Re: ADMT v3 - can't migrate SID history
- From: "Jorge de Almeida Pinto" <SubstituteThisWithMyFullNameSeparatedByDots@xxxxxxxxx>
- Date: Fri, 6 Jan 2006 09:25:08 +0100
it is not possible to make a user of domain A a member of a global group of
domain B
add target domain admins to source administrators
use an account in the target that is a member of domain admins in the
target.
in the target these are full permissions, but depending on the task
possibilties exist to delegate and minimize permissions as needed
--
Cheers,
(HOPEFULLY THIS INFORMATION HELPS YOU!)
# Jorge de Almeida Pinto #
BLOG --> http://blogs.dirteam.com/blogs/jorge/default.aspx
-----------------------------------------------------------------------------
* This posting is provided "AS IS" with no warranties and confers no rights!
* Always test before implementing!
-----------------------------------------------------------------------------
-----------------------------------------------------------------------------
"Herb Martin" <news@xxxxxxxxxxxxxx> wrote in message
news:uPkMgumEGHA.336@xxxxxxxxxxxxxxxxxxxxxxx
> "TimS" <TimS@xxxxxxxxxxxxxxxxxxxxxxxxx> wrote in message
> news:1FF4B74D-D75A-48DE-87E7-320F1C480D4A@xxxxxxxxxxxxxxxx
>>I am doing an inter-forest migration - Both the source and destination
>> domains are Windows 2003 running in 2000 native mode. I have a two-way
>> trust
>> established. I am attempting to test-migrate a few groups, and I'm
>> selecting
>> to migrate the SID History. It prompts me for a user with administrative
>> permissions in the source domain, and I enter an account that is a member
>> of
>> the source domain's Domain Admins group. I have tried this with a couple
>> different domain admin accounts, and I keep getting the following error:
>> ERR2:7447 SID History cannot be updated for test-jax2. The credentials
>> entered (VOJAX\\jaxadmin) must have Administrator privileges on the
>> source
>> domain.
>
> Are there really two backslashes there?
>
> NetBIOS domain\user names use one backslash: DomainName\UserName
>
>> What could be wrong here? What permissions are needed to bring over the
>> SID
>> history?
>
> You have a trust, why not just make the admin for target a member of
> Domain Admins on the source?
>
>
> --
> Herb Martin, MCSE, MVP
> Accelerated MCSE
> http://www.LearnQuick.Com
> [phone number on web site]
>
> "TimS" <TimS@xxxxxxxxxxxxxxxxxxxxxxxxx> wrote in message
> news:1FF4B74D-D75A-48DE-87E7-320F1C480D4A@xxxxxxxxxxxxxxxx
>>I am doing an inter-forest migration - Both the source and destination
>> domains are Windows 2003 running in 2000 native mode. I have a two-way
>> trust
>> established. I am attempting to test-migrate a few groups, and I'm
>> selecting
>> to migrate the SID History. It prompts me for a user with administrative
>> permissions in the source domain, and I enter an account that is a member
>> of
>> the source domain's Domain Admins group. I have tried this with a couple
>> different domain admin accounts, and I keep getting the following error:
>> ERR2:7447 SID History cannot be updated for test-jax2. The credentials
>> entered (VOJAX\\jaxadmin) must have Administrator privileges on the
>> source
>> domain.
>>
>> What could be wrong here? What permissions are needed to bring over the
>> SID
>> history?
>>
>> Thanks,
>> Tim
>
>
.
- Follow-Ups:
- Re: ADMT v3 - can't migrate SID history
- From: TimS
- Re: ADMT v3 - can't migrate SID history
- References:
- Re: ADMT v3 - can't migrate SID history
- From: Herb Martin
- Re: ADMT v3 - can't migrate SID history
- Prev by Date: Re: *** Adamsync ***
- Next by Date: Re: New user account in AD
- Previous by thread: Re: ADMT v3 - can't migrate SID history
- Next by thread: Re: ADMT v3 - can't migrate SID history
- Index(es):
Relevant Pages
|
