Is it mandatory for DMA to create a file with the passwords of migrated users in it?
DMA only logs passwords to the passwords.txt file when DMA generates a complex password or when the 'Same as username (SAM name)' option is selected.Â If the password option to 'Copy password from source user' is selected, then DMA does not log the passwords.
There is not a workaround for preventing DMA from logging the complex passwords that are generatedÂ by DMA.Â Consider setting NTFS permissions such that the passwords.txt file can only be read by administrators.
DMA logs complex passwords in the file because otherwise there would be no way for anyone to know what the target account's password is.Â DMA logs the same-as-username passwords since the person migrating the accounts may not remember if they migrated the accounts with copy password, complex, or same-as-username option. In both the complex and same-as-username case, DMA sets the "User must change password at next logon" to force the user to change to another password that is not written in the password file and also meets the target domain's password requirements.
Please contact Technical Support to create a 'Support Request' for any issues you encounter that are not addressed by the User Guide, any Knowledge Base articles found on the website, or current Hotfixes available for download.