RE: Migration NT4 to W3K AD

Tech-Archive recommends: Fix windows errors by optimizing your registry

Everything is in place like you write. Sourcedomainname$$$ not
SourceServerName$$$ with the 3 $ sign after and is empty. Domain admins from
ServerA in to the admin group in server B and vice verse. The trust script i
did “NETDOM TRUST /d:01231 ADXXXXX /quarantine:no /UD:01231\ADMINISTRATOR
/pd:xxxxxx /uo:ADXXXXX\administrator /Po:xxxxxx /ADD /EnableSIDHistory”
“NETDOM TRUST /d:ADXXXXX 01231 /quarantine:no /UD:ADXXXXX\ADMINISTRATOR
/pd:xxxxxx /uo:01231\administrator /Po:xxxxxx /ADD /EnableSIDHistory”
--
Capt_Trigger


"Brian Delaney [MSFT]" wrote:

Hi,

Please verify the following:

An empty local group exists in the source domain that is named
SourceDomName$$$
The registry key
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\LSA\TcpipClientSupport
has been set to 1 on the source PDC and it has been rebooted
Add the Domain Admins group from DomainA into the Administrators group in
DomainB and add the Domain Admins group from DomainB into the
Administrators group in DomainA and ensure you have logged off and logged
back on and try again.

Hope this helps,

Brian Delaney
Microsoft Canada
--

This posting is provided "AS IS" with no warranties, and confers no rights.
--------------------
Thread-Topic: Migration NT4 to W3K AD
thread-index: Aca+VcVq6P1W2BWSSgSWH1LNOCSuNA==
X-WBNR-Posting-Host: 82.182.28.76
From: =?Utf-8?B?VHJpZ2dlcg==?= <Trigger@xxxxxxxxxxxxxxxxxxxxxxxxx>
Subject: Migration NT4 to W3K AD
Date: Sat, 12 Aug 2006 14:25:02 -0700

I have setup the 2 way trust beetween the NT4 Server and the AD with SID
history. All accordingly to the text book(as far as i know). When I am
starting to migrate (ADMT v3)the user groups to the AD i recieve this
error
message "Could not verify auditing and TcpipClientSupport on domains. Will
not be able to migrate Sid's. Access is Denied." The answer i can find is
"This error typically indicates that the user account that is used to run
ADMT does not have enough permissions to perform the migration in one or
both
of the domains." when i did the trust i used the admin user for both
servers.
I am not sure who to move on from here without loosing the SID history.
--
Capt_Trigger



.

Relevant Pages

  • Re: Domain Admins Group -- Trying to trim membership
    ... very trusted and competent people being domain admins. ... a qualified regular domain user by managing AD object permissions. ... server, installing a Certificate Authority, etc. usually are not done every ... controllers are only domain controllers running DNS and not also a print, ...
    (microsoft.public.win2000.security)
  • Re: Password Problem with Server Login
    ... We periodically reboot our server and had ... login with the Administrator account like we usually do and the ... We also tried an account ... however we have other users who are members of the "Domain Admins". ...
    (microsoft.public.windows.server.active_directory)
  • Re: Domain Admins Group -- Trying to trim membership
    ... Joe Richards Microsoft MVP Windows Server Directory Services ... number of domain admins you have so it makes sense to have a rather small ... Such tasks could be creating and managing user and computers accounts, ... In a larger network I would think that domain controllers are ...
    (microsoft.public.win2000.security)
  • Re: Can not log on to domain controller remotely or locally.
    ... Be aware that the higher you place this setting within the domains group policy the possibility exists it is applied to machines you may not want it applied to. ... With this in mind you should try and avoid this setting at the domain level, with the exception on the domain admins group. ... policy since the default Server 2003 password policy is pretty harsh. ...
    (microsoft.public.windows.server.active_directory)
  • Re: Logon Using Terminal Services GPO
    ... How to be administrator of the DC Server without being domain admins? ... I created a test account, only member of the builtin administrators groups. ... modify domain admins members & co. ...
    (microsoft.public.windows.server.security)