I have been tasked with consolidating 1 forest containing 9 different domains
into 1 forest 1 domain. In my test environment using ADMT to move accounts
and SID history worked fine. Now i am testing the move of production child
domain accounts to test forest domain.
i created the forest to forest trust
used NETDOM commands on both domains, gave the Target ADMT account admin
rights on child domain. I can migrate the accounts to the target along with
sid without errors or problems. However when i try to access shares and
mailboxes on the source domain i get access denied.
Any ideas what i am oding wrong?
have you disabled SID-Filtering on the Trust?
--
Viele Grüße
Frank Röder
MVP Windows Server System - Directory Services
"Ex oriente lux"
.
Re: Active Directory Migration ...ADMT will also migrate the sIDHistory attribute from the accounts on the old ... Every file system would need its permissions... >> domain in the forest is the forest root domain. ... (microsoft.public.windows.server.active_directory)
RE: Microsoft Active Directory security concerns ... for your DMZwith no trusts between it and your internal forest.... limit the traffic from your DMZ web servers into the internal network. ... shuffling existing accounts into your new domain anyway. ... I have spent most of my time in network security and IDS/IPS technology ... (Security-Basics)
Re: SOX compliant .. different password policy need for privil ... I am curious to know if once a forest and a root domain is created, ... have the password policy for the new domain ... and force all administrative accounts to reset their passwords under the ... (microsoft.public.win2000.active_directory)
Re: SOX compliant .. different password policy need for privil ... the password policy on the forest root domain to meet the SOX ... and force all administrative accounts to reset their passwords under the ... (microsoft.public.win2000.active_directory)
Re: AD design question ... Keep in mind that you can only have one Exchange organisation per forest too then. ... your generic accounts then turn on your audit logging and ACTUALLY LOOK AT ... > We are in a school district with 500 staff and 4000 non staff. ... > enterprise admin group without physical access to the servers? ... (microsoft.public.windows.server.active_directory)
