Fundamentals

The transfer process is a system-initiated process. During the first policy enforcement under the control of the destination server, the system receives a manifest of users that are already assigned to it in the context of the destination server.

The system calculates the difference between the received manifest and the current set of users on the system (those that were assigned in the source server) to form List A. If List A contains at least one user (and fewer than a configurable maximum number), the system sends List A to the destination server, requesting that it assigns the users in List A directly to the system. An event is sent to the destination server at this point to state that a system transfer has started.

Because the destination server will assign users directly to the system (and not to a parent branch), it is important that any required branch-level user assignments are made in the destination server prior to system transfer being instigated - failure to do so will result in these users being assigned directly to the system making future user management more complex.

Once the assignment of the users in List A has been successfully made in the destination server, at the next ASCI the system will push user token data for the newly assigned users up to the destination server, along with system encryption and recovery keys, completing the user data transfer process. At this time, an event is sent to the destination server to state that the system transfer has completed successfully.

If the number of assignments that need to be made exceed a configurable maximum, the transfer will fail and an appropriate error event will be sent up to the destination server.

It is clearly important that the destination server has one or more appropriately configured Active Directory servers to ensure that users can be found and then assigned within the destination server.

It is also equally important to configure the Drive Encryption policies in the destination server to ensure that they match those from the source server; failure to do so might lead to systems deactivating or changing their behavior.

Environments that use policy-assignment rules to assign user-based policies based on complex rules should take extra care to ensure that rules are appropriately defined in the destination server; failure to do so might lead to changes in the logon experience for affected users.