Re: Adding remote Domain Admins to local Administrators with GPO

Well, I managed to get rid of the netlogon error by creating a new GPO for
the restricted Groups instead of using an existing GPO.

I found out that the computer doesn't apply any changes to the group
policies in the old domain so I put one test system into the new domain
manually to find that again none of the settings in my GPOs where applied to
the system.

ciao Mirco

"Jorge Silva" wrote:

Hi
Did you already tried the same but to a different security group?
--
I hope that the information above helps you.
Have a Nice day.

Jorge Silva
MCSE, MVP Directory Services
"Mirco Wilhelm" <MircoWilhelm@xxxxxxxxxxxxxxxxxxxxxxxxx> wrote in message
news:8355AA2D-3E4D-45EB-912F-911DD3C6AA6B@xxxxxxxxxxxxxxxx
Hi,

this is my scenario:

I want to move computer accounts from one AD domain to another using ADMT
3.0.

To do this I only need to add the Account ADMT is running on to the local
Administrators group of every computer in the source domain.

So I added the Restricted Group (Target\Domain Admins is member of
Builtin\Administrators) to the Default Domain Policy of the source domain.

According to hte GPMC Policy Results Wizard this is applied to the
computers. But the entry is missing from the Administrators member list.

I took a look at the netlogon.log and it states:
"No system mapping was found for Target\Domain Admins"

This is odd, because I can add the Domain Admins group manually and I can
do
remote task from the target domain in the source domain, as long as I
don't
need lokal administrator privileges.

The target domain currently hold a copy of the source DNS zone and the
source has a copy of the target zone.

As soon as I add the Domain Admins group manually the ADMT Agent will run
successfuly.


Where is my problem with the system mapping coming from?
--
ciao Mirco



.

Relevant Pages

  • Re: Adding remote Domain Admins to local Administrators with GPO
    ... Configurations, DNS, etc... ... the restricted Groups instead of using an existing GPO. ... because I can add the Domain Admins group manually and I ... Where is my problem with the system mapping coming from? ...
    (microsoft.public.windows.server.active_directory)
  • Problem with GPO and OU
    ... I have problem with GPO and OU. ... Then I create user1 and put in OU1. ... But if I logon with user1, ... If I made user1 member of Domain Admins group all work ...
    (microsoft.public.cert.exam.mcse)
  • Re: Error on migrating XP client on NT 4.0 Domain into WINDOWS 2003 AD
    ... workstations' local Administrators group. ... I am using source domain admins' group administrator account to logon ... domain's domain admins group should be added into administrators group on ... Error on migrating XP client on NT 4.0 Domain into WINDOWS ...
    (microsoft.public.windows.server.migration)
  • Re: Netlogon Error: No system mapping was found for TargetDomain Admi
    ... Administrators group of every computer in the source domain. ... But the entry is missing from the Administrators member list. ... because I can add the Domain Admins group manually and I can ... The target domain currently hold a copy of the source DNS zone and the ...
    (microsoft.public.windows.server.active_directory)
  • Re: Adding remote Domain Admins to local Administrators with GPO
    ... Administrators group of every computer in the source domain. ... But the entry is missing from the Administrators member list. ... because I can add the Domain Admins group manually and I can ... The target domain currently hold a copy of the source DNS zone and the ...
    (microsoft.public.windows.server.active_directory)