Re: Inter-Forest Password Migration between 2 AD
From: Alex (nrz26_at_hotmail.com)
Date: 05/14/04
- Next message: rschiest: "ADMT Computer Migration"
- Previous message: Bob Qin [MSFT]: "RE: NT4 -> 2003?"
- In reply to: Bob Qin [MSFT]: "RE: Inter-Forest Password Migration between 2 AD"
- Next in thread: Bob Qin [MSFT]: "Re: Inter-Forest Password Migration between 2 AD"
- Reply: Bob Qin [MSFT]: "Re: Inter-Forest Password Migration between 2 AD"
- Messages sorted by: [ date ] [ thread ]
Date: Fri, 14 May 2004 20:24:10 +0800
Hi Bob,
Thanks for answering my query. Can you advise whether does the source
domain needs to be in native mode? My target domain is a 2003 domain.
Thanks,
Alex
"Bob Qin [MSFT]" <bobqin@online.microsoft.com> wrote in message
news:63ZVPBMOEHA.1016@cpmsftngxa10.phx.gbl...
> Hi Alex,
>
> Thanks for your posting here.
>
> We need to run Pwdmig.exe on the source domain DC and install ADMT on the
> target domain DC. The Target domain need to be native mode.
>
> You can follow the following steps to install the Password Migration DLL:
>
> Part I: Target Domain
> ----------------------------------
> Complete the following steps on the domain controller in the target
domain
> on which you installed ADMT:
>
> 1. Insert a 3.5-inch disk into the floppy disk.
> 2. Open a command prompt, and then change to the directory on which you
> installed ADMT.
> By default, this is the %SystemRoot%\Program Files\ folder.
> 3. Type the following command to create the encryption key to be used
> during the migration of
> the user account passwords
>
> "admt key <SourceDomainName><FloppyDrive> [*/password]" (without the
> quotation marks)
>
> where:
> - The admt command is the name of the executable program.
> - The key command specifies the generation of an encryption key.
> - " "SourceDomainName> is the NetBIOS name of the domain that contains
the
> passwords that you want to migrate.
> - " "FloppyDrive> is the drive letter of the floppy disk drive where the
> encryption key will be written, such as:
>
> A
> -or-
> A:
>
> - [*/password] is optional; if you use it, you can encrypt the key with a
> password.
> You can either type the password or you can type
>
> "*" (without the quotation marks)
>
> to receive a prompt for a password that is not displayed on the screen.
If
> you type a password, you need to use it when you complete the setup in the
> source domain.
>
> NOTE: For security reasons, providing a password is recommended.
>
> Part II: Source Domain
> ------------------------------------
> Complete the following steps on the PES in the source domain:
>
> 1. Double-click the Pwdmig.exe file that is located in the
> \ValueAdd\MSFT\MGMT\ADMT folder on the Windows Server 2003 CD-ROM.
> 2. Insert the 3.5-inch disk that you created when you receive the
following
>
> Please insert the floppy into the floppy disk containing the password
> encryption key for this source domain. Click OK to continue.
>
> 3. Type the password when you are prompted, and then click OK.
> 4. Click Next.
> 5. Click Finish.
> 6. Click Start, click Run, type regedit, and then click OK.
> 7. Locate the AllowPasswordExport registry value in the following
registry
> key:
>
> HKLM\System\CurrentControlSet\Control\LSA
>
> 8. Double-click AllowPasswordExport.
> 9. Change the value "0" to "1", and then click OK.
> 10. Restart the computer for the settings to take effect.
>
> As for your additional question, please disable the complex password
> requirement group policy in the target domain.
>
> Computer Configuration\Windows Settings\Security Settings\Account
> Policies\Password Policy
>
> Please refer to the following articles for the detailed information.
>
> How to Use Active Directory Migration Tool Version 2 to Migrate from
> http://support.microsoft.com/?id=326480
>
> How to Troubleshoot Inter-Forest Password Migration with ADMTv2
> http://support.microsoft.com/?id=322981
>
> You can also refer to the Help document of ADMT tool.
>
> Have a nice day!
>
> Regards,
> Bob Qin
> Product Support Services
> Microsoft Corporation
>
> Get Secure! - www.microsoft.com/security
>
> ====================================================
> When responding to posts, please "Reply to Group" via your newsreader so
> that others may learn and benefit from your issue.
> ====================================================
> This posting is provided "AS IS" with no warranties, and confers no
rights.
>
- Next message: rschiest: "ADMT Computer Migration"
- Previous message: Bob Qin [MSFT]: "RE: NT4 -> 2003?"
- In reply to: Bob Qin [MSFT]: "RE: Inter-Forest Password Migration between 2 AD"
- Next in thread: Bob Qin [MSFT]: "Re: Inter-Forest Password Migration between 2 AD"
- Reply: Bob Qin [MSFT]: "Re: Inter-Forest Password Migration between 2 AD"
- Messages sorted by: [ date ] [ thread ]
Relevant Pages
|
