Re: Inter Forest Migration & SidHistory PB

although you may have added the target domain admins to the source
administrators you still do not have admin permissions on workstations and
servers.

Create a domain local group in the source, add domain admins from the target
to it. Add the domain local group in the source to the local administrators
of each workstation/server in the source you want to migrate or you the
restricted groups feature in a GPO to do that automatically

--

Cheers,
(HOPEFULLY THIS INFORMATION HELPS YOU!)
# Jorge de Almeida Pinto #
BLOG --> http://blogs.dirteam.com/blogs/jorge/default.aspx
-----------------------------------------------------------------------------
* This posting is provided "AS IS" with no warranties and confers no rights!
* Always test before implementing!
-----------------------------------------------------------------------------


-----------------------------------------------------------------------------
"Rémi" <remix19@xxxxx> wrote in message
news:A19A1438-9EBD-47F8-9530-8C17DA3E2589@xxxxxxxxxxxxxxxx
> Hello everybody,
>
> I'm having a serious migration problem between 2 AD2003 Domain.
> My source domain is 2003 & my target domain is 2003.
> I've installed ADMT V3 & PES
> registry, rights for accounts that lauch admt etc are OK
> All Is working totaly good when I migrate an account or a groups (machine
> not tried yet)
> The migrated account is good, good password & the sid from source domain
> is
> in SidHistory & the groups that had the account are also migrated...SO All
> good you will say !
>
> Yes...but no
>
> When I try to access to any ressources on the source domain I'm having an
> access denied.
> It's the first time that I'm migrating AD2003 --> AD2003
> In NT --> 2000 or NT --> 2003 All was always totaly good.
> Maybe I'm missing something stupid...If you have any idea or clue...
>
>
> Thank you very much
>
> Best regards
> remi
>


.

Relevant Pages

  • Re: Inter Forest Migration & SidHistory PB
    ... My problem was the SID Filtering & the trust relation ship. ... > Create a domain local group in the source, add domain admins from the target ... Add the domain local group in the source to the local administrators ... >> All Is working totaly good when I migrate an account or a groups (machine ...
    (microsoft.public.windows.server.active_directory)
  • Re: Incoming E-Mail - cant create contact in OU
    ... Go to the OU in security/advanced I added my sharepoint application pool ... that account a little (if the web app is compromised or something, ... Now I understand that you have given the account "full rights" of the OU, ... So I started with giving the app pool account domain admins permissions then ...
    (microsoft.public.sharepoint.windowsservices)
  • Re: Administrator account / Domian Addmin rights
    ... There is no difference between one Domain Admins member ... sharing an empowered account between people, ... The best thing however is to not provide Domain Admins membership, ... Finally - every administrator should know that changing the password ...
    (microsoft.public.win2000.security)
  • Re: Password Problem with Server Login
    ... We periodically reboot our server and had ... login with the Administrator account like we usually do and the ... We also tried an account ... however we have other users who are members of the "Domain Admins". ...
    (microsoft.public.windows.server.active_directory)
  • Re: Deleteing C$ sharing
    ... into the hard drive with the Administrator account and it works. ... > anything that will deny domain admins access to the computer. ... > computers to view the shares on that computer. ... > administrators group on a domain computer as in [net localgroup ...
    (microsoft.public.win2000.security)