If you’ve identified the cause as a firewall issue, you should first try to disable it. That way, you can determine if that’s what’s preventing the agent from connecting. Once the agent is able to connect to the disabled firewall, you can enable it again and open these ports:

  • TCP Port 135 (DCE/RPC Locator service, WindowsShellService, WMIConnectionService)
  • TCP Port 139 (NetBIOS Session Service)
  • TCP Port 445 (Windows shares)

You should enable the Inbound rule for Remote Administration (RPC), Remote Service Management (RPC), or Windows Management Instrumentation (WMI) on the monitored host.

For Windows XP/Server 2000, you should click Start > Run > Type cmd (ctrl) and press key > Type netsh firewall set service remoteadmin enable > Key.

If it’s Windows 7/ Server 2008, the first three steps are the same. So Start > Run > cmd and Press Key > Type netsh advfirewall firewall set rule group=”Windows Management Instrumentation (WMI)” new enable=yes > Press Key > Type netsh advfirewall firewall set rule group=”remote administration” new enable=yes > Press Key.

For the second cause, you’ll want to start the remote registry and RPC services in the Windows services console on the monitored host.

If your issue is caused by NAT, try to avoid it altogether. You can do that by moving the FglAM server to the same side of the NAT device as the server that’s being discovered.

For cause four, you should verify that Agent Manager and Monitored Host Time are the same.

And lastly, if your issue is with IPSec, revise its setting so that you can make connections from the FglAM host to the monitored host.

#11 Dirsync Password Sync Isn’t Working When Windows Defender Is Installed, Error: “Virtualallocex Failed: 5”

Users who have Windows Defender on their Windows Servers and are running the Quest Active Directory Password Sync, which uses LSASS, may see it stop without warning. So the error message that appears in the Directory Sync Pro profile logs is: VirtualAllocEx failed: 5.

The reason that’s happening is that Microsoft is enabling a Microsoft Defender security rule by default. It’s called the Attack Surface Reduction (ASR) and its goal is to block hackers’ attempts from stealing Windows credentials from the LSASS process.

To fix the issue, users have to perform exclusions on the Dirsync Agent and DC servers. Clients have to exclude files and folders from being evaluated by most ASR rules.

Even if an ASR rule determines that a file or folder contains malicious behavior, it won’t block it from running. Customers can also exclude ASR rules from being triggered based on file and certificate hashes. They can do so by allowing specified Defender for Endpoint file and certificate indicators.

#12 Meltdown and Spectre (CPU Vulnerability) for Quest On-Premise-Based products 

In modern processors, Meltdown and Spectre exploit critical vulnerabilities. The hardware bugs allow programs to steal data that is being processed on the computer at that moment. Even though programs usually don’t have the permissions to read data from other programs, there are exceptions. For example, a malicious program can exploit Spectre and Meltdown and get a hold of data that are stored in the memory of running programs.

That data could include:

  • Passwords stored in a password manager or browser
  • Emails
  • Instant messages
  • Photos
  • Business-critical documents

Both Meltdown and Spectre work on personal computers, mobile devices, and the cloud. So depending on the cloud provider’s structure, it might be possible to steal data from other users.

Due to the nature of the vulnerabilities, which are residing very low in the platform stack Quest’s products are installed on, their on-premise solutions are indirectly affected. Only OS patches and/or hardware that are created by platform providers like Microsoft, Intel, ARM, and VMWare, can actually mitigate the issues. These patches are also the only thing that won’t require a code change from Quest.

According to Quest, they’re going to stay vigilant for any potential performance impact as customers are upgrading their infrastructures. 

#13 Is Windows Server 2012 R2 Supported as a Migration Console?

As of August 2022, the tool has not been tested against Windows 2012 Server R2. Officially, Windows Server 2012 R2 isn’t supported as a migration console.